Compare commits

...

22 Commits

Author SHA1 Message Date
David Blass 16e04e7152 bump version 2025-10-08 16:49:12 -04:00
David Blass 522779ef54 bump version 2025-10-08 16:47:03 -04:00
David Blass d3d2dad025 no-frozen-lockfile 2025-10-08 16:46:52 -04:00
David Blass 66bf86f081 bump version 2025-10-08 16:42:55 -04:00
David Blass 608322f026 use frozen lockfile in ci 2025-10-08 16:42:09 -04:00
David Blass e3a3d416fb bump version 2025-10-08 16:33:04 -04:00
David Blass f0e339f5c2 big 2025-10-08 16:21:10 -04:00
David Blass 87d32763e9 fix 2025-10-08 15:19:02 -04:00
ssalbdivad 671334f37d embarrassing 2025-10-08 14:07:28 -04:00
David Blass 267ed3686f bump version 2025-09-24 13:52:37 -04:00
David Blass ff1226a824 fix input type 2025-09-24 13:52:18 -04:00
ssalbdivad e13c5eed00 cleanup, add InstallationToken type 2025-09-23 12:48:35 -04:00
Colin McDonnell f2a1c3c1bb Update 2025-09-16 03:22:50 -07:00
Colin McDonnell e672deb934 Update 2025-09-16 03:22:12 -07:00
Colin McDonnell 70b365fca1 Clean up msgs 2025-09-10 15:01:45 -07:00
Colin McDonnell 5c8b03a427 Lock 2025-09-10 00:56:50 -07:00
Colin McDonnell 92225d30c5 No frozen lockfile 2025-09-10 00:36:03 -07:00
Colin McDonnell 3630ba6618 0.0.8 2025-09-10 00:32:54 -07:00
Colin McDonnell 6a03bb8e1b Update precommit 2025-09-10 00:31:21 -07:00
Colin McDonnell 3139f541e4 feat: integrate OIDC token exchange in GitHub Action
- Add setupGitHubInstallationToken utility for OIDC token generation
- Implement automatic token exchange with Pullfrog API endpoint
- Add support for multiple authentication methods (input, env, OIDC)
- Create setup utilities for test repository management
- Update action entry point to handle new token flow
- Add environment variable documentation for API key
- Remove large bundled dependencies and optimize build
- Support both development and production token workflows
2025-09-10 00:30:45 -07:00
Colin McDonnell c5b9c7cfc4 Tweak 2025-09-09 17:19:59 -07:00
Colin McDonnell 7a14716481 Disable npm publishing for now 2025-09-09 16:58:30 -07:00
25 changed files with 2388 additions and 26573 deletions
+7 -17
View File
@@ -34,7 +34,7 @@ jobs:
registry-url: "https://registry.npmjs.org" registry-url: "https://registry.npmjs.org"
- name: Install dependencies - name: Install dependencies
run: pnpm install run: pnpm install --no-frozen-lockfile
- name: Get package version - name: Get package version
id: version id: version
@@ -95,24 +95,14 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with: with:
tag_name: ${{ steps.version.outputs.tag }} tag_name: ${{ steps.version.outputs.tag }}
release_name: "@pullfrog/action ${{ steps.version.outputs.tag }}" release_name: "${{ steps.version.outputs.tag }}"
body: | body: |
## 📦 @pullfrog/action ${{ steps.version.outputs.version }} ## 📦 @pullfrog/action ${{ steps.version.outputs.version }}
### Usage in GitHub Actions ### Usage in GitHub Actions
Use the major version tag for automatic updates:
```yaml ```yaml
- uses: pullfrog/action@${{ steps.version.outputs.major_tag }} - uses: pullfrog/action@${{ steps.version.outputs.major_tag }}
with:
message: "Your message here"
```
Or pin to this specific version:
```yaml
- uses: pullfrog/action@${{ steps.version.outputs.tag }}
with:
message: "Your message here"
``` ```
### Installation via npm ### Installation via npm
@@ -123,11 +113,11 @@ jobs:
draft: false draft: false
prerelease: false prerelease: false
- name: Publish to npm # - name: Publish to npm
if: steps.check_tag.outputs.exists == 'false' # if: steps.check_tag.outputs.exists == 'false'
run: npm publish --access public # run: npm publish --access public
env: # env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Summary - name: Summary
if: always() if: always()
+1 -1
View File
@@ -3,4 +3,4 @@ echo "🔨 Building action..."
npm run build npm run build
# Add the built files to the commit # Add the built files to the commit
git add index.cjs entry.cjs git add entry.cjs
+299
View File
@@ -0,0 +1,299 @@
# Claude Code Action Architecture & Flow
This document provides a comprehensive overview of how the official (Anthropic) Claude Code Action works, from token exchange through post-run cleanup.
## Overview
The Claude Code Action is a sophisticated GitHub automation platform that enables Claude to interact with GitHub repositories through secure token exchange, intelligent mode detection, and comprehensive GitHub API integration.
