Compare commits
26 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9567d84442 | |||
| d79564db5e | |||
| a7a0e87fd8 | |||
| 7050b8de75 | |||
| 2fc3ddee16 | |||
| 284d9733dd | |||
| 94e2b5f6e0 | |||
| 03810d574e | |||
| f52e94c612 | |||
| 9444a0e208 | |||
| 2296060d04 | |||
| 458bfe18a0 | |||
| 4cfb9b5008 | |||
| 06542e382a | |||
| bcdf6ab5fb | |||
| 314f669f10 | |||
| a24275e21b | |||
| 872e620342 | |||
| 6d9c6fd2b1 | |||
| 008021df1c | |||
| d6bc0fdd64 | |||
| 8fd0328109 | |||
| a1f87ce118 | |||
| 3e7122611c | |||
| 9459803aaa | |||
| f74a75cfac |
@@ -34,7 +34,7 @@ jobs:
|
|||||||
registry-url: "https://registry.npmjs.org"
|
registry-url: "https://registry.npmjs.org"
|
||||||
|
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: pnpm install --no-frozen-lockfile
|
run: pnpm install --frozen-lockfile
|
||||||
|
|
||||||
- name: Get package version
|
- name: Get package version
|
||||||
id: version
|
id: version
|
||||||
|
|||||||
+6
-2
@@ -1,6 +1,10 @@
|
|||||||
|
# Ensure lockfile is up to date
|
||||||
|
echo "🔒 Updating lockfile..."
|
||||||
|
pnpm install --lockfile-only
|
||||||
|
|
||||||
# Build the action before committing
|
# Build the action before committing
|
||||||
echo "🔨 Building action..."
|
echo "🔨 Building action..."
|
||||||
npm run build
|
npm run build
|
||||||
|
|
||||||
# Add the built files to the commit
|
# Add the built files and lockfile to the commit
|
||||||
git add entry.cjs
|
git add entry.cjs pnpm-lock.yaml
|
||||||
|
|||||||
+18
-2
@@ -18,8 +18,24 @@ inputs:
|
|||||||
required: false
|
required: false
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
using: "node20"
|
using: "composite"
|
||||||
main: "entry.cjs"
|
steps:
|
||||||
|
- name: Setup pnpm
|
||||||
|
uses: pnpm/action-setup@v4
|
||||||
|
- name: Setup Node.js 24
|
||||||
|
uses: actions/setup-node@v4
|
||||||
|
with:
|
||||||
|
node-version: "24"
|
||||||
|
cache: "pnpm"
|
||||||
|
cache-dependency-path: ${{ github.action_path }}/pnpm-lock.yaml
|
||||||
|
- name: Install dependencies
|
||||||
|
run: pnpm install
|
||||||
|
shell: bash
|
||||||
|
working-directory: ${{ github.action_path }}
|
||||||
|
- name: Run agent
|
||||||
|
run: node entry.ts
|
||||||
|
shell: bash
|
||||||
|
working-directory: ${{ github.action_path }}
|
||||||
|
|
||||||
branding:
|
branding:
|
||||||
icon: "code"
|
icon: "code"
|
||||||
|
|||||||
+32
-108
@@ -16,14 +16,11 @@ export class ClaudeAgent implements Agent {
|
|||||||
startTime: 0,
|
startTime: 0,
|
||||||
};
|
};
|
||||||
|
|
||||||
// $: ExecaMethod;
|
|
||||||
|
|
||||||
constructor(config: AgentConfig) {
|
constructor(config: AgentConfig) {
|
||||||
if (!config.apiKey) {
|
if (!config.apiKey) {
|
||||||
throw new Error("Claude agent requires an API key");
|
throw new Error("Claude agent requires an API key");
|
||||||
}
|
}
|
||||||
this.apiKey = config.apiKey;
|
this.apiKey = config.apiKey;
|
||||||
// Removed execa dependency - using spawn utility instead
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -43,7 +40,6 @@ export class ClaudeAgent implements Agent {
|
|||||||
* Install Claude Code CLI
|
* Install Claude Code CLI
|
||||||
*/
|
*/
|
||||||
async install(): Promise<void> {
|
async install(): Promise<void> {
|
||||||
// Check if Claude Code is already installed
|
|
||||||
if (await this.isClaudeInstalled()) {
|
if (await this.isClaudeInstalled()) {
|
||||||
core.info("Claude Code is already installed, skipping installation");
|
core.info("Claude Code is already installed, skipping installation");
|
||||||
return;
|
return;
|
||||||
@@ -51,21 +47,22 @@ export class ClaudeAgent implements Agent {
|
|||||||
|
|
||||||
core.info("Installing Claude Code...");
|
core.info("Installing Claude Code...");
|
||||||
try {
|
try {
|
||||||
// Use shell execution to properly handle the pipe
|
|
||||||
const result = await spawn({
|
const result = await spawn({
|
||||||
cmd: "bash",
|
cmd: "bash",
|
||||||
args: ["-c", "curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93"],
|
args: [
|
||||||
|
"-c",
|
||||||
|
"curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93",
|
||||||
|
],
|
||||||
env: { ANTHROPIC_API_KEY: this.apiKey },
|
env: { ANTHROPIC_API_KEY: this.apiKey },
|
||||||
timeout: 120000, // 2 minute timeout
|
timeout: 120000, // 2 minute timeout
|
||||||
onStdout: () => {
|
onStdout: () => {},
|
||||||
// no logs
|
|
||||||
// process.stdout.write(chunk)
|
|
||||||
},
|
|
||||||
onStderr: (chunk) => process.stderr.write(chunk),
|
onStderr: (chunk) => process.stderr.write(chunk),
|
||||||
});
|
});
|
||||||
|
|
||||||
if (result.exitCode !== 0) {
|
if (result.exitCode !== 0) {
|
||||||
throw new Error(`Installation failed with exit code ${result.exitCode}: ${result.stderr}`);
|
throw new Error(
|
||||||
|
`Installation failed with exit code ${result.exitCode}: ${result.stderr}`
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
core.info("Claude Code installed successfully");
|
core.info("Claude Code installed successfully");
|
||||||
@@ -79,47 +76,36 @@ export class ClaudeAgent implements Agent {
|
|||||||
*/
|
*/
|
||||||
async execute(prompt: string): Promise<AgentResult> {
|
async execute(prompt: string): Promise<AgentResult> {
|
||||||
core.info("Running Claude Code...");
|
core.info("Running Claude Code...");
|
||||||
// printTable([[prompt]]);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Execute Claude Code with the prompt directly using proper headless mode
|
|
||||||
// core.info(`Executing Claude Code with prompt: ${prompt.substring(0, 100)}...`);
|
|
||||||
|
|
||||||
const claudePath = `${process.env.HOME}/.local/bin/claude`;
|
const claudePath = `${process.env.HOME}/.local/bin/claude`;
|
||||||
// console.log("Using Claude Code from:", claudePath);
|
|
||||||
console.log(boxString(prompt, { title: "Prompt" }));
|
console.log(boxString(prompt, { title: "Prompt" }));
|
||||||
const args = [
|
const args = [
|
||||||
"--print",
|
"--print",
|
||||||
"--output-format",
|
"--output-format",
|
||||||
"stream-json",
|
"stream-json",
|
||||||
"--verbose",
|
"--verbose",
|
||||||
|
"--debug",
|
||||||
"--permission-mode",
|
"--permission-mode",
|
||||||
"bypassPermissions",
|
"bypassPermissions",
|
||||||
];
|
];
|
||||||
|
|
||||||
// Add MCP configuration if GitHub credentials are available
|
if (!process.env.GITHUB_INSTALLATION_TOKEN) {
|
||||||
if (
|
throw new Error(
|
||||||
process.env.GITHUB_INSTALLATION_TOKEN &&
|
"GITHUB_INSTALLATION_TOKEN is required for GitHub integration"
|
||||||
process.env.REPO_OWNER &&
|
|
||||||
process.env.REPO_NAME
|
|
||||||
) {
|
|
||||||
const mcpConfig = createMcpConfig(
|
|
||||||
process.env.GITHUB_INSTALLATION_TOKEN,
|
|
||||||
process.env.REPO_OWNER,
|
|
||||||
process.env.REPO_NAME
|
|
||||||
);
|
);
|
||||||
console.log("📋 MCP Config:", mcpConfig);
|
|
||||||
args.push("--mcp-config", mcpConfig);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const mcpConfig = createMcpConfig(process.env.GITHUB_INSTALLATION_TOKEN);
|
||||||
|
console.log("📋 MCP Config:", mcpConfig);
|
||||||
|
args.push("--mcp-config", mcpConfig);
|
||||||
|
|
||||||
const env = {
|
const env = {
|
||||||
ANTHROPIC_API_KEY: this.apiKey,
|
ANTHROPIC_API_KEY: this.apiKey,
|
||||||
};
|
};
|
||||||
|
|
||||||
// Start a collapsible log group for streaming output
|
|
||||||
core.startGroup("🔄 Run details");
|
core.startGroup("🔄 Run details");
|
||||||
|
|
||||||
// Initialize run statistics
|
|
||||||
this.runStats = {
|
this.runStats = {
|
||||||
toolsUsed: 0,
|
toolsUsed: 0,
|
||||||
turns: 0,
|
turns: 0,
|
||||||
@@ -129,7 +115,6 @@ export class ClaudeAgent implements Agent {
|
|||||||
const finalResult = "";
|
const finalResult = "";
|
||||||
const totalCost = 0;
|
const totalCost = 0;
|
||||||
|
|
||||||
// run Claude Code with the prompt
|
|
||||||
const result = await spawn({
|
const result = await spawn({
|
||||||
cmd: claudePath,
|
cmd: claudePath,
|
||||||
args,
|
args,
|
||||||
@@ -137,37 +122,21 @@ export class ClaudeAgent implements Agent {
|
|||||||
input: prompt,
|
input: prompt,
|
||||||
timeout: 10 * 60 * 1000, // 10 minutes
|
timeout: 10 * 60 * 1000, // 10 minutes
|
||||||
onStdout: (_chunk) => {
|
onStdout: (_chunk) => {
|
||||||
// console.log(chunk);
|
|
||||||
processJSONChunk(_chunk, this);
|
processJSONChunk(_chunk, this);
|
||||||
},
|
},
|
||||||
onStderr: (_chunk) => {
|
onStderr: (_chunk) => {
|
||||||
if (_chunk.trim()) {
|
if (_chunk.trim()) {
|
||||||
// core.warning(`[warn] ${chunk}`);
