chore: update ai-review findings [ai-review-bot]

feat: report ai review commit status
2026-05-15 14:40:43 +00:00 · 2026-05-15 14:39:15 +00:00 · 2026-05-15 14:34:28 +00:00 · 2026-05-15 14:30:39 +00:00 · 2026-05-15 14:26:45 +00:00
5 changed files with 83 additions and 7 deletions
@@ -11,7 +11,7 @@
    "role": "Leo",
    "location": "action.yaml:12",
    "suggestion": "建議將 `GITEA_TOKEN` 的環境變數設定改回 `GITEA_TOKEN: ${{ inputs.GITEA_TOKEN || secrets.GITEA_TOKEN }}`。目前將其設定為 `required: true` 並移除 `secrets.GITEA_TOKEN` 的 fallback 機制，會導致現有依賴 `secrets.GITEA_TOKEN` 的工作流程中斷，並降低配置的彈性。如果目的是強制透過 `inputs` 傳遞，應在文件明確說明此重大變更及其原因。",
-    "is_new": true
+    "is_new": false
  },
  {
    "level": "warning",
@@ -19,5 +19,12 @@
    "location": "action.yaml:80",
    "suggestion": "在 `runs.env` 區塊中，`GITEA_TOKEN` 現在只從 `inputs` 取得，但 `GITEA_SERVER_URL` 和 `GITEA_REPOSITORY` 仍保留從 `gitea context` 取得的備用機制。這種處理方式的不一致性可能會造成未來的維護困擾。建議統一所有 Gitea 相關變數的取得邏輯，或提供明確的註解說明此差異的原因。",
    "is_new": false
  },
  {
    "level": "warning",
    "role": "Rex",
    "location": "action.yaml:81",
    "suggestion": "在 `action.yaml` 中，`GITEA_TOKEN` 的設定從 `secrets.GITEA_TOKEN` 的 fallback 移除，現在僅從 `inputs.GITEA_TOKEN` 取得。雖然 `inputs.GITEA_TOKEN` 可以透過 `secrets.MY_GITEA_TOKEN` 安全地傳遞，但此變更將確保敏感資料安全傳遞的責任完全轉移到工作流程的配置者。請確保所有使用此 action 的工作流程都透過 GitHub/Gitea secrets 將 `GITEA_TOKEN` 傳遞給 `inputs.GITEA_TOKEN`，以避免將敏感令牌硬編碼或暴露在日誌中。",
    "is_new": false
  }
 ]
@@ -35,7 +35,7 @@
 > **自動提交排除說明**：此 Action 會將自己的 commit message 標記為 `[ai-review-bot]`，而且 action 執行時會先透過 Gitea API 檢查這次觸發的 PR head commit（優先用 `pull_request.head.sha`）是否含有這個 marker，若有就直接成功結束，避免 bot commit 造成重複觸發。若外層 workflow 也能先檢查一次，效果最好。
-> **權限說明**：此 Action 需要 `contents: write`（寫入 findings.json）、`pull-requests: write`（發佈 PR comment）、`issues: write`（發佈 issue comment）三項權限，為正常運作所必要，無法縮減。
+> **權限說明**：此 Action 需要 `contents: write`（寫入 findings.json）、`pull-requests: write`（發佈 PR comment）、`issues: write`（發佈 issue comment）、以及 commit status 寫入權限，為正常運作所必要，無法縮減。
 ### 1. OpenAI
 ```yaml
@@ -6,6 +6,13 @@ const httpsAgent = GITEA_SKIP_TLS_VERIFY ? new https.Agent({ rejectUnauthorized:
 const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' });
 const api = (path) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${path}`;
 function extractCommitMessage(payload) {
  return payload?.message
    || payload?.commit?.message
    || payload?.commit?.commit?.message
    || '';
 }
 /**
 * 取得 PR 的 Git Diff 內容，已自動排除 .gitea/ 資料夾。
 */
@@ -33,7 +40,9 @@ export async function getCommitMessageBySha(sha) {
      timeout: 30000,
      httpsAgent,
    });
-    return resp.data?.message || '';
+    const message = extractCommitMessage(resp.data);
    console.log(`  🔎 bot-check: commit api sha=${sha} keys=${Object.keys(resp.data || {}).join(',') || 'empty'} message=${message ? 'found' : 'empty'}`);
    return message;
  } catch (e) {
    console.log(`  ⚠️  bot-check: 讀取 commit sha=${sha} 失敗: ${e.message}`);
    return '';
@@ -49,6 +58,7 @@ export async function getBranchHeadCommitMessage(branch = PR_HEAD_BRANCH) {
      httpsAgent,
    });
    const sha = resp.data?.commit?.id || resp.data?.commit?.sha || '';
    console.log(`  🔎 bot-check: branch api branch=${branch} keys=${Object.keys(resp.data || {}).join(',') || 'empty'} sha=${sha || 'empty'} message=${extractCommitMessage(resp.data?.commit) ? 'found' : 'empty'}`);