## High-Level Architecture
```mermaid
graph TD
Start([GitHub Action Triggered]) --> Setup[Setup Environment<br/>- Install Bun<br/>- Install Dependencies]
Setup --> ParseContext[Parse GitHub Context<br/>- Extract event data<br/>- Parse inputs]
ParseContext --> ModeDetection{Mode Detection}
ModeDetection -->|Has explicit prompt| AgentMode[AGENT MODE<br/>Direct automation]
ModeDetection -->|@claude mention/assignment/label| TagMode[TAG MODE<br/>Interactive response]
ModeDetection -->|No trigger| DefaultAgent[Default to Agent<br/>(won't trigger)]
%% Token Exchange Branch
AgentMode --> TokenExchange[Token Exchange Process]
TagMode --> TokenExchange
TokenExchange --> TokenMethod{Token Method}
TokenMethod -->|Custom token provided| UseCustom[Use Custom GitHub Token]
TokenMethod -->|No custom token| OIDC[Generate OIDC Token<br/>core.getIDToken()]
OIDC --> Exchange[Exchange OIDC for App Token<br/>api.anthropic.com/api/github/github-app-token-exchange]
Exchange --> CreateOctokit[Create Authenticated Octokit Client<br/>REST + GraphQL]
UseCustom --> CreateOctokit
%% Permission Checks
CreateOctokit --> PermCheck[Check Write Permissions<br/>Only for entity contexts]
PermCheck -->|No permissions| PermFail[❌ Exit: No write access]
PermCheck -->|Has permissions| TriggerCheck{Check Trigger Conditions}
%% Trigger Validation
TriggerCheck -->|Agent Mode| AgentTrigger{Has explicit prompt?}
TriggerCheck -->|Tag Mode| TagTrigger{Contains @claude mention<br/>or assignment/label?}
AgentTrigger -->|No prompt| NoTrigger[❌ Skip: No trigger found]
AgentTrigger -->|Has prompt| PrepareAgent[Prepare Agent Mode]
TagTrigger -->|No mention| NoTrigger
TagTrigger -->|Has mention| PrepareTag[Prepare Tag Mode]
%% Mode-Specific Preparation
PrepareAgent --> AgentPrep[Agent Mode Preparation<br/>- Create prompt file<br/>- Setup MCP servers<br/>- No tracking comment]
PrepareTag --> TagPrep[Tag Mode Preparation<br/>- Create tracking comment<br/>- Setup branches<br/>- Fetch GitHub data<br/>- Setup MCP servers]
%% Data Fetching (Tag Mode)
TagPrep --> DataFetch[Fetch GitHub Data<br/>GraphQL + REST API]
DataFetch --> FetchWhat{What to fetch?}
FetchWhat -->|Pull Request| PRData[PR Data:<br/>- Comments & reviews<br/>- Changed files + SHAs<br/>- Commit history<br/>- Author info]
FetchWhat -->|Issue| IssueData[Issue Data:<br/>- Comments<br/>- Issue details<br/>- Author info]
PRData --> ProcessImages[Process Images<br/>Download & convert to base64]
IssueData --> ProcessImages
ProcessImages --> SetupBranch[Setup Branch<br/>- Create Claude branch<br/>- Configure git auth]
%% MCP Server Setup
AgentPrep --> MCPSetup[Setup MCP Servers]
SetupBranch --> MCPSetup
MCPSetup --> MCPServers{MCP Servers}
MCPServers --> GitHubActions[GitHub Actions Server<br/>- Workflow data<br/>- CI results]
MCPServers --> GitHubComments[GitHub Comment Server<br/>- Comment operations]
MCPServers --> GitHubFiles[GitHub File Ops Server<br/>- File operations<br/>- Branch management]
MCPServers --> GitHubInline[GitHub Inline Comment Server<br/>- PR review comments]
GitHubActions --> PromptGen[Generate Prompt]
GitHubComments --> PromptGen
GitHubFiles --> PromptGen
GitHubInline --> PromptGen
%% Prompt Generation
PromptGen --> PromptType{Prompt Type}
PromptType -->|Agent Mode| AgentPrompt[Agent Prompt:<br/>- Direct user prompt<br/>- Minimal context]
PromptType -->|Tag Mode| TagPrompt[Tag Prompt:<br/>- Rich GitHub context<br/>- PR/Issue details<br/>- Changed files<br/>- Comments & reviews<br/>- Commit instructions]
AgentPrompt --> ClaudeRun[Run Claude Code]
TagPrompt --> ClaudeRun
%% Claude Execution
ClaudeRun --> ClaudeExec[Claude Code Execution<br/>base-action/src/index.ts]
ClaudeExec --> ClaudeArgs[Prepare Claude Args<br/>- Prompt file path<br/>- Custom claude_args<br/>- Output format: stream-json]
ClaudeArgs --> ClaudeProvider{Provider}
ClaudeProvider -->|Default| AnthropicAPI[Anthropic API<br/>ANTHROPIC_API_KEY]
ClaudeProvider -->|Bedrock| AWSBedrock[AWS Bedrock<br/>OIDC + AWS credentials]
ClaudeProvider -->|Vertex| GCPVertex[GCP Vertex AI<br/>OIDC + GCP credentials]
AnthropicAPI --> ClaudeProcess[Spawn Claude Process<br/>- Named pipe for input<br/>- Stream JSON output]
AWSBedrock --> ClaudeProcess
GCPVertex --> ClaudeProcess
ClaudeProcess --> ClaudeTools[Claude Tool Usage<br/>- MCP tools<br/>- File operations<br/>- GitHub API calls<br/>- Bash commands]
ClaudeTools --> ClaudeOutput[Claude Output Processing<br/>- Capture execution log<br/>- Parse JSON stream<br/>- Extract metrics]
%% Post-Run Actions
ClaudeOutput --> PostRun{Post-Run Actions}
PostRun -->|Success| Success[✅ Success Path]
PostRun -->|Failure| Failure[❌ Failure Path]
Success --> UpdateComment[Update Tracking Comment<br/>- Job run link<br/>- Branch link<br/>- PR link (if created)<br/>- Execution metrics]
Failure --> UpdateComment
UpdateComment --> BranchCleanup[Branch Cleanup<br/>- Check for changes<br/>- Delete empty branches<br/>- Keep branches with commits]
BranchCleanup --> FormatReport[Format Execution Report<br/>- Parse conversation turns<br/>- Format tool usage<br/>- Add to GitHub step summary]
FormatReport --> RevokeToken[Revoke App Token<br/>DELETE /installation/token]
RevokeToken --> End([Action Complete])
```