|
|
||||||
processJSONChunk(_chunk, this);
|
processJSONChunk(_chunk, this);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
// throw on non-zero exit code
|
|
||||||
if (result.exitCode !== 0) {
|
if (result.exitCode !== 0) {
|
||||||
throw new Error(
|
throw new Error(
|
||||||
`Command failed with exit code ${result.exitCode}\n\nStdout: ${result.stdout}\n\nStderr: ${result.stderr}`
|
`Command failed with exit code ${result.exitCode}\n\nStdout: ${result.stdout}\n\nStderr: ${result.stderr}`
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Process the complete buffered stdout to extract final results
|
|
||||||
// if (result.stdout.trim()) {
|
|
||||||
// const lines = result.stdout.trim().split("\n");
|
|
||||||
// for (const line of lines) {
|
|
||||||
// if (line.trim()) {
|
|
||||||
// const chunkResult = processJsonChunk(line);
|
|
||||||
// if (chunkResult.finalResult) finalResult = chunkResult.finalResult;
|
|
||||||
// if (chunkResult.totalCost) totalCost = chunkResult.totalCost;
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
|
|
||||||
// Log run summary
|
|
||||||
const duration = Date.now() - this.runStats.startTime;
|
const duration = Date.now() - this.runStats.startTime;
|
||||||
core.info(
|
core.info(
|
||||||
`📊 Run Summary: ${this.runStats.toolsUsed} tools used, ${this.runStats.turns} turns, ${duration}ms duration`
|
`📊 Run Summary: ${this.runStats.toolsUsed} tools used, ${this.runStats.turns} turns, ${duration}ms duration`
|
||||||
@@ -187,13 +156,11 @@ export class ClaudeAgent implements Agent {
|
|||||||
},
|
},
|
||||||
};
|
};
|
||||||
} catch (error: any) {
|
} catch (error: any) {
|
||||||
// Ensure group is closed even if error occurs before group is started
|
|
||||||
try {
|
try {
|
||||||
core.endGroup();
|
core.endGroup();
|
||||||
} catch {
|
} catch {}
|
||||||
// Group might not have been started, ignore
|
const errorMessage =
|
||||||
}
|
error instanceof Error ? error.message : "Unknown error";
|
||||||
const errorMessage = error instanceof Error ? error.message : "Unknown error";
|
|
||||||
return {
|
return {
|
||||||
success: false,
|
success: false,
|
||||||
error: `Failed to execute Claude Code: ${errorMessage}`,
|
error: `Failed to execute Claude Code: ${errorMessage}`,
|
||||||
@@ -202,34 +169,11 @@ export class ClaudeAgent implements Agent {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Process a JSON chunk line and extract result data
|
|
||||||
*/
|
|
||||||
// function processJsonChunk(line: string): { finalResult?: string; totalCost?: number } {
|
|
||||||
// try {
|
|
||||||
// const chunk = JSON.parse(line.trim());
|
|
||||||
// processJSONChunk(chunk);
|
|
||||||
|
|
||||||
// // Collect final result and cost data
|
|
||||||
// if (chunk.type === "result" && chunk.result) {
|
|
||||||
// return {
|
|
||||||
// finalResult: chunk.result,
|
|
||||||
// totalCost: chunk.total_cost_usd || 0,
|
|
||||||
// };
|
|
||||||
// }
|
|
||||||
// return {};
|
|
||||||
// } catch {
|
|
||||||
// core.debug(`Failed to parse JSON line: ${line}`);
|
|
||||||
// return {};
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pretty print a JSON chunk based on its type
|
* Pretty print a JSON chunk based on its type
|
||||||
*/
|
*/
|
||||||
function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
|
function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
|
||||||
try {
|
try {
|
||||||
// Parse the JSON string first
|
|
||||||
console.log(chunk);
|
console.log(chunk);
|
||||||
const parsedChunk = JSON.parse(chunk.trim());
|
const parsedChunk = JSON.parse(chunk.trim());
|
||||||
|
|
||||||
@@ -237,14 +181,17 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
|
|||||||
case "system":
|
case "system":
|
||||||
if (parsedChunk.subtype === "init") {
|
if (parsedChunk.subtype === "init") {
|
||||||
core.info(`🚀 Starting Claude Code session...`);
|
core.info(`🚀 Starting Claude Code session...`);
|
||||||
// core.info(`📁 Working directory: ${parsedChunk.cwd}`);
|
|
||||||
// core.info(`🔑 Permission mode: ${parsedChunk.permissionMode}`);
|
|
||||||
core.info(
|
core.info(
|
||||||
tableString([
|
tableString([
|
||||||
["model", parsedChunk.model],
|
["model", parsedChunk.model],
|
||||||
["cwd", parsedChunk.cwd],
|
["cwd", parsedChunk.cwd],
|
||||||
["permission_mode", parsedChunk.permissionMode],
|
["permission_mode", parsedChunk.permissionMode],
|
||||||
["tools", parsedChunk.tools?.length ? `${parsedChunk.tools.length} tools` : "none"],
|
[
|
||||||
|
"tools",
|
||||||
|
parsedChunk.tools?.length
|
||||||
|
? `${parsedChunk.tools.length} tools`
|
||||||
|
: "none",
|
||||||
|
],
|
||||||
[
|
[
|
||||||
"mcp_servers",
|
"mcp_servers",
|
||||||
parsedChunk.mcp_servers?.length
|
parsedChunk.mcp_servers?.length
|
||||||
@@ -264,39 +211,33 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
|
|||||||
|
|
||||||
case "assistant":
|
case "assistant":
|
||||||
if (parsedChunk.message?.content) {
|
if (parsedChunk.message?.content) {
|
||||||
// Track turns
|
|
||||||
if (agent) {
|
if (agent) {
|
||||||
agent.runStats.turns++;
|
agent.runStats.turns++;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (const content of parsedChunk.message.content) {
|
for (const content of parsedChunk.message.content) {
|
||||||
if (content.type === "text") {
|
if (content.type === "text") {
|
||||||
// Skip empty text content
|
|
||||||
if (content.text.trim()) {
|
if (content.text.trim()) {
|
||||||
core.info(boxString(content.text.trim(), { title: "Claude Code" }));
|
core.info(
|
||||||
|
boxString(content.text.trim(), { title: "Claude Code" })
|
||||||
|
);
|
||||||
}
|
}
|
||||||
} else if (content.type === "tool_use") {
|
} else if (content.type === "tool_use") {
|
||||||
// Track tools used
|
|
||||||
if (agent) {
|
if (agent) {
|
||||||
agent.runStats.toolsUsed++;
|
agent.runStats.toolsUsed++;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Enhanced tool usage logging
|
|
||||||
const toolName = content.name;
|
const toolName = content.name;
|
||||||
// const toolId = content.id;
|
|
||||||
|
|
||||||
core.info(`→ ${toolName}`);
|
core.info(`→ ${toolName}`);
|
||||||
|
|
||||||
// Log tool-specific details based on tool type
|
|
||||||
if (content.input) {
|
if (content.input) {
|
||||||
const input = content.input;
|
const input = content.input;
|
||||||
|
|
||||||
// Common tool input fields
|
|
||||||
if (input.description) {
|
if (input.description) {
|
||||||
core.info(` └─ ${input.description}`);
|
core.info(` └─ ${input.description}`);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Tool-specific input fields
|
|
||||||
if (input.command) {
|
if (input.command) {
|
||||||
core.info(` └─ command: ${input.command}`);
|
core.info(` └─ command: ${input.command}`);
|
||||||
}
|
}
|
||||||
@@ -325,7 +266,6 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
|
|||||||
core.info(` └─ url: ${input.url}`);
|
core.info(` └─ url: ${input.url}`);
|
||||||
}
|
}
|
||||||
|
|
||||||
// For multi-edit or complex operations
|
|
||||||
if (input.edits && Array.isArray(input.edits)) {
|
if (input.edits && Array.isArray(input.edits)) {
|
||||||
core.info(` └─ edits: ${input.edits.length} changes`);
|
core.info(` └─ edits: ${input.edits.length} changes`);
|
||||||
input.edits.forEach((edit: any, index: number) => {
|
input.edits.forEach((edit: any, index: number) => {
|
||||||
@@ -335,19 +275,14 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
// For task operations
|
|
||||||
if (input.task) {
|
if (input.task) {
|
||||||
core.info(` └─ task: ${input.task}`);
|
core.info(` └─ task: ${input.task}`);
|
||||||
}
|
}
|
||||||
|
|
||||||
// For bash operations with specific details
|
|
||||||
if (input.bash_command) {
|
if (input.bash_command) {
|
||||||
core.info(` └─ bash_command: ${input.bash_command}`);
|
core.info(` └─ bash_command: ${input.bash_command}`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Log tool ID for debugging
|
|
||||||
// core.debug(` 🔗 Tool ID: ${toolId}`);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -360,9 +295,6 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
|
|||||||
if (content.is_error) {
|
if (content.is_error) {
|
||||||
core.warning(`❌ Tool error: ${content.content}`);
|
core.warning(`❌ Tool error: ${content.content}`);
|
||||||
} else {
|
} else {
|
||||||
// Enhanced tool result logging
|
|
||||||
const _resultContent = content.content.trim();
|
|
||||||
// do nothing for now. usually useless in headless more.