    return await getCommitMessageBySha(sha);
  } catch (e) {
    console.log(`  ⚠️  bot-check: 讀取 branch=${branch} head commit 失敗: ${e.message}`);
@@ -57,7 +67,7 @@ export async function getBranchHeadCommitMessage(branch = PR_HEAD_BRANCH) {
 }
 export async function shouldSkipBotCommit({ sha = PR_HEAD_SHA || process.env.GITHUB_SHA, branch = PR_HEAD_BRANCH } = {}) {
-  console.log(`  🔎 bot-check: start sha=${sha || 'empty'} branch=${branch || 'empty'}`);
+  console.log(`  🔎 bot-check: start PR_HEAD_SHA=${PR_HEAD_SHA || 'empty'} GITHUB_SHA=${process.env.GITHUB_SHA || 'empty'} sha=${sha || 'empty'} branch=${branch || 'empty'}`);
  const shaMessage = await getCommitMessageBySha(sha);
  if (sha) {
@@ -85,6 +95,24 @@ export async function shouldSkipBotCommit({ sha = PR_HEAD_SHA || process.env.GIT
  return false;
 }
 export async function setCommitStatus(sha, state, description, context = 'ai-review/critical', targetUrl = '') {
  if (!sha) throw new Error('commit sha is required for status update');
  const payload = {
    state,
    context,
    description,
  };
  if (targetUrl) payload.target_url = targetUrl;
  const resp = await axios.post(api(`/repos/${GITEA_REPOSITORY}/statuses/${encodeURIComponent(sha)}`), payload, {
    headers: headers(),
    timeout: 30000,
    httpsAgent,
  });
  console.log(`  ✅ status: sha=${sha} state=${state} context=${context} description=${description}`);
  return resp.data;
 }
 /**
 * 過濾 diff 內容，移除路徑符合 excludePrefixes 的區塊。
 * 每個區塊以 "diff --git a/<prefix>" 開頭判斷，使用 startsWith 精確比對前綴。
@@ -1,7 +1,7 @@
 import { describe, it, afterEach, mock } from 'node:test';
 import assert from 'node:assert/strict';
 import axios from 'axios';
-import { getPRDiff, filterDiff, postComment, getCommitMessageBySha, getBranchHeadCommitMessage, shouldSkipBotCommit } from './gitea.js';
+import { getPRDiff, filterDiff, postComment, getCommitMessageBySha, getBranchHeadCommitMessage, shouldSkipBotCommit, setCommitStatus } from './gitea.js';
 afterEach(() => mock.restoreAll());
@@ -95,6 +95,25 @@ describe('gitea', () => {
    });
    await assert.equal(await shouldSkipBotCommit({ sha: 'sha-bot', branch: 'feat/test' }), true);
  });
  it('setCommitStatus posts commit status to Gitea API', async () => {
    let capturedUrl, capturedBody, capturedOpts;
    mock.method(axios, 'post', async (url, body, opts) => {
      capturedUrl = url;
      capturedBody = body;
      capturedOpts = opts;
      return { data: { state: body.state } };
    });
    const result = await setCommitStatus('sha-123', 'failure', 'found 2 critical issues', 'ai-review/critical', 'https://example.com/pr/1');
    assert.equal(result.state, 'failure');
    assert.ok(capturedUrl.includes('/statuses/sha-123'));
    assert.equal(capturedBody.state, 'failure');
    assert.equal(capturedBody.context, 'ai-review/critical');
    assert.equal(capturedBody.description, 'found 2 critical issues');
    assert.equal(capturedBody.target_url, 'https://example.com/pr/1');
    assert.ok(capturedOpts.headers['Authorization'].startsWith('token '));
  });
 });
 describe('filterDiff', () => {
@@ -1,13 +1,22 @@
 import path from 'path';
-import { GITEA_REPOSITORY, PR_NUMBER, PR_HEAD_BRANCH, PR_BASE_BRANCH, getLLMConfig, FINDINGS_PATH, EXCLUSIONS_PATH } from './config.js';