## Key Components
### 1. Token Exchange Process
The action uses a secure OIDC token exchange system:
1. **OIDC Token Generation**: `core.getIDToken("claude-code-github-action")`
2. **Token Exchange**: POST to `https://api.anthropic.com/api/github/github-app-token-exchange`
3. **Authentication**: Creates authenticated Octokit clients for GitHub API access
**Security Benefits:**
- Repository-scoped access
- Time-limited tokens
- Permission-limited (only configured GitHub App permissions)
- Automatic token masking in logs
### 2. Mode Detection
The action automatically detects the appropriate execution mode:
#### **Agent Mode**
- **Trigger**: Explicit `prompt` input provided
- **Use Case**: Direct automation, custom workflows
- **Behavior**: Minimal context, direct execution
- **Tracking**: No tracking comments
#### **Tag Mode**
- **Trigger**: @claude mentions, issue assignments, or labels
- **Use Case**: Interactive GitHub responses
- **Behavior**: Rich context, comprehensive GitHub data
- **Tracking**: Creates and updates tracking comments
### 3. Data Fetching (Tag Mode)
When in Tag Mode, the action fetches comprehensive GitHub context:
#### **Pull Request Data:**
- Comments and reviews (including inline comments)
- Changed files with SHAs
- Commit history and metadata
- Author information
- File diff data
#### **Issue Data:**
- Issue details and metadata
- All comments
- Author information
- Labels and assignments
#### **Image Processing:**
- Downloads images from GitHub
- Converts to base64 for Claude
- Maps original URLs to processed content
### 4. MCP Server Integration
The action sets up multiple MCP (Model Context Protocol) servers to provide Claude with GitHub capabilities:
#### **GitHub Actions Server**
- Access to workflow runs and CI data
- Build status and test results
- Artifact information
#### **GitHub Comment Server**
- Comment creation and updates
- Issue and PR comment management
#### **GitHub File Operations Server**
- File reading and writing
- Branch creation and management
- Commit operations
#### **GitHub Inline Comment Server**
- PR review comment operations
- Line-specific feedback
### 5. Prompt Generation
The action generates context-rich prompts based on the detected mode:
#### **Agent Mode Prompts:**
- Direct user prompt
- Minimal GitHub context
- Focused on specific task
#### **Tag Mode Prompts:**
- Comprehensive GitHub context
- PR/Issue details and history
- Changed files and diffs
- Comment threads and reviews
- Commit instructions and guidelines
### 6. Claude Execution
The action runs Claude Code through multiple provider options:
#### **Provider Support:**
- **Anthropic API** (default): Direct API access with API key
- **AWS Bedrock**: OIDC authentication with AWS credentials
- **GCP Vertex AI**: OIDC authentication with GCP credentials
#### **Execution Process:**
1. **Named Pipe Setup**: Creates pipe for prompt input
2. **Process Spawning**: Spawns Claude Code process
3. **Stream Processing**: Captures JSON stream output
4. **Tool Integration**: Enables MCP tools and GitHub operations
### 7. Post-Run Actions
After Claude execution, the action performs comprehensive cleanup and reporting:
#### **Comment Updates:**
- Updates tracking comments with results
- Adds job run links and execution metrics
- Includes branch and PR links when created
#### **Branch Management:**
- Checks for actual changes in Claude branches
- Deletes empty branches to avoid clutter
- Preserves branches with meaningful commits
#### **Report Generation:**
- Parses execution logs and conversation turns
- Formats tool usage and results
- Adds formatted report to GitHub step summary
#### **Security Cleanup:**
- Revokes GitHub App installation token
- Cleans up temporary files and processes
## Security Considerations
### **Access Control:**
- Repository-scoped permissions only
- Write access validation for actors
- Bot user controls and allowlists
### **Token Management:**
- Short-lived installation tokens
- Automatic token revocation after use
- Secure OIDC-based exchange
### **Permission Boundaries:**
- Limited to configured GitHub App permissions
- No cross-repository access
- Scoped to specific repository operations
## Integration Points
### **With Pullfrog:**
The Claude Code Action can be integrated with Pullfrog's workflow system, providing:
- Standardized agent interaction patterns
- Consistent GitHub integration
- Reusable authentication flows
- Common MCP server infrastructure
### **With GitHub:**
- Native GitHub Actions integration
- Comprehensive API coverage (REST + GraphQL)
- Proper webhook handling
- Standard GitHub UI integration
## Development Notes
### **Key Files:**
- `src/entrypoints/prepare.ts`: Main preparation logic
- `src/modes/`: Mode detection and handling
- `src/github/token.ts`: OIDC token exchange
- `src/mcp/`: MCP server implementations
- `base-action/`: Core Claude Code execution
### **Testing:**
- Unit tests for individual components
- Integration tests for full workflows
- Local testing with `act` tool
- Comprehensive fixture support
This architecture provides a robust, secure, and extensible foundation for Claude-GitHub integration while maintaining clear separation of concerns and comprehensive error handling.