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -371,19 +303,12 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
|
|||||||
|
|
||||||
case "result":
|
case "result":
|
||||||
if (parsedChunk.subtype === "success") {
|
if (parsedChunk.subtype === "success") {
|
||||||
// Claude already prints something almost identical to this, so skip for now
|
|
||||||
// if (parsedChunk.result) {
|
|
||||||
// core.info(
|
|
||||||
// boxString(parsedChunk.result.trim(), {
|
|
||||||
// title: "🤖 Claude Code",
|
|
||||||
// maxWidth: 70,
|
|
||||||
// }),
|
|
||||||
// );
|
|
||||||
// }
|
|
||||||
|
|
||||||
core.info(
|
core.info(
|
||||||
tableString([
|
tableString([
|
||||||
["Cost", `$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`],
|
[
|
||||||
|
"Cost",
|
||||||
|
`$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`,
|
||||||
|
],
|
||||||
["Input Tokens", parsedChunk.usage?.input_tokens || 0],
|
["Input Tokens", parsedChunk.usage?.input_tokens || 0],
|
||||||
["Output Tokens", parsedChunk.usage?.output_tokens || 0],
|
["Output Tokens", parsedChunk.usage?.output_tokens || 0],
|
||||||
["Duration", `${parsedChunk.duration_ms}ms`],
|
["Duration", `${parsedChunk.duration_ms}ms`],
|
||||||
@@ -396,7 +321,6 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
// Log unknown chunk types for debugging
|
|
||||||
core.debug(`📦 Unknown chunk type: ${parsedChunk.type}`);
|
core.debug(`📦 Unknown chunk type: ${parsedChunk.type}`);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,11 +7,12 @@
|
|||||||
|
|
||||||
import * as core from "@actions/core";
|
import * as core from "@actions/core";
|
||||||
import { type ExecutionInputs, type MainParams, main } from "./main.ts";
|
import { type ExecutionInputs, type MainParams, main } from "./main.ts";
|
||||||
|
import packageJson from "./package.json" with { type: "json" };
|
||||||
import { setupGitHubInstallationToken } from "./utils/github.ts";
|
import { setupGitHubInstallationToken } from "./utils/github.ts";
|
||||||
|
|
||||||
async function run(): Promise<void> {
|
async function run(): Promise<void> {
|
||||||
try {
|
try {
|
||||||
// Get inputs from GitHub Actions
|
console.log(`🐸 Running pullfrog/action@${packageJson.version}...`);
|
||||||
const prompt = core.getInput("prompt", { required: true });
|
const prompt = core.getInput("prompt", { required: true });
|
||||||
const anthropic_api_key = core.getInput("anthropic_api_key");
|
const anthropic_api_key = core.getInput("anthropic_api_key");
|
||||||
|
|
||||||
@@ -19,13 +20,11 @@ async function run(): Promise<void> {
|
|||||||
throw new Error("prompt is required");
|
throw new Error("prompt is required");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create params object with new structure
|
|
||||||
const inputs: ExecutionInputs = {
|
const inputs: ExecutionInputs = {
|
||||||
prompt,
|
prompt,
|
||||||
anthropic_api_key,
|
anthropic_api_key,
|
||||||
};
|
};
|
||||||
|
|
||||||
// Add optional properties only if they exist
|
|
||||||
const githubToken = core.getInput("github_token") || process.env.GITHUB_TOKEN;
|
const githubToken = core.getInput("github_token") || process.env.GITHUB_TOKEN;
|
||||||
if (githubToken) {
|
if (githubToken) {
|
||||||
inputs.github_token = githubToken;
|
inputs.github_token = githubToken;
|
||||||
@@ -47,8 +46,6 @@ async function run(): Promise<void> {
|
|||||||
|
|
||||||
const result = await main(params);
|
const result = await main(params);
|
||||||
|
|
||||||
// TODO: Set outputs
|
|
||||||
|
|
||||||
if (!result.success) {
|
if (!result.success) {
|
||||||
throw new Error(result.error || "Agent execution failed");
|
throw new Error(result.error || "Agent execution failed");
|
||||||
}
|
}
|
||||||
@@ -58,7 +55,6 @@ async function run(): Promise<void> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Run the action
|
|
||||||
run().catch((error) => {
|
run().catch((error) => {
|
||||||
console.error("Action failed:", error);
|
console.error("Action failed:", error);
|
||||||
process.exit(1);
|
process.exit(1);
|
||||||
|
|||||||
@@ -1,7 +1,6 @@
|
|||||||
import * as core from "@actions/core";
|
import * as core from "@actions/core";
|
||||||
import { ClaudeAgent } from "./agents/claude.ts";
|
import { ClaudeAgent } from "./agents/claude.ts";
|
||||||
|
|
||||||
// Expected environment variables that should be passed as inputs
|
|
||||||
export const EXPECTED_INPUTS: string[] = [
|
export const EXPECTED_INPUTS: string[] = [
|
||||||
"ANTHROPIC_API_KEY",
|
"ANTHROPIC_API_KEY",
|
||||||
"GITHUB_TOKEN",
|
"GITHUB_TOKEN",
|
||||||
@@ -29,24 +28,19 @@ export interface MainResult {
|
|||||||
|
|
||||||
export async function main(params: MainParams): Promise<MainResult> {
|
export async function main(params: MainParams): Promise<MainResult> {
|
||||||
try {
|
try {
|
||||||
// Extract inputs from params
|
|
||||||
const { inputs, env, cwd } = params;
|
const { inputs, env, cwd } = params;
|
||||||
|
|
||||||
// Set working directory if different from current
|
|
||||||
if (cwd !== process.cwd()) {
|
if (cwd !== process.cwd()) {
|
||||||
process.chdir(cwd);
|
process.chdir(cwd);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set environment variables
|
|
||||||
Object.assign(process.env, env);
|
Object.assign(process.env, env);
|
||||||
|
|
||||||
core.info(`→ Starting agent run with Claude Code`);
|
core.info(`→ Starting agent run with Claude Code`);
|
||||||
|
|
||||||
// Create and install the Claude agent
|
|
||||||
const agent = new ClaudeAgent({ apiKey: inputs.anthropic_api_key });
|
const agent = new ClaudeAgent({ apiKey: inputs.anthropic_api_key });
|
||||||
await agent.install();
|
await agent.install();
|
||||||
|
|
||||||
// Execute the agent with the prompt
|
|
||||||
const result = await agent.execute(inputs.prompt);
|
const result = await agent.execute(inputs.prompt);
|
||||||
|
|
||||||
if (!result.success) {
|
if (!result.success) {
|
||||||
|
|||||||
+15
-8
@@ -1,13 +1,20 @@
|
|||||||
/**
|
/**
|
||||||
* Simple MCP configuration helper for adding our minimal GitHub comment server
|
* Simple MCP configuration helper for adding our minimal GitHub comment server
|
||||||
*/
|
*/
|
||||||
const actionPath = process.env.GITHUB_ACTION_PATH || process.cwd();
|
// const actionPath = process.env.GITHUB_ACTION_PATH || process.cwd();
|
||||||
|
|
||||||
|
import { fromHere } from "@ark/fs";
|
||||||
|
|
||||||
|
const actionPath = fromHere("..");
|
||||||
|
|
||||||
|
export function createMcpConfig(githubInstallationToken: string) {
|
||||||
|
const githubRepository = process.env.GITHUB_REPOSITORY;
|
||||||
|
if (!githubRepository) {
|
||||||
|
throw new Error(
|
||||||
|
"GITHUB_REPOSITORY environment variable is required for MCP GitHub integration"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
export function createMcpConfig(
|
|
||||||
githubInstallationToken: string,
|
|
||||||
repoOwner: string,
|
|
||||||
repoName: string
|
|
||||||
) {
|
|
||||||
return JSON.stringify(
|
return JSON.stringify(
|
||||||
{
|
{
|
||||||
mcpServers: {
|
mcpServers: {
|
||||||
@@ -16,8 +23,8 @@ export function createMcpConfig(
|
|||||||
args: [`${actionPath}/mcp/server.ts`],
|
args: [`${actionPath}/mcp/server.ts`],
|
||||||
env: {
|
env: {
|
||||||
GITHUB_INSTALLATION_TOKEN: githubInstallationToken,
|
GITHUB_INSTALLATION_TOKEN: githubInstallationToken,
|
||||||
REPO_OWNER: repoOwner,
|
GITHUB_REPOSITORY: githubRepository,
|
||||||
REPO_NAME: repoName,
|
LOG_LEVEL: "debug",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|||||||
+7
-12
@@ -5,15 +5,7 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
|
|||||||
import { Octokit } from "@octokit/rest";
|
import { Octokit } from "@octokit/rest";
|
||||||
import { type } from "arktype";
|
import { type } from "arktype";
|
||||||
import { z } from "zod";
|
import { z } from "zod";
|
||||||
|
import { resolveRepoContext } from "../utils/repo-context.ts";
|
||||||
// Get repository information from environment variables
|
|
||||||
const REPO_OWNER = process.env.REPO_OWNER;
|
|
||||||
const REPO_NAME = process.env.REPO_NAME;
|
|
||||||
|
|
||||||
if (!REPO_OWNER || !REPO_NAME) {
|
|
||||||
console.error("Error: REPO_OWNER and REPO_NAME environment variables are required");
|
|
||||||
process.exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
const server = new McpServer({
|
const server = new McpServer({
|
||||||
name: "Minimal GitHub Issue Comment Server",
|
name: "Minimal GitHub Issue Comment Server",
|
||||||
@@ -42,13 +34,16 @@ server.tool(
|
|||||||
throw new Error("GITHUB_INSTALLATION_TOKEN environment variable is required");
|
throw new Error("GITHUB_INSTALLATION_TOKEN environment variable is required");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Resolve repository context from environment
|
||||||
|
const repoContext = resolveRepoContext();
|
||||||
|
|
||||||
const octokit = new Octokit({
|
const octokit = new Octokit({
|
||||||
auth: githubInstallationToken,
|
auth: githubInstallationToken,
|
||||||
});
|
});
|
||||||
|
|
||||||
const result = await octokit.rest.issues.createComment({
|
const result = await octokit.rest.issues.createComment({
|
||||||
owner: REPO_OWNER,
|
owner: repoContext.owner,
|
||||||
repo: REPO_NAME,
|
repo: repoContext.name,
|
||||||
issue_number: issueNumber,
|
issue_number: issueNumber,
|
||||||
body: body,
|
body: body,
|
||||||
});
|
});
|
||||||
@@ -94,4 +89,4 @@ async function runServer() {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
runServer().catch(console.error);
|
await runServer();
|
||||||
|
|||||||
+7
-5
