DELETE UNNNNNNNNNNNNEEDEDEDD code

This commit is contained in:
David Blass
2025-11-12 19:29:26 -05:00
parent 7aaebe9584
commit aff634af29
6 changed files with 2008 additions and 2104 deletions
+1117 -1141
View File
File diff suppressed because one or more lines are too long
+2 -4
View File
@@ -1,4 +1,5 @@
import { type } from "arktype";
import { agents } from "./agents/index.ts";
import { createMcpConfigs } from "./mcp/config.ts";
import packageJson from "./package.json" with { type: "json" };
import { fetchRepoSettings } from "./utils/api.ts";
@@ -9,7 +10,6 @@ import {
setupGitHubInstallationToken,
} from "./utils/github.ts";
import { setupGitAuth, setupGitConfig } from "./utils/setup.ts";
import { agents } from "./agents/index.ts";
export const AgentName = type.enumerated("codex", "claude");
export type AgentName = typeof AgentName.infer;
@@ -40,8 +40,7 @@ export async function main(inputs: Inputs): Promise<MainResult> {
Inputs.assert(inputs);
setupGitConfig();
const { githubInstallationToken, wasAcquired, isFallbackToken } =
await setupGitHubInstallationToken();
const { githubInstallationToken, wasAcquired } = await setupGitHubInstallationToken();
if (wasAcquired) {
tokenToRevoke = githubInstallationToken;
}
@@ -50,7 +49,6 @@ export async function main(inputs: Inputs): Promise<MainResult> {
const repoSettings = await fetchRepoSettings({
token: githubInstallationToken,
repoContext,
isFallbackToken,
});
const agentName: AgentName = inputs.agent || repoSettings.defaultAgent || "claude";
+876 -876
View File
File diff suppressed because one or more lines are too long
+3 -3
View File
@@ -1,6 +1,5 @@
## CURRENT
[] look into trigger.yml without installation
[] try to find heavy claude code user
[] investigate including terminal output from bash commands as collapsed groups
[] test initialization trade offs for pullfrog.yml
@@ -11,10 +10,11 @@
## DONE
[x] look into trigger.yml without installation
[x] cancel installation token at the end of github action
[x] avoid exposing env adding ## SECURITY prompt
[x] add modes to prompt
[x] progressively update comment
[x] don't allow rejecting prs
[x] fix pnpm caching
[x] fix prompt to avoid narration like "I just read all tools from MCP server"
[x] avoid exposing env adding ## SECURITY prompt
[x] cancel installation token at the end of github aciton
+2 -9
View File
@@ -24,23 +24,16 @@ export const DEFAULT_REPO_SETTINGS: RepoSettings = {
};
/**
* Fetch repository settings with fallback handling
* Uses API if token is available, otherwise returns defaults
* Fetch repository settings from the Pullfrog API
* Returns defaults if repo doesn't exist or fetch fails
*/
export async function fetchRepoSettings({
token,
repoContext,
isFallbackToken,
}: {
token: string;
repoContext: RepoContext;
isFallbackToken: boolean;
}): Promise<RepoSettings> {
if (isFallbackToken) {
log.info("Using default repository settings (app not installed)");
return DEFAULT_REPO_SETTINGS;
}
log.info("Fetching repository settings...");
const settings = await getRepoSettings(token, repoContext);
log.info("Repository settings fetched");
+8 -71
View File
@@ -49,15 +49,11 @@ function checkExistingToken(): string | null {
return inputToken || envToken || null;
}
function getGitHubTokenInput(): string | null {
return core.getInput("github_token") || null;
}
function isGitHubActionsEnvironment(): boolean {
return Boolean(process.env.GITHUB_ACTIONS);
}
async function acquireTokenViaOIDC(): Promise<string | null> {
async function acquireTokenViaOIDC(): Promise<string> {
log.info("Generating OIDC token...");
const oidcToken = await core.getIDToken("pullfrog-api");
@@ -85,10 +81,7 @@ async function acquireTokenViaOIDC(): Promise<string | null> {