+10
View File
@@ -2,6 +2,8 @@
GitHub Action for running Claude Code and other agents via Pullfrog. GitHub Action for running Claude Code and other agents via Pullfrog.
> **📖 Claude Code Action Architecture**: For a detailed technical overview of how the Claude Code Action works (token exchange, modes, data fetching, execution flow), see [CLAUDE-ACTION.md](./CLAUDE-ACTION.md).
## Quick Start ## Quick Start
```bash ```bash
@@ -55,6 +57,14 @@ pnpm dev # Watch mode
The action is bundled into `entry.cjs` with all dependencies included, eliminating runtime dependency on node_modules. The action is bundled into `entry.cjs` with all dependencies included, eliminating runtime dependency on node_modules.
## Environment Variables
Create `.env` in `/action`:
```bash
ANTHROPIC_API_KEY=sk-ant-api03-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Claude API key
```
## Architecture ## Architecture
- **entry.cjs**: Bundled action entry point (self-contained) - **entry.cjs**: Bundled action entry point (self-contained)
+6
View File
@@ -10,6 +10,12 @@ inputs:
anthropic_api_key: anthropic_api_key:
description: "Anthropic API key for Claude Code authentication" description: "Anthropic API key for Claude Code authentication"
required: false required: false
github_token:
description: "GitHub token for repository access"
required: false
github_installation_token:
description: "GitHub App installation token"
required: false
runs: runs:
using: "node20" using: "node20"
+35 -31
View File
@@ -1,8 +1,9 @@
import { access, constants } from "node:fs/promises"; import { access, constants } from "node:fs/promises";
import * as core from "@actions/core"; import * as core from "@actions/core";
import { boxString, tableString } from "../utils"; import { createMcpConfig } from "../mcp/config.ts";
import { spawn } from "../utils/subprocess"; import { spawn } from "../utils/subprocess.ts";
import type { Agent, AgentConfig, AgentResult } from "./types"; import { boxString, tableString } from "../utils/table.ts";
import type { Agent, AgentConfig, AgentResult } from "./types.ts";
/** /**
* Claude Code agent implementation * Claude Code agent implementation
@@ -53,20 +54,18 @@ export class ClaudeAgent implements Agent {
// Use shell execution to properly handle the pipe // Use shell execution to properly handle the pipe
const result = await spawn({ const result = await spawn({
cmd: "bash", cmd: "bash",
args: [ args: ["-c", "curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93"],
"-c",
"curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93",
],
env: { ANTHROPIC_API_KEY: this.apiKey }, env: { ANTHROPIC_API_KEY: this.apiKey },
timeout: 120000, // 2 minute timeout timeout: 120000, // 2 minute timeout
onStdout: (chunk) => process.stdout.write(chunk), onStdout: () => {
// no logs
// process.stdout.write(chunk)
},
onStderr: (chunk) => process.stderr.write(chunk), onStderr: (chunk) => process.stderr.write(chunk),
}); });
if (result.exitCode !== 0) { if (result.exitCode !== 0) {
throw new Error( throw new Error(`Installation failed with exit code ${result.exitCode}: ${result.stderr}`);
`Installation failed with exit code ${result.exitCode}: ${result.stderr}`,
);
} }
core.info("Claude Code installed successfully"); core.info("Claude Code installed successfully");
@@ -95,8 +94,24 @@ export class ClaudeAgent implements Agent {
"stream-json", "stream-json",
"--verbose", "--verbose",
"--permission-mode", "--permission-mode",
"acceptEdits", "bypassPermissions",
]; ];
// Add MCP configuration if GitHub credentials are available
if (
process.env.GITHUB_INSTALLATION_TOKEN &&
process.env.REPO_OWNER &&
process.env.REPO_NAME
) {
const mcpConfig = createMcpConfig(
process.env.GITHUB_INSTALLATION_TOKEN,
process.env.REPO_OWNER,
process.env.REPO_NAME
);
console.log("📋 MCP Config:", mcpConfig);
args.push("--mcp-config", mcpConfig);
}
const env = { const env = {
ANTHROPIC_API_KEY: this.apiKey, ANTHROPIC_API_KEY: this.apiKey,
}; };
@@ -136,7 +151,7 @@ export class ClaudeAgent implements Agent {
// throw on non-zero exit code // throw on non-zero exit code
if (result.exitCode !== 0) { if (result.exitCode !== 0) {
throw new Error( throw new Error(
`Command failed with exit code ${result.exitCode}\n\nStdout: ${result.stdout}\n\nStderr: ${result.stderr}`, `Command failed with exit code ${result.exitCode}\n\nStdout: ${result.stdout}\n\nStderr: ${result.stderr}`
); );
} }
@@ -155,7 +170,7 @@ export class ClaudeAgent implements Agent {
// Log run summary // Log run summary
const duration = Date.now() - this.runStats.startTime; const duration = Date.now() - this.runStats.startTime;
core.info( core.info(
`📊 Run Summary: ${this.runStats.toolsUsed} tools used, ${this.runStats.turns} turns, ${duration}ms duration`, `📊 Run Summary: ${this.runStats.toolsUsed} tools used, ${this.runStats.turns} turns, ${duration}ms duration`