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "@pullfrog/action",
|
"name": "@pullfrog/action",
|
||||||
"version": "0.0.13",
|
"version": "0.0.35",
|
||||||
"type": "module",
|
"type": "module",
|
||||||
"files": [
|
"files": [
|
||||||
"index.js",
|
"index.js",
|
||||||
@@ -23,9 +23,11 @@
|
|||||||
"build:dev": "node esbuild.config.js",
|
"build:dev": "node esbuild.config.js",
|
||||||
"prepare": "husky",
|
"prepare": "husky",
|
||||||
"play": "node play.ts",
|
"play": "node play.ts",
|
||||||
"upDeps": "pnpm up --latest"
|
"upDeps": "pnpm up --latest",
|
||||||
|
"createLockfile": "pnpm --ignore-workspace install"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
"@ark/fs": "0.49.0",
|
||||||
"@actions/core": "^1.11.1",
|
"@actions/core": "^1.11.1",
|
||||||
"@modelcontextprotocol/sdk": "^1.17.5",
|
"@modelcontextprotocol/sdk": "^1.17.5",
|
||||||
"@octokit/rest": "^22.0.0",
|
"@octokit/rest": "^22.0.0",
|
||||||
@@ -33,7 +35,8 @@
|
|||||||
"arktype": "^2.1.22",
|
"arktype": "^2.1.22",
|
||||||
"dotenv": "^17.2.2",
|
"dotenv": "^17.2.2",
|
||||||
"execa": "^9.6.0",
|
"execa": "^9.6.0",
|
||||||
"table": "^6.9.0"
|
"table": "^6.9.0",
|
||||||
|
"zod": "^3.24.4"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@types/node": "^20.10.0",
|
"@types/node": "^20.10.0",
|
||||||
@@ -41,8 +44,7 @@
|
|||||||
"esbuild": "^0.25.9",
|
"esbuild": "^0.25.9",
|
||||||
"husky": "^9.0.0",
|
"husky": "^9.0.0",
|
||||||
"typescript": "^5.3.0",
|
"typescript": "^5.3.0",
|
||||||
"zshy": "^0.4.1",
|
"zshy": "^0.4.1"
|
||||||
"zod": "^3.24.4"
|
|
||||||
},
|
},
|
||||||
"repository": {
|
"repository": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
|
|||||||
@@ -1,35 +1,32 @@
|
|||||||
import { existsSync, readFileSync } from "node:fs";
|
import { existsSync, readFileSync } from "node:fs";
|
||||||
import { dirname, extname, join, resolve } from "node:path";
|
import { extname, join, resolve } from "node:path";
|
||||||
import { fileURLToPath, pathToFileURL } from "node:url";
|
import { pathToFileURL } from "node:url";
|
||||||
|
import { fromHere } from "@ark/fs";
|
||||||
import arg from "arg";
|
import arg from "arg";
|
||||||
import { config } from "dotenv";
|
import { config } from "dotenv";
|
||||||
import { main } from "./main.ts";
|
import { main } from "./main.ts";
|
||||||
|
import packageJson from "./package.json" with { type: "json" };
|
||||||
import { runAct } from "./utils/act.ts";
|
import { runAct } from "./utils/act.ts";
|
||||||
|
import { setupGitHubInstallationToken } from "./utils/github.ts";
|
||||||
import { setupTestRepo } from "./utils/setup.ts";
|
import { setupTestRepo } from "./utils/setup.ts";
|
||||||
|
|
||||||
// Load environment variables from .env file
|
|
||||||
config();
|
config();
|
||||||
|
|
||||||
const __filename = fileURLToPath(import.meta.url);
|
|
||||||
const __dirname = dirname(__filename);
|
|
||||||
|
|
||||||
export async function run(
|
export async function run(
|
||||||
prompt: string,
|
prompt: string,
|
||||||
options: { act?: boolean } = {}
|
options: { act?: boolean } = {}
|
||||||
): Promise<{ success: boolean; output?: string | undefined; error?: string | undefined }> {
|
): Promise<{ success: boolean; output?: string | undefined; error?: string | undefined }> {
|
||||||
try {
|
try {
|
||||||
|
console.log(`🐸 Running pullfrog/action@${packageJson.version}...`);
|
||||||
if (options.act) {
|
if (options.act) {
|
||||||
// Use Docker/act to run the action
|
|
||||||
console.log("🐳 Running with Docker/act...");
|
console.log("🐳 Running with Docker/act...");
|
||||||
runAct(prompt);
|
runAct(prompt);
|
||||||
return { success: true };
|
return { success: true };
|
||||||
}
|
}
|
||||||
|
|
||||||
// Setup test repository and run directly
|
|
||||||
const tempDir = join(process.cwd(), ".temp");
|
const tempDir = join(process.cwd(), ".temp");
|
||||||
setupTestRepo({ tempDir, forceClean: true });
|
setupTestRepo({ tempDir, forceClean: true });
|
||||||
|
|
||||||
// Change to the temp directory
|
|
||||||
const originalCwd = process.cwd();
|
const originalCwd = process.cwd();
|
||||||
process.chdir(tempDir);
|
process.chdir(tempDir);
|
||||||
|
|
||||||
@@ -39,7 +36,6 @@ export async function run(
|
|||||||
console.log(prompt);
|
console.log(prompt);
|
||||||
console.log("─".repeat(50));
|
console.log("─".repeat(50));
|
||||||
|
|
||||||
// Set environment variables from our .env for the action to use
|
|
||||||
const { EXPECTED_INPUTS } = await import("./main.ts");
|
const { EXPECTED_INPUTS } = await import("./main.ts");
|
||||||
EXPECTED_INPUTS.forEach((inputName) => {
|
EXPECTED_INPUTS.forEach((inputName) => {
|
||||||
const value = process.env[inputName];
|
const value = process.env[inputName];
|
||||||
@@ -48,28 +44,31 @@ export async function run(
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
// Run main with the new params structure
|
|
||||||
const inputs: any = {
|
const inputs: any = {
|
||||||
prompt,
|
prompt,
|
||||||
anthropic_api_key: process.env.ANTHROPIC_API_KEY || "",
|
anthropic_api_key: process.env.ANTHROPIC_API_KEY || "",
|
||||||
};
|
};
|
||||||
|
|
||||||
// Add optional properties only if they exist
|
|
||||||
if (process.env.GITHUB_TOKEN) {
|
if (process.env.GITHUB_TOKEN) {
|
||||||
inputs.github_token = process.env.GITHUB_TOKEN;
|
inputs.github_token = process.env.GITHUB_TOKEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (process.env.GITHUB_INSTALLATION_TOKEN) {
|
console.log("🔑 Setting up GitHub installation token...");
|
||||||
inputs.github_installation_token = process.env.GITHUB_INSTALLATION_TOKEN;
|
const installationToken = await setupGitHubInstallationToken();
|
||||||
}
|
inputs.github_installation_token = installationToken;
|
||||||
|
console.log("✅ GitHub installation token setup successfully");
|
||||||
|
|
||||||
|
const envWithToken = {
|
||||||
|
...process.env,
|
||||||
|
GITHUB_INSTALLATION_TOKEN: installationToken,
|
||||||
|
} as Record<string, string>;
|
||||||
|
|
||||||
const result = await main({
|
const result = await main({
|
||||||
inputs,
|
inputs,
|
||||||
env: process.env as Record<string, string>,
|
env: envWithToken,
|
||||||
cwd: process.cwd(),
|
cwd: process.cwd(),
|
||||||
});
|
});
|
||||||
|
|
||||||
// Change back to original directory
|
|
||||||
process.chdir(originalCwd);
|
process.chdir(originalCwd);
|
||||||
|
|
||||||
if (result.success) {
|
if (result.success) {
|
||||||
@@ -89,7 +88,6 @@ export async function run(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// CLI execution when run directly
|
|
||||||
if (import.meta.url === `file://${process.argv[1]}`) {
|
if (import.meta.url === `file://${process.argv[1]}`) {
|
||||||
const args = arg({
|
const args = arg({
|
||||||
"--help": Boolean,
|
"--help": Boolean,
|
||||||
@@ -125,16 +123,13 @@ Examples:
|
|||||||
let prompt: string;
|
let prompt: string;
|
||||||
|
|
||||||
if (args["--raw"]) {
|
if (args["--raw"]) {
|
||||||
// Use raw prompt string
|
|
||||||
prompt = args["--raw"];
|
prompt = args["--raw"];
|
||||||
} else {
|
} else {
|
||||||
// Load prompt from file
|
|
||||||
const filePath = args._[0] || "fixtures/basic.txt";
|
const filePath = args._[0] || "fixtures/basic.txt";
|
||||||
const ext = extname(filePath).toLowerCase();
|
const ext = extname(filePath).toLowerCase();
|
||||||
let resolvedPath: string;
|
let resolvedPath: string;
|
||||||
|
|
||||||
// First try as fixtures path
|
const fixturesPath = fromHere("fixtures", filePath);
|
||||||
const fixturesPath = join(__dirname, "fixtures", filePath);
|
|
||||||
if (existsSync(fixturesPath)) {
|
if (existsSync(fixturesPath)) {
|
||||||
resolvedPath = fixturesPath;
|
resolvedPath = fixturesPath;
|
||||||
} else if (existsSync(filePath)) {
|
} else if (existsSync(filePath)) {
|
||||||
@@ -145,13 +140,11 @@ Examples:
|
|||||||
|
|
||||||
switch (ext) {
|
switch (ext) {
|
||||||
case ".txt": {
|
case ".txt": {
|
||||||
// Plain text - pass directly as prompt
|
|
||||||
prompt = readFileSync(resolvedPath, "utf8").trim();
|
prompt = readFileSync(resolvedPath, "utf8").trim();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
case ".json": {
|
case ".json": {
|
||||||
// JSON - stringify and pass as prompt
|
|
||||||
const content = readFileSync(resolvedPath, "utf8");
|
const content = readFileSync(resolvedPath, "utf8");
|
||||||
const parsed = JSON.parse(content);
|
const parsed = JSON.parse(content);
|
||||||
prompt = JSON.stringify(parsed, null, 2);
|
prompt = JSON.stringify(parsed, null, 2);
|
||||||
@@ -159,7 +152,6 @@ Examples:
|
|||||||
}
|
}
|
||||||
|
|
||||||
case ".ts": {
|
case ".ts": {
|
||||||
// TypeScript - dynamic import and stringify default export
|
|
||||||
const fileUrl = pathToFileURL(resolvedPath).href;
|
const fileUrl = pathToFileURL(resolvedPath).href;
|
||||||
const module = await import(fileUrl);
|
const module = await import(fileUrl);
|
||||||
|
|
||||||
@@ -167,14 +159,11 @@ Examples:
|
|||||||
throw new Error(`TypeScript file ${filePath} must have a default export`);
|
throw new Error(`TypeScript file ${filePath} must have a default export`);
|
||||||
}
|
}
|
||||||
|
|
||||||
// If it's a string, use it directly
|
|
||||||
if (typeof module.default === "string") {
|
if (typeof module.default === "string") {
|
||||||
prompt = module.default;
|
prompt = module.default;
|
||||||
} else if (typeof module.default === "object" && module.default.prompt) {
|
} else if (typeof module.default === "object" && module.default.prompt) {
|
||||||
// If it's a MainParams object with a prompt field, extract the prompt
|
|
||||||
prompt = module.default.prompt;