clearTimeout(timeoutId);
if (!tokenResponse.ok) {
log.warning(
`Token exchange failed: ${tokenResponse.status} ${tokenResponse.statusText}. Falling back to GITHUB_TOKEN.`
);
return null;
throw new Error(`Token exchange failed: ${tokenResponse.status} ${tokenResponse.statusText}`);
}
const tokenData = (await tokenResponse.json()) as InstallationToken;
@@ -99,13 +92,9 @@ async function acquireTokenViaOIDC(): Promise<string | null> {
clearTimeout(timeoutId);
if (error instanceof Error && error.name === "AbortError") {
log.warning(`Token exchange timed out after ${timeoutMs}ms. Falling back to GITHUB_TOKEN.`);
} else {
log.warning(
`Token exchange failed: ${error instanceof Error ? error.message : String(error)}. Falling back to GITHUB_TOKEN.`
);
throw new Error(`Token exchange timed out after ${timeoutMs}ms`);
}
return null;
throw error;
}
}
@@ -250,7 +239,7 @@ async function acquireTokenViaGitHubApp(): Promise<string> {
return token;
}
async function acquireNewToken(): Promise<string | null> {
async function acquireNewToken(): Promise<string> {
if (isGitHubActionsEnvironment()) {
return await acquireTokenViaOIDC();
} else {
@@ -258,78 +247,26 @@ async function acquireNewToken(): Promise<string | null> {
}
}
function getDefaultGitHubToken(): string | null {
// Try input first (explicitly passed from workflow)
const inputToken = getGitHubTokenInput();
if (inputToken) {
return inputToken;
}
// Then try environment variable (automatically set by GitHub Actions)
const token = process.env.GITHUB_TOKEN;
// Log diagnostic info when GITHUB_TOKEN is missing
if (!token && isGitHubActionsEnvironment()) {
const githubEnvVars = Object.keys(process.env)
.filter((key) => key.startsWith("GITHUB_"))
.reduce(
(acc, key) => {
acc[key] =
key === "GITHUB_TOKEN"
? process.env[key]
? "***SET***"
: "NOT_SET"
: process.env[key];
return acc;
},
{} as Record<string, string | undefined>
);
log.warning(
`GITHUB_TOKEN not found. Available GITHUB_* env vars: ${JSON.stringify(githubEnvVars)}`
);
}
return token || null;
}
/**
* Setup GitHub installation token for the action
* Returns the token, whether it was acquired (needs revocation), and whether we fell back to GITHUB_TOKEN
* Falls back to GITHUB_TOKEN if app is not installed
* Returns the token and whether it was acquired (needs revocation)
*/
export async function setupGitHubInstallationToken(): Promise<{
githubInstallationToken: string;
wasAcquired: boolean;
isFallbackToken: boolean;
}> {
const existingToken = checkExistingToken();
if (existingToken) {
core.setSecret(existingToken);
log.info("Using provided GitHub installation token");
return { githubInstallationToken: existingToken, wasAcquired: false, isFallbackToken: false };
return { githubInstallationToken: existingToken, wasAcquired: false };
}
const acquiredToken = await acquireNewToken();
// If token acquisition failed (e.g., app not installed), fall back to GITHUB_TOKEN
if (!acquiredToken) {
const defaultToken = getDefaultGitHubToken();
if (!defaultToken) {
throw new Error(
"Failed to acquire installation token and GITHUB_TOKEN is not available. " +
"Either install the Pullfrog GitHub App or ensure GITHUB_TOKEN is set."
);
}
log.info("Using GITHUB_TOKEN (app not installed or token exchange failed)");
core.setSecret(defaultToken);
process.env.GITHUB_INSTALLATION_TOKEN = defaultToken;
return { githubInstallationToken: defaultToken, wasAcquired: false, isFallbackToken: true };
}
core.setSecret(acquiredToken);
process.env.GITHUB_INSTALLATION_TOKEN = acquiredToken;
return { githubInstallationToken: acquiredToken, wasAcquired: true, isFallbackToken: false };
return { githubInstallationToken: acquiredToken, wasAcquired: true };
}
/**