); );
core.info("✅ Task complete."); core.info("✅ Task complete.");
@@ -178,8 +193,7 @@ export class ClaudeAgent implements Agent {
} catch { } catch {
// Group might not have been started, ignore // Group might not have been started, ignore
} }
const errorMessage = const errorMessage = error instanceof Error ? error.message : "Unknown error";
error instanceof Error ? error.message : "Unknown error";
return { return {
success: false, success: false,
error: `Failed to execute Claude Code: ${errorMessage}`, error: `Failed to execute Claude Code: ${errorMessage}`,
@@ -230,12 +244,7 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
["model", parsedChunk.model], ["model", parsedChunk.model],
["cwd", parsedChunk.cwd], ["cwd", parsedChunk.cwd],
["permission_mode", parsedChunk.permissionMode], ["permission_mode", parsedChunk.permissionMode],
[ ["tools", parsedChunk.tools?.length ? `${parsedChunk.tools.length} tools` : "none"],
"tools",
parsedChunk.tools?.length
? `${parsedChunk.tools.length} tools`
: "none",
],
[ [
"mcp_servers", "mcp_servers",
parsedChunk.mcp_servers?.length parsedChunk.mcp_servers?.length
@@ -248,7 +257,7 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
? `${parsedChunk.slash_commands.length} commands` ? `${parsedChunk.slash_commands.length} commands`
: "none", : "none",
], ],
]), ])
); );
} }
break; break;
@@ -264,9 +273,7 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
if (content.type === "text") { if (content.type === "text") {
// Skip empty text content // Skip empty text content
if (content.text.trim()) { if (content.text.trim()) {
core.info( core.info(boxString(content.text.trim(), { title: "Claude Code" }));
boxString(content.text.trim(), { title: "Claude Code" }),
);
} }
} else if (content.type === "tool_use") { } else if (content.type === "tool_use") {
// Track tools used // Track tools used
@@ -376,15 +383,12 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
core.info( core.info(
tableString([ tableString([
[ ["Cost", `$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`],
"Cost",
`$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`,
],
["Input Tokens", parsedChunk.usage?.input_tokens || 0], ["Input Tokens", parsedChunk.usage?.input_tokens || 0],
["Output Tokens", parsedChunk.usage?.output_tokens || 0], ["Output Tokens", parsedChunk.usage?.output_tokens || 0],
["Duration", `${parsedChunk.duration_ms}ms`], ["Duration", `${parsedChunk.duration_ms}ms`],
["Turns", parsedChunk.num_turns || 1], ["Turns", parsedChunk.num_turns || 1],
]), ])
); );
} else { } else {
core.error(`❌ Failed: ${parsedChunk.error || "Unknown error"}`); core.error(`❌ Failed: ${parsedChunk.error || "Unknown error"}`);
-2
View File
@@ -1,2 +0,0 @@
export * from "./claude";
export * from "./types";
+150 -81
View File
@@ -13047,7 +13047,7 @@ var require_fetch = __commonJS({
this.emit("terminated", error2); this.emit("terminated", error2);
} }
}; };
function fetch(input, init = {}) { function fetch2(input, init = {}) {
webidl.argumentLengthCheck(arguments, 1, { header: "globalThis.fetch" }); webidl.argumentLengthCheck(arguments, 1, { header: "globalThis.fetch" });
const p = createDeferredPromise(); const p = createDeferredPromise();
let requestObject; let requestObject;
@@ -13977,7 +13977,7 @@ var require_fetch = __commonJS({
} }
} }
module2.exports = { module2.exports = {
fetch, fetch: fetch2,
Fetch, Fetch,
fetching, fetching,
finalizeAndReportTiming finalizeAndReportTiming
@@ -17233,7 +17233,7 @@ var require_undici = __commonJS({
module2.exports.getGlobalDispatcher = getGlobalDispatcher; module2.exports.getGlobalDispatcher = getGlobalDispatcher;
if (util.nodeMajor > 16 || util.nodeMajor === 16 && util.nodeMinor >= 8) { if (util.nodeMajor > 16 || util.nodeMajor === 16 && util.nodeMinor >= 8) {
let fetchImpl = null; let fetchImpl = null;
module2.exports.fetch = async function fetch(resource) { module2.exports.fetch = async function fetch2(resource) {
if (!fetchImpl) { if (!fetchImpl) {
fetchImpl = require_fetch().fetch; fetchImpl = require_fetch().fetch;
} }
@@ -17582,12 +17582,12 @@ var require_lib = __commonJS({
throw new Error("Client has already been disposed."); throw new Error("Client has already been disposed.");
} }
const parsedUrl = new URL(requestUrl); const parsedUrl = new URL(requestUrl);
let info3 = this._prepareRequest(verb, parsedUrl, headers); let info4 = this._prepareRequest(verb, parsedUrl, headers);
const maxTries = this._allowRetries && RetryableHttpVerbs.includes(verb) ? this._maxRetries + 1 : 1; const maxTries = this._allowRetries && RetryableHttpVerbs.includes(verb) ? this._maxRetries + 1 : 1;
let numTries = 0; let numTries = 0;
let response; let response;
do { do {
response = yield this.requestRaw(info3, data); response = yield this.requestRaw(info4, data);