|
prompt = module.default.prompt;
|
||||||
} else {
|
} else {
|
||||||
// Otherwise stringify it
|
|
||||||
prompt = JSON.stringify(module.default, null, 2);
|
prompt = JSON.stringify(module.default, null, 2);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|||||||
Generated
+11
-3
@@ -11,6 +11,9 @@ importers:
|
|||||||
'@actions/core':
|
'@actions/core':
|
||||||
specifier: ^1.11.1
|
specifier: ^1.11.1
|
||||||
version: 1.11.1
|
version: 1.11.1
|
||||||
|
'@ark/fs':
|
||||||
|
specifier: 0.49.0
|
||||||
|
version: 0.49.0
|
||||||
'@modelcontextprotocol/sdk':
|
'@modelcontextprotocol/sdk':
|
||||||
specifier: ^1.17.5
|
specifier: ^1.17.5
|
||||||
version: 1.19.1
|
version: 1.19.1
|
||||||
@@ -32,6 +35,9 @@ importers:
|
|||||||
table:
|
table:
|
||||||
specifier: ^6.9.0
|
specifier: ^6.9.0
|
||||||
version: 6.9.0
|
version: 6.9.0
|
||||||
|
zod:
|
||||||
|
specifier: ^3.24.4
|
||||||
|
version: 3.25.76
|
||||||
devDependencies:
|
devDependencies:
|
||||||
'@types/node':
|
'@types/node':
|
||||||
specifier: ^20.10.0
|
specifier: ^20.10.0
|
||||||
@@ -48,9 +54,6 @@ importers:
|
|||||||
typescript:
|
typescript:
|
||||||
specifier: ^5.3.0
|
specifier: ^5.3.0
|
||||||
version: 5.9.3
|
version: 5.9.3
|
||||||
zod:
|
|
||||||
specifier: ^3.24.4
|
|
||||||
version: 3.25.76
|
|
||||||
zshy:
|
zshy:
|
||||||
specifier: ^0.4.1
|
specifier: ^0.4.1
|
||||||
version: 0.4.3(typescript@5.9.3)
|
version: 0.4.3(typescript@5.9.3)
|
||||||
@@ -69,6 +72,9 @@ packages:
|
|||||||
'@actions/io@1.1.3':
|
'@actions/io@1.1.3':
|
||||||
resolution: {integrity: sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==}
|
resolution: {integrity: sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==}
|
||||||
|
|
||||||
|
'@ark/fs@0.49.0':
|
||||||
|
resolution: {integrity: sha512-AEjAQS/bu1CGIRiKK/XLaQ73cSJHixfexq28wNt+kBpQ0h1RwVIVzaGsn/+5IWw6DEbR7LB+3hil5gzrzEeyZQ==}
|
||||||
|
|
||||||
'@ark/schema@0.49.0':
|
'@ark/schema@0.49.0':
|
||||||
resolution: {integrity: sha512-GphZBLpW72iS0v4YkeUtV3YIno35Gimd7+ezbPO9GwEi9kzdUrPVjvf6aXSBAfHikaFc/9pqZOpv3pOXnC71tw==}
|
resolution: {integrity: sha512-GphZBLpW72iS0v4YkeUtV3YIno35Gimd7+ezbPO9GwEi9kzdUrPVjvf6aXSBAfHikaFc/9pqZOpv3pOXnC71tw==}
|
||||||
|
|
||||||
@@ -902,6 +908,8 @@ snapshots:
|
|||||||
|
|
||||||
'@actions/io@1.1.3': {}
|
'@actions/io@1.1.3': {}
|
||||||
|
|
||||||
|
'@ark/fs@0.49.0': {}
|
||||||
|
|
||||||
'@ark/schema@0.49.0':
|
'@ark/schema@0.49.0':
|
||||||
dependencies:
|
dependencies:
|
||||||
'@ark/util': 0.49.0
|
'@ark/util': 0.49.0
|
||||||
|
|||||||
@@ -1,356 +0,0 @@
|
|||||||
#!/usr/bin/env tsx
|
|
||||||
|
|
||||||
/**
|
|
||||||
* GitHub App Installation Token Generator
|
|
||||||
*
|
|
||||||
* Generates a temporary installation token for a GitHub App to access a specific repository.
|
|
||||||
* Uses environment variables for configuration and supports multiple installations.
|
|
||||||
*
|
|
||||||
* Usage:
|
|
||||||
* node scripts/generate-installation-token.ts [--repo owner/name] [--update-env]
|
|
||||||
*
|
|
||||||
* Environment variables required:
|
|
||||||
* GITHUB_APP_ID - GitHub App ID
|
|
||||||
* GITHUB_PRIVATE_KEY - GitHub App private key (PEM format)
|
|
||||||
* REPO_OWNER - Target repository owner (default)
|
|
||||||
* REPO_NAME - Target repository name (default)
|
|
||||||
*/
|
|
||||||
|
|
||||||
import { createSign } from "node:crypto";
|
|
||||||
import { readFileSync, writeFileSync } from "node:fs";
|
|
||||||
import { join } from "node:path";
|
|
||||||
import { config } from "dotenv";
|
|
||||||
|
|
||||||
// Load environment variables
|
|
||||||
config();
|
|
||||||
|
|
||||||
interface GitHubAppConfig {
|
|
||||||
appId: string;
|
|
||||||
privateKey: string;
|
|
||||||
repoOwner: string;
|
|
||||||
repoName: string;
|
|
||||||
}
|
|
||||||
|
|
||||||
interface Installation {
|
|
||||||
id: number;
|
|
||||||
account: {
|
|
||||||
login: string;
|
|
||||||
type: string;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
interface Repository {
|
|
||||||
owner: {
|
|
||||||
login: string;
|
|
||||||
};
|
|
||||||
name: string;
|
|
||||||
}
|
|
||||||
|
|
||||||
interface InstallationTokenResponse {
|
|
||||||
token: string;
|
|
||||||
expires_at: string;
|
|
||||||
}
|
|
||||||
|
|
||||||
interface RepositoriesResponse {
|
|
||||||
repositories: Repository[];
|
|
||||||
}
|
|
||||||
|
|
||||||
class GitHubAppTokenGenerator {
|
|
||||||
private config: GitHubAppConfig;
|
|
||||||
|
|
||||||
constructor(config: GitHubAppConfig) {
|
|
||||||
// Process private key to handle escaped newlines
|
|
||||||
config.privateKey = config.privateKey.replace(/\\n/g, "\n");
|
|
||||||
this.config = config;
|
|
||||||
this.validateConfig();
|
|
||||||
}
|
|
||||||
|
|
||||||
private validateConfig(): void {
|
|
||||||
const { appId, privateKey, repoOwner, repoName } = this.config;
|
|
||||||
|
|
||||||
if (!appId) {
|
|
||||||
throw new Error("GITHUB_APP_ID environment variable is required");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!privateKey) {
|
|
||||||
throw new Error("GITHUB_PRIVATE_KEY environment variable is required");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!repoOwner || !repoName) {
|
|
||||||
throw new Error("REPO_OWNER and REPO_NAME environment variables are required");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!privateKey.includes("BEGIN") || !privateKey.includes("END")) {
|
|
||||||
throw new Error("GITHUB_PRIVATE_KEY must be in PEM format");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Generates a JWT for GitHub App authentication
|
|
||||||
*/
|
|
||||||
private generateJWT(): string {
|
|
||||||
const now = Math.floor(Date.now() / 1000);
|
|
||||||
const payload = {
|
|
||||||
iat: now - 60, // issued 1 minute ago to account for clock skew
|
|
||||||
exp: now + 5 * 60, // expires in 5 minutes
|
|
||||||
iss: this.config.appId,
|
|
||||||
};
|
|
||||||
|
|
||||||
const header = {
|
|
||||||
alg: "RS256",
|
|
||||||
typ: "JWT",
|
|
||||||
};
|
|
||||||
|
|
||||||
const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
|
|
||||||
const encodedPayload = this.base64UrlEncode(JSON.stringify(payload));
|
|
||||||
const signaturePart = `${encodedHeader}.${encodedPayload}`;
|
|
||||||
|
|
||||||
const signature = createSign("RSA-SHA256")
|
|
||||||
.update(signaturePart)
|
|
||||||
.sign(this.config.privateKey, "base64")
|
|
||||||
.replace(/\+/g, "-")
|
|
||||||
.replace(/\//g, "_")
|
|
||||||
.replace(/=/g, "");
|
|
||||||
|
|
||||||
return `${signaturePart}.${signature}`;
|
|
||||||
}
|
|
||||||
|
|
||||||
private base64UrlEncode(str: string): string {
|
|
||||||
return Buffer.from(str)
|
|
||||||
.toString("base64")
|
|
||||||
.replace(/\+/g, "-")
|
|
||||||
.replace(/\//g, "_")
|
|
||||||
.replace(/=/g, "");
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Makes authenticated requests to GitHub API
|
|
||||||
*/
|
|
||||||
private async githubRequest<T>(
|
|
||||||
path: string,
|
|
||||||
options: {
|
|
||||||
method?: string;
|
|
||||||
headers?: Record<string, string>;
|
|
||||||
body?: string;
|
|
||||||
} = {}
|
|
||||||
): Promise<T> {
|
|
||||||
const { method = "GET", headers = {}, body } = options;
|
|
||||||
|
|
||||||
const url = `https://api.github.com${path}`;
|
|
||||||
const requestHeaders = {
|
|
||||||
Accept: "application/vnd.github.v3+json",
|
|
||||||
"User-Agent": "Pullfrog-Installation-Token-Generator/1.0",
|
|
||||||
...headers,
|
|
||||||
};
|
|
||||||
|
|
||||||
const response = await fetch(url, {
|
|
||||||
method,
|
|
||||||
headers: requestHeaders,
|
|
||||||
...(body && { body }),
|
|
||||||
});
|
|
||||||
|
|
||||||
if (!response.ok) {
|
|
||||||
const errorText = await response.text();
|
|
||||||
throw new Error(
|
|
||||||
`GitHub API request failed: ${response.status} ${response.statusText}\n${errorText}`
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
return response.json() as T;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Finds the installation ID for the target repository
|
|
||||||
*/
|
|
||||||
private async findInstallationId(jwt: string): Promise<number> {
|
|
||||||
console.log("🔍 Finding GitHub App installation...");
|
|
||||||
|
|
||||||
const installations = await this.githubRequest<Installation[]>("/app/installations", {
|
|
||||||
headers: { Authorization: `Bearer ${jwt}` },
|
|
||||||
});
|
|
||||||
|
|
||||||
console.log(`📋 Found ${installations.length} installation(s)`);
|
|
||||||
|
|
||||||
// Check each installation for access to target repository
|
|
||||||
for (const installation of installations) {
|
|
||||||
console.log(`🔎 Checking installation ${installation.id} (${installation.account.login})`);
|
|
||||||
|
|
||||||
try {
|
|
||||||
// Create a temporary token to check repository access
|
|
||||||
const tempToken = await this.createInstallationToken(jwt, installation.id);
|
|
||||||
const hasAccess = await this.checkRepositoryAccess(tempToken);
|
|
||||||
|
|
||||||
if (hasAccess) {
|
|
||||||
console.log(
|
|
||||||
`✅ Installation ${installation.id} has access to ${this.config.repoOwner}/${this.config.repoName}`
|
|
||||||
);
|
|
||||||
return installation.id;
|
|
||||||
}
|
|
||||||
} catch (error) {
|
|
||||||
console.log(
|
|
||||||
`❌ Installation ${installation.id} check failed:`,
|
|
||||||
error instanceof Error ? error.message : String(error)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
throw new Error(
|
|
||||||
`No installation found with access to ${this.config.repoOwner}/${this.config.repoName}. ` +
|
|
||||||
"Ensure the GitHub App is installed on the target repository."