+import { GITEA_REPOSITORY, GITEA_SERVER_URL, PR_NUMBER, PR_HEAD_BRANCH, PR_BASE_BRANCH, getLLMConfig, FINDINGS_PATH, EXCLUSIONS_PATH } from './config.js';
 import { loadRoles, getRoleIntro } from './roles.js';
-import { getPRDiff, postComment, shouldSkipBotCommit } from './gitea.js';
+import { getPRDiff, postComment, shouldSkipBotCommit, setCommitStatus } from './gitea.js';
 import { analyzeWithRole, loadOldFindings, mergeFindings, sortByLevel, deduplicateWithAI, loadExclusions, applyExclusions, filterFalsePositivesWithAI } from './findings.js';
 import { saveFindings, postOldFindingsComment, postNewNonCriticalComment, postNewCriticalComments } from './comments.js';
 import { cloneRepo, commitAndPush, getRepoState } from './git.js';
 import { validateJSONArrayFile, ensureJSONArrayFileExists } from './json.js';
 const WORKSPACE = process.env.GITHUB_WORKSPACE || '/workspace';
 const REVIEW_STATUS_CONTEXT = 'ai-review/critical';
 async function updateReviewStatus(sha, criticalCount) {
  const state = criticalCount > 0 ? 'failure' : 'success';
  const description = criticalCount > 0
    ? `found ${criticalCount} critical issue${criticalCount === 1 ? '' : 's'}`
    : 'no critical issues found';
  await setCommitStatus(sha, state, description, REVIEW_STATUS_CONTEXT, `${GITEA_SERVER_URL.replace(/\/$/, '')}/${GITEA_REPOSITORY}/pulls/${PR_NUMBER}`);
 }
 async function main() {
  console.log('='.repeat(60));
@@ -17,6 +26,17 @@ async function main() {
  if (await shouldSkipBotCommit()) {
    console.log('  🤖 偵測到 [ai-review-bot] 自動提交，直接完成 action');
    let criticalCount = 0;
    try {
      const repoDir = cloneRepo(WORKSPACE);
      const findings = loadOldFindings(repoDir || WORKSPACE);
      criticalCount = findings.filter(f => f.level === 'critical').length;
      console.log(`  🔎 bot-check: current findings critical=${criticalCount}`);
      await updateReviewStatus(process.env.PR_HEAD_SHA || process.env.GITHUB_SHA, criticalCount);
    } catch (e) {
      console.error(`  ❌ bot-check: 無法回報 status: ${e.message}`);
      process.exit(1);
    }
    console.log('='.repeat(60));
    process.exit(0);
  }
@@ -42,6 +62,7 @@ async function main() {
  if (!diff.trim()) {
    console.log('  ⚠️  diff 為空，無需審查');
    await updateReviewStatus(process.env.PR_HEAD_SHA || process.env.GITHUB_SHA, 0);
    process.exit(0);
  }
@@ -133,6 +154,7 @@ async function main() {
  // Step9: 有 critical 問題則 exit 1
  console.log('\n🚦 Step8: 嚴重問題檢查');
  const criticalCount = filtered.filter(f => f.level === 'critical').length;
  await updateReviewStatus(process.env.PR_HEAD_SHA || process.env.GITHUB_SHA, criticalCount);
  if (criticalCount > 0) {
    console.log(`  ❌ 發現 ${criticalCount} 個嚴重問題，workflow 結束（exit 1）`);
    console.log('='.repeat(60));
Author	SHA1	Message	Date
AI Review Bot	bfa01721e4	chore: update ai-review findings [ai-review-bot]	2026-05-15 14:40:43 +00:00
jiantw83	4fd9a22aa0	feat: report ai review commit status	2026-05-15 14:39:15 +00:00
AI Review Bot	93c3d0ca66	chore: update ai-review findings [ai-review-bot]	2026-05-15 14:34:28 +00:00
jiantw83	35150cae8a	chore: expand bot check diagnostics	2026-05-15 14:30:39 +00:00
AI Review Bot	e216ca08c5	chore: update ai-review findings [ai-review-bot]	2026-05-15 14:26:45 +00:00