if (response && response.message && response.message.statusCode === HttpCodes.Unauthorized) { if (response && response.message && response.message.statusCode === HttpCodes.Unauthorized) {
let authenticationHandler; let authenticationHandler;
for (const handler of this.handlers) { for (const handler of this.handlers) {
@@ -17597,7 +17597,7 @@ var require_lib = __commonJS({
} }
} }
if (authenticationHandler) { if (authenticationHandler) {
return authenticationHandler.handleAuthentication(this, info3, data); return authenticationHandler.handleAuthentication(this, info4, data);
} else { } else {
return response; return response;
} }
@@ -17620,8 +17620,8 @@ var require_lib = __commonJS({
} }
} }
} }
info3 = this._prepareRequest(verb, parsedRedirectUrl, headers); info4 = this._prepareRequest(verb, parsedRedirectUrl, headers);
response = yield this.requestRaw(info3, data); response = yield this.requestRaw(info4, data);
redirectsRemaining--; redirectsRemaining--;
} }
if (!response.message.statusCode || !HttpResponseRetryCodes.includes(response.message.statusCode)) { if (!response.message.statusCode || !HttpResponseRetryCodes.includes(response.message.statusCode)) {
@@ -17650,7 +17650,7 @@ var require_lib = __commonJS({
* @param info * @param info
* @param data * @param data
*/ */
requestRaw(info3, data) { requestRaw(info4, data) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
function callbackForResult(err, res) { function callbackForResult(err, res) {
@@ -17662,7 +17662,7 @@ var require_lib = __commonJS({
resolve(res); resolve(res);
} }
} }
this.requestRawWithCallback(info3, data, callbackForResult); this.requestRawWithCallback(info4, data, callbackForResult);
}); });
}); });
} }
@@ -17672,12 +17672,12 @@ var require_lib = __commonJS({
* @param data * @param data
* @param onResult * @param onResult
*/ */
requestRawWithCallback(info3, data, onResult) { requestRawWithCallback(info4, data, onResult) {
if (typeof data === "string") { if (typeof data === "string") {
if (!info3.options.headers) { if (!info4.options.headers) {
info3.options.headers = {}; info4.options.headers = {};
} }
info3.options.headers["Content-Length"] = Buffer.byteLength(data, "utf8"); info4.options.headers["Content-Length"] = Buffer.byteLength(data, "utf8");
} }
let callbackCalled = false; let callbackCalled = false;
function handleResult(err, res) { function handleResult(err, res) {
@@ -17686,7 +17686,7 @@ var require_lib = __commonJS({
onResult(err, res); onResult(err, res);
} }
} }
const req = info3.httpModule.request(info3.options, (msg) => { const req = info4.httpModule.request(info4.options, (msg) => {
const res = new HttpClientResponse(msg); const res = new HttpClientResponse(msg);
handleResult(void 0, res); handleResult(void 0, res);
}); });
@@ -17698,7 +17698,7 @@ var require_lib = __commonJS({
if (socket) { if (socket) {
socket.end(); socket.end();
} }
handleResult(new Error(`Request timeout: ${info3.options.path}`)); handleResult(new Error(`Request timeout: ${info4.options.path}`));
}); });
req.on("error", function(err) { req.on("error", function(err) {
handleResult(err); handleResult(err);
@@ -17734,27 +17734,27 @@ var require_lib = __commonJS({
return this._getProxyAgentDispatcher(parsedUrl, proxyUrl); return this._getProxyAgentDispatcher(parsedUrl, proxyUrl);
} }
_prepareRequest(method, requestUrl, headers) { _prepareRequest(method, requestUrl, headers) {
const info3 = {}; const info4 = {};
info3.parsedUrl = requestUrl; info4.parsedUrl = requestUrl;
const usingSsl = info3.parsedUrl.protocol === "https:"; const usingSsl = info4.parsedUrl.protocol === "https:";
info3.httpModule = usingSsl ? https : http; info4.httpModule = usingSsl ? https : http;
const defaultPort = usingSsl ? 443 : 80; const defaultPort = usingSsl ? 443 : 80;
info3.options = {}; info4.options = {};
info3.options.host = info3.parsedUrl.hostname; info4.options.host = info4.parsedUrl.hostname;
info3.options.port = info3.parsedUrl.port ? parseInt(info3.parsedUrl.port) : defaultPort; info4.options.port = info4.parsedUrl.port ? parseInt(info4.parsedUrl.port) : defaultPort;
info3.options.path = (info3.parsedUrl.pathname || "") + (info3.parsedUrl.search || ""); info4.options.path = (info4.parsedUrl.pathname || "") + (info4.parsedUrl.search || "");
info3.options.method = method; info4.options.method = method;
info3.options.headers = this._mergeHeaders(headers); info4.options.headers = this._mergeHeaders(headers);
if (this.userAgent != null) { if (this.userAgent != null) {
info3.options.headers["user-agent"] = this.userAgent; info4.options.headers["user-agent"] = this.userAgent;
} }
info3.options.agent = this._getAgent(info3.parsedUrl); info4.options.agent = this._getAgent(info4.parsedUrl);
if (this.handlers) { if (this.handlers) {
for (const handler of this.handlers) { for (const handler of this.handlers) {
handler.prepareRequest(info3.options); handler.prepareRequest(info4.options);