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Checks if the installation token has access to the target repository
|
|
||||||
*/
|
|
||||||
private async checkRepositoryAccess(token: string): Promise<boolean> {
|
|
||||||
try {
|
|
||||||
const response = await this.githubRequest<RepositoriesResponse>(
|
|
||||||
"/installation/repositories",
|
|
||||||
{
|
|
||||||
headers: { Authorization: `token ${token}` },
|
|
||||||
}
|
|
||||||
);
|
|
||||||
|
|
||||||
return response.repositories.some(
|
|
||||||
(repo) => repo.owner.login === this.config.repoOwner && repo.name === this.config.repoName
|
|
||||||
);
|
|
||||||
} catch {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates an installation access token
|
|
||||||
*/
|
|
||||||
private async createInstallationToken(jwt: string, installationId: number): Promise<string> {
|
|
||||||
const response = await this.githubRequest<InstallationTokenResponse>(
|
|
||||||
`/app/installations/${installationId}/access_tokens`,
|
|
||||||
{
|
|
||||||
method: "POST",
|
|
||||||
headers: { Authorization: `Bearer ${jwt}` },
|
|
||||||
}
|
|
||||||
);
|
|
||||||
|
|
||||||
return response.token;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Generates a new installation token for the configured repository
|
|
||||||
*/
|
|
||||||
async generateToken(): Promise<{
|
|
||||||
token: string;
|
|
||||||
installationId: number;
|
|
||||||
expiresAt: string;
|
|
||||||
}> {
|
|
||||||
console.log(
|
|
||||||
`🚀 Generating installation token for ${this.config.repoOwner}/${this.config.repoName}`
|
|
||||||
);
|
|
||||||
console.log(`📱 App ID: ${this.config.appId}`);
|
|
||||||
|
|
||||||
// Step 1: Generate JWT for app authentication
|
|
||||||
const jwt = this.generateJWT();
|
|
||||||
console.log("🔐 Generated JWT token");
|
|
||||||
|
|
||||||
// Step 2: Find installation with repository access
|
|
||||||
const installationId = await this.findInstallationId(jwt);
|
|
||||||
|
|
||||||
// Step 3: Create installation access token
|
|
||||||
console.log(`🎫 Creating installation token for installation ${installationId}...`);
|
|
||||||
const token = await this.createInstallationToken(jwt, installationId);
|
|
||||||
|
|
||||||
// Calculate expiration (GitHub tokens expire after 1 hour)
|
|
||||||
const expiresAt = new Date(Date.now() + 60 * 60 * 1000).toISOString();
|
|
||||||
|
|
||||||
console.log("✅ Installation token generated successfully!");
|
|
||||||
console.log(`🎟️ Token: ${token.substring(0, 20)}...`);
|
|
||||||
console.log(`📅 Expires: ${expiresAt}`);
|
|
||||||
console.log(`🏢 Installation ID: ${installationId}`);
|
|
||||||
|
|
||||||
return { token, installationId, expiresAt };
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Updates the .env file with the new installation token
|
|
||||||
*/
|
|
||||||
updateEnvFile(token: string): void {
|
|
||||||
const envPath = join(process.cwd(), ".env");
|
|
||||||
|
|
||||||
try {
|
|
||||||
let envContent = readFileSync(envPath, "utf8");
|
|
||||||
|
|
||||||
// Update or add the installation token
|
|
||||||
const tokenLine = `GITHUB_INSTALLATION_TOKEN=${token}`;
|
|
||||||
const tokenRegex = /^GITHUB_INSTALLATION_TOKEN=.*$/m;
|
|
||||||
|
|
||||||
if (tokenRegex.test(envContent)) {
|
|
||||||
envContent = envContent.replace(tokenRegex, tokenLine);
|
|
||||||
} else {
|
|
||||||
envContent += `\n${tokenLine}\n`;
|
|
||||||
}
|
|
||||||
|
|
||||||
writeFileSync(envPath, envContent);
|
|
||||||
console.log(`📝 Updated ${envPath} with new installation token`);
|
|
||||||
} catch (error) {
|
|
||||||
console.error(
|
|
||||||
"❌ Failed to update .env file:",
|
|
||||||
error instanceof Error ? error.message : String(error)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* CLI interface
|
|
||||||
*/
|
|
||||||
async function main(): Promise<void> {
|
|
||||||
try {
|
|
||||||
const args = process.argv.slice(2);
|
|
||||||
const updateEnv = args.includes("--update-env");
|
|
||||||
|
|
||||||
// Parse repository from args if provided
|
|
||||||
const repoArg = args.find((arg) => arg.startsWith("--repo="));
|
|
||||||
let repoOwner = process.env.REPO_OWNER || "pullfrogai";
|
|
||||||
let repoName = process.env.REPO_NAME || "scratch";
|
|
||||||
|
|
||||||
if (repoArg) {
|
|
||||||
const [owner, name] = repoArg.split("=")[1].split("/");
|
|
||||||
if (owner && name) {
|
|
||||||
repoOwner = owner;
|
|
||||||
repoName = name;
|
|
||||||
} else {
|
|
||||||
throw new Error("Invalid --repo format. Use: --repo=owner/name");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
const config: GitHubAppConfig = {
|
|
||||||
appId: process.env.GITHUB_APP_ID!,
|
|
||||||
privateKey: process.env.GITHUB_PRIVATE_KEY!,
|
|
||||||
repoOwner,
|
|
||||||
repoName,
|
|
||||||
};
|
|
||||||
|
|
||||||
const generator = new GitHubAppTokenGenerator(config);
|
|
||||||
const result = await generator.generateToken();
|
|
||||||
|
|
||||||
if (updateEnv) {
|
|
||||||
generator.updateEnvFile(result.token);
|
|
||||||
}
|
|
||||||
|
|
||||||
console.log("\n🎉 Token generation complete!");
|
|
||||||
|
|
||||||
if (!updateEnv) {
|
|
||||||
console.log("\n💡 To automatically update your .env file, run with --update-env flag");
|
|
||||||
}
|
|
||||||
} catch (error) {
|
|
||||||
console.error("❌ Error:", error instanceof Error ? error.message : String(error));
|
|
||||||
process.exit(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Run if called directly
|
|
||||||
if (import.meta.url === `file://${process.argv[1]}`) {
|
|
||||||
main();
|
|
||||||
}
|
|
||||||
|
|
||||||
export { GitHubAppTokenGenerator };
|
|
||||||
@@ -12,27 +12,21 @@ const tempDir = join(__dirname, "..", ".temp");
|
|||||||
const actionPath = join(__dirname, "..");
|
const actionPath = join(__dirname, "..");
|
||||||
const envPath = join(__dirname, "..", "..", ".env");
|
const envPath = join(__dirname, "..", "..", ".env");
|
||||||
|
|
||||||
// Environment variables that should be passed as secrets to the workflow
|
|
||||||
const ENV_VARS = ["ANTHROPIC_API_KEY", "GITHUB_INSTALLATION_TOKEN"];
|
const ENV_VARS = ["ANTHROPIC_API_KEY", "GITHUB_INSTALLATION_TOKEN"];
|
||||||
|
|
||||||
export function runAct(prompt: string): void {
|
export function runAct(prompt: string): void {
|
||||||
// Setup test repository
|
|
||||||
setupTestRepo({ tempDir });
|
setupTestRepo({ tempDir });
|
||||||
|
|
||||||
// Load environment variables
|
|
||||||
config({ path: envPath });
|
config({ path: envPath });
|
||||||
|
|
||||||
// Build action bundles
|
|
||||||
buildAction(actionPath);
|
buildAction(actionPath);
|
||||||
|
|
||||||
const workflowPath = join(tempDir, ".github", "workflows", "pullfrog.yml");
|
const workflowPath = join(tempDir, ".github", "workflows", "pullfrog.yml");
|
||||||
|
|
||||||
// Create minimal dist for act (avoids pnpm symlink issues)
|
|
||||||
const distPath = join(actionPath, ".act-dist");
|
const distPath = join(actionPath, ".act-dist");
|
||||||
console.log("📦 Creating minimal distribution for act...");
|
console.log("📦 Creating minimal distribution for act...");
|
||||||
execSync(`rm -rf "${distPath}" && mkdir -p "${distPath}"`, { shell: "/bin/bash" });
|
execSync(`rm -rf "${distPath}" && mkdir -p "${distPath}"`, { shell: "/bin/bash" });
|
||||||
|
|
||||||
// Copy only necessary files (bundled, no node_modules needed)
|
|
||||||
["action.yml", "entry.cjs", "index.cjs", "package.json"].forEach((file) => {
|
["action.yml", "entry.cjs", "index.cjs", "package.json"].forEach((file) => {
|
||||||
const src = join(actionPath, file);
|
const src = join(actionPath, file);
|
||||||
if (existsSync(src)) {
|
if (existsSync(src)) {
|
||||||
@@ -41,8 +35,6 @@ export function runAct(prompt: string): void {
|
|||||||
});
|
});
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Build the act command with input directly
|
|
||||||
// Properly escape the prompt for shell
|
|
||||||
const escapedPrompt = prompt.replace(/'/g, "'\\''");
|
const escapedPrompt = prompt.replace(/'/g, "'\\''");
|
||||||
|
|
||||||
const actCommandParts = [
|
const actCommandParts = [
|
||||||
@@ -56,14 +48,12 @@ export function runAct(prompt: string): void {
|
|||||||
`pullfrog/action@v0=${distPath}`, // Use minimal dist without symlinks
|
`pullfrog/action@v0=${distPath}`, // Use minimal dist without symlinks
|
||||||
];
|
];
|
||||||
|
|
||||||