} }
} }
return info3; return info4;
} }
_mergeHeaders(headers) { _mergeHeaders(headers) {
if (this.requestOptions && this.requestOptions.headers) { if (this.requestOptions && this.requestOptions.headers) {
@@ -19661,10 +19661,10 @@ var require_core = __commonJS({
(0, command_1.issueCommand)("set-env", { name }, convertedVal); (0, command_1.issueCommand)("set-env", { name }, convertedVal);
} }
exports2.exportVariable = exportVariable; exports2.exportVariable = exportVariable;
function setSecret(secret) { function setSecret2(secret) {
(0, command_1.issueCommand)("add-mask", {}, secret); (0, command_1.issueCommand)("add-mask", {}, secret);
} }
exports2.setSecret = setSecret; exports2.setSecret = setSecret2;
function addPath(inputPath) { function addPath(inputPath) {
const filePath = process.env["GITHUB_PATH"] || ""; const filePath = process.env["GITHUB_PATH"] || "";
if (filePath) { if (filePath) {
@@ -19675,7 +19675,7 @@ var require_core = __commonJS({
process.env["PATH"] = `${inputPath}${path.delimiter}${process.env["PATH"]}`; process.env["PATH"] = `${inputPath}${path.delimiter}${process.env["PATH"]}`;
} }
exports2.addPath = addPath; exports2.addPath = addPath;
function getInput2(name, options) { function getInput3(name, options) {
const val = process.env[`INPUT_${name.replace(/ /g, "_").toUpperCase()}`] || ""; const val = process.env[`INPUT_${name.replace(/ /g, "_").toUpperCase()}`] || "";
if (options && options.required && !val) { if (options && options.required && !val) {
throw new Error(`Input required and not supplied: ${name}`); throw new Error(`Input required and not supplied: ${name}`);
@@ -19685,9 +19685,9 @@ var require_core = __commonJS({
} }
return val.trim(); return val.trim();
} }
exports2.getInput = getInput2; exports2.getInput = getInput3;
function getMultilineInput(name, options) { function getMultilineInput(name, options) {
const inputs = getInput2(name, options).split("\n").filter((x) => x !== ""); const inputs = getInput3(name, options).split("\n").filter((x) => x !== "");
if (options && options.trimWhitespace === false) { if (options && options.trimWhitespace === false) {
return inputs; return inputs;
} }
@@ -19697,7 +19697,7 @@ var require_core = __commonJS({
function getBooleanInput(name, options) { function getBooleanInput(name, options) {
const trueValue = ["true", "True", "TRUE"]; const trueValue = ["true", "True", "TRUE"];
const falseValue = ["false", "False", "FALSE"]; const falseValue = ["false", "False", "FALSE"];
const val = getInput2(name, options); const val = getInput3(name, options);
if (trueValue.includes(val)) if (trueValue.includes(val))
return true; return true;
if (falseValue.includes(val)) if (falseValue.includes(val))
@@ -19706,7 +19706,7 @@ var require_core = __commonJS({
Support boolean input list: \`true | True | TRUE | false | False | FALSE\``); Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
} }
exports2.getBooleanInput = getBooleanInput; exports2.getBooleanInput = getBooleanInput;
function setOutput2(name, value) { function setOutput(name, value) {
const filePath = process.env["GITHUB_OUTPUT"] || ""; const filePath = process.env["GITHUB_OUTPUT"] || "";
if (filePath) { if (filePath) {
return (0, file_command_1.issueFileCommand)("OUTPUT", (0, file_command_1.prepareKeyValueMessage)(name, value)); return (0, file_command_1.issueFileCommand)("OUTPUT", (0, file_command_1.prepareKeyValueMessage)(name, value));
@@ -19714,7 +19714,7 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
process.stdout.write(os.EOL); process.stdout.write(os.EOL);
(0, command_1.issueCommand)("set-output", { name }, (0, utils_1.toCommandValue)(value)); (0, command_1.issueCommand)("set-output", { name }, (0, utils_1.toCommandValue)(value));
} }
exports2.setOutput = setOutput2; exports2.setOutput = setOutput;
function setCommandEcho(enabled) { function setCommandEcho(enabled) {
(0, command_1.issue)("echo", enabled ? "on" : "off"); (0, command_1.issue)("echo", enabled ? "on" : "off");
} }
@@ -19744,10 +19744,10 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
(0, command_1.issueCommand)("notice", (0, utils_1.toCommandProperties)(properties), message instanceof Error ? message.toString() : message); (0, command_1.issueCommand)("notice", (0, utils_1.toCommandProperties)(properties), message instanceof Error ? message.toString() : message);
} }
exports2.notice = notice; exports2.notice = notice;
function info3(message) { function info4(message) {
process.stdout.write(message + os.EOL); process.stdout.write(message + os.EOL);
} }
exports2.info = info3; exports2.info = info4;
function startGroup2(name) { function startGroup2(name) {
(0, command_1.issue)("group", name); (0, command_1.issue)("group", name);
} }
@@ -19781,12 +19781,12 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