// Add environment variables as secrets that will be available to the workflow
|
|
||||||
ENV_VARS.forEach((key) => {
|
ENV_VARS.forEach((key) => {
|
||||||
if (process.env[key]) {
|
if (process.env[key]) {
|
||||||
actCommandParts.push("-s", key);
|
actCommandParts.push("-s", key);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
// We only need the specific ENV_VARS, no need to add other variables
|
|
||||||
|
|
||||||
const actCommand = actCommandParts.join(" ");
|
const actCommand = actCommandParts.join(" ");
|
||||||
|
|
||||||
@@ -73,15 +63,12 @@ export function runAct(prompt: string): void {
|
|||||||
console.log("─".repeat(50));
|
console.log("─".repeat(50));
|
||||||
console.log("");
|
console.log("");
|
||||||
|
|
||||||
// Execute act
|
|
||||||
execSync(actCommand, {
|
execSync(actCommand, {
|
||||||
stdio: "inherit",
|
stdio: "inherit",
|
||||||
cwd: join(__dirname, "..", ".."),
|
cwd: join(__dirname, "..", ".."),
|
||||||
});
|
});
|
||||||
// Clean up
|
|
||||||
execSync(`rm -rf "${distPath}"`);
|
execSync(`rm -rf "${distPath}"`);
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
// Clean up on error
|
|
||||||
execSync(`rm -rf "${distPath}"`);
|
execSync(`rm -rf "${distPath}"`);
|
||||||
console.error("❌ Act execution failed:", (error as Error).message);
|
console.error("❌ Act execution failed:", (error as Error).message);
|
||||||
process.exit(1);
|
process.exit(1);
|
||||||
|
|||||||
+229
-48
@@ -1,4 +1,6 @@
|
|||||||
|
import { createSign } from "node:crypto";
|
||||||
import * as core from "@actions/core";
|
import * as core from "@actions/core";
|
||||||
|
import { resolveRepoContext } from "./repo-context.ts";
|
||||||
|
|
||||||
export interface InstallationToken {
|
export interface InstallationToken {
|
||||||
token: string;
|
token: string;
|
||||||
@@ -10,62 +12,241 @@ export interface InstallationToken {
|
|||||||
owner?: string;
|
owner?: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
interface GitHubAppConfig {
|
||||||
|
appId: string;
|
||||||
|
privateKey: string;
|
||||||
|
repoOwner: string;
|
||||||
|
repoName: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Installation {
|
||||||
|
id: number;
|
||||||
|
account: {
|
||||||
|
login: string;
|
||||||
|
type: string;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Repository {
|
||||||
|
owner: {
|
||||||
|
login: string;
|
||||||
|
};
|
||||||
|
name: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface InstallationTokenResponse {
|
||||||
|
token: string;
|
||||||
|
expires_at: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface RepositoriesResponse {
|
||||||
|
repositories: Repository[];
|
||||||
|
}
|
||||||
|
|
||||||
|
function checkExistingToken(): string | null {
|
||||||
|
const inputToken = core.getInput("github_installation_token");
|
||||||
|
const envToken = process.env.GITHUB_INSTALLATION_TOKEN;
|
||||||
|
return inputToken || envToken || null;
|
||||||
|
}
|
||||||
|
|
||||||
|
function isGitHubActionsEnvironment(): boolean {
|
||||||
|
return Boolean(process.env.GITHUB_ACTIONS);
|
||||||
|
}
|
||||||
|
|
||||||
|
async function acquireTokenViaOIDC(): Promise<string> {
|
||||||
|
core.info("Generating OIDC token...");
|
||||||
|
|
||||||
|
const oidcToken = await core.getIDToken("pullfrog-api");
|
||||||
|
core.info("OIDC token generated successfully");
|
||||||
|
|
||||||
|
const apiUrl = process.env.API_URL || "https://pullfrog.ai";
|
||||||
|
|
||||||
|
core.info("Exchanging OIDC token for installation token...");
|
||||||
|
const tokenResponse = await fetch(`${apiUrl}/api/github/installation-token`, {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${oidcToken}`,
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!tokenResponse.ok) {
|
||||||
|
const errorText = await tokenResponse.text();
|
||||||
|
throw new Error(
|
||||||
|
`Token exchange failed: ${tokenResponse.status} ${tokenResponse.statusText} - ${errorText}`
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
const tokenData = (await tokenResponse.json()) as InstallationToken;
|
||||||
|
core.info(`Installation token obtained for ${tokenData.repository || "all repositories"}`);
|
||||||
|
|
||||||
|
return tokenData.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
const base64UrlEncode = (str: string): string => {
|
||||||
|
return Buffer.from(str)
|
||||||
|
.toString("base64")
|
||||||
|
.replace(/\+/g, "-")
|
||||||
|
.replace(/\//g, "_")
|
||||||
|
.replace(/=/g, "");
|
||||||
|
};
|
||||||
|
|
||||||
|
const generateJWT = (appId: string, privateKey: string): string => {
|
||||||
|
const now = Math.floor(Date.now() / 1000);
|
||||||
|
const payload = {
|
||||||
|
iat: now - 60,
|
||||||
|
exp: now + 5 * 60,
|
||||||
|
iss: appId,
|
||||||
|
};
|
||||||
|
|
||||||
|
const header = {
|
||||||
|
alg: "RS256",
|
||||||
|
typ: "JWT",
|
||||||
|
};
|
||||||
|
|
||||||
|
const encodedHeader = base64UrlEncode(JSON.stringify(header));
|
||||||
|
const encodedPayload = base64UrlEncode(JSON.stringify(payload));
|
||||||
|
const signaturePart = `${encodedHeader}.${encodedPayload}`;
|
||||||
|
|
||||||
|
const signature = createSign("RSA-SHA256")
|
||||||
|
.update(signaturePart)
|
||||||
|
.sign(privateKey, "base64")
|
||||||
|
.replace(/\+/g, "-")
|
||||||
|
.replace(/\//g, "_")
|
||||||
|
.replace(/=/g, "");
|
||||||
|
|
||||||
|
return `${signaturePart}.${signature}`;
|
||||||
|
};
|
||||||
|
|
||||||
|
const githubRequest = async <T>(
|
||||||
|
path: string,
|
||||||
|
options: {
|
||||||
|
method?: string;
|
||||||
|
headers?: Record<string, string>;
|
||||||
|
body?: string;
|
||||||
|
} = {}
|
||||||
|
): Promise<T> => {
|
||||||
|
const { method = "GET", headers = {}, body } = options;
|
||||||
|
|
||||||
|
const url = `https://api.github.com${path}`;
|
||||||
|
const requestHeaders = {
|
||||||
|
Accept: "application/vnd.github.v3+json",
|
||||||
|
"User-Agent": "Pullfrog-Installation-Token-Generator/1.0",
|
||||||
|
...headers,
|
||||||
|
};
|
||||||
|
|
||||||
|
const response = await fetch(url, {
|
||||||
|
method,
|
||||||
|
headers: requestHeaders,
|
||||||
|
...(body && { body }),
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!response.ok) {
|
||||||
|
const errorText = await response.text();
|
||||||
|
throw new Error(
|
||||||
|
`GitHub API request failed: ${response.status} ${response.statusText}\n${errorText}`
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
return response.json() as T;
|
||||||
|
};
|
||||||
|
|
||||||
|
const checkRepositoryAccess = async (
|
||||||
|
token: string,
|
||||||
|
repoOwner: string,
|
||||||
|
repoName: string
|
||||||
|
): Promise<boolean> => {
|
||||||
|
try {
|
||||||
|
const response = await githubRequest<RepositoriesResponse>("/installation/repositories", {
|
||||||
|
headers: { Authorization: `token ${token}` },
|
||||||
|
});
|
||||||
|
|
||||||
|
return response.repositories.some(
|
||||||
|
(repo) => repo.owner.login === repoOwner && repo.name === repoName
|
||||||
|
);
|
||||||
|
} catch {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
const createInstallationToken = async (jwt: string, installationId: number): Promise<string> => {
|
||||||
|
const response = await githubRequest<InstallationTokenResponse>(
|
||||||
|
`/app/installations/${installationId}/access_tokens`,
|
||||||
|
{
|
||||||
|
method: "POST",
|
||||||
|
headers: { Authorization: `Bearer ${jwt}` },
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
return response.token;
|
||||||
|
};
|
||||||
|
|
||||||
|
const findInstallationId = async (
|
||||||
|
jwt: string,
|
||||||
|
repoOwner: string,
|
||||||
|
repoName: string
|
||||||
|
): Promise<number> => {
|
||||||
|
const installations = await githubRequest<Installation[]>("/app/installations", {
|
||||||
|
headers: { Authorization: `Bearer ${jwt}` },
|
||||||
|
});
|
||||||
|
|
||||||
|
for (const installation of installations) {
|
||||||
|
try {
|
||||||
|
const tempToken = await createInstallationToken(jwt, installation.id);
|
||||||
|
const hasAccess = await checkRepositoryAccess(tempToken, repoOwner, repoName);
|
||||||
|
|
||||||
|
if (hasAccess) {
|
||||||
|
return installation.id;
|
||||||
|
}
|
||||||
|
} catch {}
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new Error(
|
||||||
|
`No installation found with access to ${repoOwner}/${repoName}. ` +
|
||||||
|
"Ensure the GitHub App is installed on the target repository."
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
async function acquireTokenViaGitHubApp(): Promise<string> {
|
||||||
|
const repoContext = resolveRepoContext();
|
||||||
|
|
||||||
|
const config: GitHubAppConfig = {
|
||||||
|
appId: process.env.GITHUB_APP_ID!,
|
||||||
|
privateKey: process.env.GITHUB_PRIVATE_KEY?.replace(/\\n/g, "\n")!,
|
||||||
|
repoOwner: repoContext.owner,
|
||||||
|
repoName: repoContext.name,
|
||||||
|
};
|
||||||
|
|
||||||
|
const jwt = generateJWT(config.appId, config.privateKey);
|
||||||
|
const installationId = await findInstallationId(jwt, config.repoOwner, config.repoName);
|
||||||
|
const token = await createInstallationToken(jwt, installationId);
|
||||||
|
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
|
||||||
|
async function acquireNewToken(): Promise<string> {
|
||||||
|
if (isGitHubActionsEnvironment()) {
|
||||||
|
return await acquireTokenViaOIDC();
|
||||||
|
} else {
|
||||||
|
return await acquireTokenViaGitHubApp();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Setup GitHub installation token for the action
|
* Setup GitHub installation token for the action
|
||||||
*/
|
*/
|
||||||
export async function setupGitHubInstallationToken(): Promise<string> {
|
export async function setupGitHubInstallationToken(): Promise<string> {
|
||||||
// Check if we have an installation token from inputs or environment
|
const existingToken = checkExistingToken();
|
||||||
const inputToken = core.getInput("github_installation_token");
|
|
||||||
const envToken = process.env.GITHUB_INSTALLATION_TOKEN;
|
|
||||||
|
|
||||||
const existingToken = inputToken || envToken;
|
|
||||||
if (existingToken) {
|
if (existingToken) {
|
||||||
// Mask the existing token in logs for security
|
|
||||||
core.setSecret(existingToken);
|
core.setSecret(existingToken);
|
||||||
core.info("Using provided GitHub installation token");
|
core.info("Using provided GitHub installation token");
|
||||||
return existingToken;
|
return existingToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
core.info("Generating OIDC token...");
|
const token = await acquireNewToken();
|
||||||
|
|
||||||
try {
|
core.setSecret(token);
|
||||||
// Generate OIDC token for our API
|
process.env.GITHUB_INSTALLATION_TOKEN = token;
|
||||||
const oidcToken = await core.getIDToken("pullfrog-api");
|
|
||||||
core.info("OIDC token generated successfully");
|
return token;
|
||||||
|
|
||||||
// Exchange OIDC token for installation token
|
|
||||||
const apiUrl = process.env.API_URL || "https://pullfrog.ai";
|
|
||||||
|
|
||||||
core.info("Exchanging OIDC token for installation token...");
|
|
||||||
const tokenResponse = await fetch(`${apiUrl}/api/github/installation-token`, {
|
|
||||||
method: "POST",
|
|
||||||
headers: {
|
|
||||||
Authorization: `Bearer ${oidcToken}`,
|
|
||||||
"Content-Type": "application/json",
|
|
||||||
},
|
|
||||||
});
|
|
||||||
|
|
||||||
if (!tokenResponse.ok) {
|
|
||||||
const errorText = await tokenResponse.text();
|
|
||||||
throw new Error(
|
|
||||||
`Token exchange failed: ${tokenResponse.status} ${tokenResponse.statusText} - ${errorText}`
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
// This type is enforced by us when the response is created
|
|
||||||
const tokenData = (await tokenResponse.json()) as InstallationToken;
|
|
||||||
core.info(`Installation token obtained for ${tokenData.repository || "all repositories"}`);
|
|
||||||
|
|
||||||
// Mask the token in logs for security
|
|
||||||
core.setSecret(tokenData.token);
|
|
||||||
|
|
||||||
// Set the token as an environment variable for this run
|
|
||||||
process.env.GITHUB_INSTALLATION_TOKEN = tokenData.token;
|
|
||||||
|
|
||||||
return tokenData.token;
|
|
||||||
} catch (error) {
|
|
||||||
throw new Error(
|
|
||||||
`Failed to setup GitHub installation token: ${error instanceof Error ? error.message : "Unknown error"}`
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,22 @@
|
|||||||
|
export interface RepoContext {
|
||||||
|
owner: string;
|
||||||
|
name: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Resolve repository context from GITHUB_REPOSITORY environment variable.
|
||||||
|
* Throws if not available.
|
||||||
|
*/
|
||||||
|
export function resolveRepoContext(): RepoContext {
|
||||||
|
const githubRepo = process.env.GITHUB_REPOSITORY;
|
||||||
|
if (!githubRepo) {
|
||||||
|
throw new Error('GITHUB_REPOSITORY environment variable is required');
|
||||||
|
}
|
||||||
|
|
||||||
|
const [owner, name] = githubRepo.split('/');
|
||||||
|
if (!owner || !name) {
|
||||||
|
throw new Error(`Invalid GITHUB_REPOSITORY format: ${githubRepo}. Expected 'owner/repo'`);
|
||||||
|
}
|
||||||
|
|
||||||
|
return { owner, name };
|
||||||
|
}
|
||||||
@@ -17,13 +17,11 @@ export function setupTestRepo(options: SetupOptions): void {
|
|||||||
forceClean = false,
|
forceClean = false,
|
||||||
} = options;
|
} = options;
|
||||||
|
|
||||||
// Handle existing temp directory
|
|
||||||
if (existsSync(tempDir)) {
|
if (existsSync(tempDir)) {
|
||||||
if (forceClean) {
|
if (forceClean) {
|
||||||
console.log("🗑️ Removing existing .temp directory...");
|
console.log("🗑️ Removing existing .temp directory...");
|
||||||
rmSync(tempDir, { recursive: true, force: true });
|
rmSync(tempDir, { recursive: true, force: true });
|
||||||
|
|
||||||
// Clone the repository
|
|
||||||
console.log("📦 Cloning pullfrogai/scratch into .temp...");
|
console.log("📦 Cloning pullfrogai/scratch into .temp...");
|
||||||
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" });
|
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" });
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
+1
-10
@@ -28,13 +28,11 @@ export async function spawn(options: SpawnOptions): Promise<SpawnResult> {
|
|||||||
let stderrBuffer = "";
|
let stderrBuffer = "";
|
||||||
|
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
// Spawn the child process
|
|
||||||
const child = nodeSpawn(cmd, args, {
|
const child = nodeSpawn(cmd, args, {
|
||||||
env: env ? { ...process.env, ...env } : process.env,
|
env: env ? { ...process.env, ...env } : process.env,
|
||||||
stdio: ["pipe", "pipe", "pipe"],
|
stdio: ["pipe", "pipe", "pipe"],
|
||||||
});
|
});
|
||||||
|
|
||||||
// Set up timeout if specified
|
|
||||||
let timeoutId: NodeJS.Timeout | undefined;
|
let timeoutId: NodeJS.Timeout | undefined;
|
||||||
let isTimedOut = false;
|
let isTimedOut = false;
|
||||||
|
|
||||||
@@ -43,7 +41,6 @@ export async function spawn(options: SpawnOptions): Promise<SpawnResult> {
|
|||||||
isTimedOut = true;
|
isTimedOut = true;
|
||||||
child.kill("SIGTERM");
|
child.kill("SIGTERM");
|
||||||
|
|
||||||
// If SIGTERM doesn't work, use SIGKILL after 5 seconds
|
|
||||||
setTimeout(() => {
|
setTimeout(() => {
|
||||||
if (!child.killed) {
|
if (!child.killed) {
|
||||||
child.kill("SIGKILL");
|
child.kill("SIGKILL");
|
||||||
@@ -52,7 +49,6 @@ export async function spawn(options: SpawnOptions): Promise<SpawnResult> {
|
|||||||
}, timeout);
|
}, timeout);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle stdout streaming
|
|
||||||
if (child.stdout) {
|
if (child.stdout) {
|
||||||
child.stdout.on("data", (data: Buffer) => {
|
child.stdout.on("data", (data: Buffer) => {
|
||||||
const chunk = data.toString();
|
const chunk = data.toString();
|
||||||
@@ -61,7 +57,6 @@ export async function spawn(options: SpawnOptions): Promise<SpawnResult> {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle stderr streaming
|
|
||||||
if (child.stderr) {
|
if (child.stderr) {
|
||||||
child.stderr.on("data", (data: Buffer) => {
|
child.stderr.on("data", (data: Buffer) => {
|
||||||
const chunk = data.toString();
|
const chunk = data.toString();
|
||||||
@@ -70,7 +65,6 @@ export async function spawn(options: SpawnOptions): Promise<SpawnResult> {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle process completion
|
|
||||||
child.on("close", (exitCode) => {
|
child.on("close", (exitCode) => {
|
||||||
const durationMs = Date.now() - startTime;
|
const durationMs = Date.now() - startTime;
|
||||||
|
|
||||||
@@ -91,15 +85,13 @@ export async function spawn(options: SpawnOptions): Promise<SpawnResult> {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
// Handle process errors
|
child.on("error", (_error) => {
|
||||||
child.on("error", (error) => {
|
|
||||||
const durationMs = Date.now() - startTime;
|
const durationMs = Date.now() - startTime;
|
||||||
|
|
||||||
if (timeoutId) {
|
if (timeoutId) {
|
||||||
clearTimeout(timeoutId);
|
clearTimeout(timeoutId);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Still return buffered output even on error
|
|
||||||
resolve({
|
resolve({
|
||||||
stdout: stdoutBuffer,
|
stdout: stdoutBuffer,
|
||||||
stderr: stderrBuffer,
|
stderr: stderrBuffer,
|
||||||
@@ -108,7 +100,6 @@ export async function spawn(options: SpawnOptions): Promise<SpawnResult> {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
// Send input if provided
|
|
||||||
if (input && child.stdin) {
|
if (input && child.stdin) {
|
||||||
child.stdin.write(input);
|
child.stdin.write(input);
|
||||||
child.stdin.end();
|
child.stdin.end();
|
||||||
|
|||||||
+2
-32
@@ -22,8 +22,8 @@ export function tableString(
|
|||||||
},
|
},
|
||||||
} = options || {};
|
} = options || {};
|
||||||
|
|
||||||
if (options?.title) {
|
if (title) {
|
||||||
rows.unshift([options.title]);
|
rows.unshift([title]);
|
||||||
}
|
}
|
||||||
|
|
||||||
const tableOutput = table(rows, {
|
const tableOutput = table(rows, {
|
||||||
@@ -140,33 +140,3 @@ export function boxString(
|
|||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
// /**
|
|
||||||
// * Create a simple two-column table for displaying key-value pairs
|
|
||||||
// * @param data - Array of [key, value] pairs
|
|
||||||
// * @param title - Optional table title
|
|
||||||
// * @param indent - Optional indentation string
|
|
||||||
// */
|
|
||||||
// export function printKeyValueTable(
|
|
||||||
// data: [string, string][],
|
|
||||||
// title?: string,
|
|
||||||
// indent?: string
|
|
||||||
// ): void {
|
|
||||||
// const rows: string[][] = [["Key", "Value"], ...data];
|
|
||||||
// const options: Parameters<typeof printTable>[1] = {};
|
|
||||||
// if (title !== undefined) options.title = title;
|
|
||||||
// if (indent !== undefined) options.indent = indent;
|
|
||||||
// printTable(rows, options);
|
|
||||||
// }
|
|
||||||
|
|
||||||
// /**
|
|
||||||
// * Create a path resolution table (specific use case)
|
|
||||||
// * @param pathData - Array of [location, resolvedPath] pairs
|
|
||||||
// * @param indent - Optional indentation string
|
|
||||||
// */
|
|
||||||
// export function printPathTable(pathData: [string, string][], indent?: string): void {
|
|
||||||
// const rows: string[][] = [["Location", "Resolved path"], ...pathData];
|
|
||||||
// const options: Parameters<typeof printTable>[1] = {};
|
|
||||||
// if (indent !== undefined) options.indent = indent;
|
|
||||||
// printTable(rows, options);
|
|
||||||
// }
|
|
||||||
|
|||||||
Reference in New Issue
Block a user