return process.env[`STATE_${name}`] || ""; return process.env[`STATE_${name}`] || "";
} }
exports2.getState = getState; exports2.getState = getState;
function getIDToken(aud) { function getIDToken2(aud) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
return yield oidc_utils_1.OidcClient.getIDToken(aud); return yield oidc_utils_1.OidcClient.getIDToken(aud);
}); });
} }
exports2.getIDToken = getIDToken; exports2.getIDToken = getIDToken2;
var summary_1 = require_summary(); var summary_1 = require_summary();
Object.defineProperty(exports2, "summary", { enumerable: true, get: function() { Object.defineProperty(exports2, "summary", { enumerable: true, get: function() {
return summary_1.summary; return summary_1.summary;
@@ -25494,7 +25494,7 @@ var require_src = __commonJS({
}); });
// entry.ts // entry.ts
var core3 = __toESM(require_core(), 1); var core4 = __toESM(require_core(), 1);
// main.ts // main.ts
var core2 = __toESM(require_core(), 1); var core2 = __toESM(require_core(), 1);
@@ -25503,6 +25503,28 @@ var core2 = __toESM(require_core(), 1);
var import_promises = require("node:fs/promises"); var import_promises = require("node:fs/promises");
var core = __toESM(require_core(), 1); var core = __toESM(require_core(), 1);
// mcp/config.ts
var actionPath = process.env.GITHUB_ACTION_PATH || process.cwd();
function createMcpConfig(githubInstallationToken, repoOwner, repoName) {
return JSON.stringify(
{
mcpServers: {
minimal_github_comment: {
command: "node",
args: [`${actionPath}/mcp/server.ts`],
env: {
GITHUB_INSTALLATION_TOKEN: githubInstallationToken,
REPO_OWNER: repoOwner,
REPO_NAME: repoName
}
}
}
},
null,
2
);
}
// utils/subprocess.ts // utils/subprocess.ts
var import_node_child_process = require("node:child_process"); var import_node_child_process = require("node:child_process");
async function spawn(options) { async function spawn(options) {
@@ -25707,20 +25729,16 @@ var ClaudeAgent = class {
try { try {
const result = await spawn({ const result = await spawn({
cmd: "bash", cmd: "bash",
args: [ args: ["-c", "curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93"],
"-c",
"curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93"
],
env: { ANTHROPIC_API_KEY: this.apiKey }, env: { ANTHROPIC_API_KEY: this.apiKey },
timeout: 12e4, timeout: 12e4,
// 2 minute timeout // 2 minute timeout
onStdout: (chunk) => process.stdout.write(chunk), onStdout: () => {
},
onStderr: (chunk) => process.stderr.write(chunk) onStderr: (chunk) => process.stderr.write(chunk)
}); });
if (result.exitCode !== 0) { if (result.exitCode !== 0) {
throw new Error( throw new Error(`Installation failed with exit code ${result.exitCode}: ${result.stderr}`);
`Installation failed with exit code ${result.exitCode}: ${result.stderr}`
);
} }
core.info("Claude Code installed successfully"); core.info("Claude Code installed successfully");
} catch (error2) { } catch (error2) {
@@ -25741,8 +25759,17 @@ var ClaudeAgent = class {
"stream-json", "stream-json",
"--verbose", "--verbose",
"--permission-mode", "--permission-mode",
"acceptEdits" "bypassPermissions"
]; ];
if (process.env.GITHUB_INSTALLATION_TOKEN && process.env.REPO_OWNER && process.env.REPO_NAME) {
const mcpConfig = createMcpConfig(
process.env.GITHUB_INSTALLATION_TOKEN,
process.env.REPO_OWNER,
process.env.REPO_NAME
);
console.log("\u{1F4CB} MCP Config:", mcpConfig);
args.push("--mcp-config", mcpConfig);
}
const env = { const env = {
ANTHROPIC_API_KEY: this.apiKey ANTHROPIC_API_KEY: this.apiKey
}; };
@@ -25821,10 +25848,7 @@ function processJSONChunk(chunk, agent) {
["model", parsedChunk.model], ["model", parsedChunk.model],
["cwd", parsedChunk.cwd], ["cwd", parsedChunk.cwd],
["permission_mode", parsedChunk.permissionMode], ["permission_mode", parsedChunk.permissionMode],
[ ["tools", parsedChunk.tools?.length ? `${parsedChunk.tools.length} tools` : "none"],
"tools",
parsedChunk.tools?.length ? `${parsedChunk.tools.length} tools` : "none"
],
[ [
"mcp_servers", "mcp_servers",
parsedChunk.mcp_servers?.length ? `${parsedChunk.mcp_servers.length} servers` : "none" parsedChunk.mcp_servers?.length ? `${parsedChunk.mcp_servers.length} servers` : "none"
@@ -25845,9 +25869,7 @@ function processJSONChunk(chunk, agent) {
for (const content of parsedChunk.message.content) { for (const content of parsedChunk.message.content) {
if (content.type === "text") { if (content.type === "text") {
if (content.text.trim()) { if (content.text.trim()) {
core.info( core.info(boxString(content.text.trim(), { title: "Claude Code" }));
boxString(content.text.trim(), { title: "Claude Code" })
);
} }
} else if (content.type === "tool_use") { } else if (content.type === "tool_use") {
if (agent) { if (agent) {
@@ -25915,10 +25937,7 @@ function processJSONChunk(chunk, agent) {
if (parsedChunk.subtype === "success") { if (parsedChunk.subtype === "success") {
core.info( core.info(
tableString([ tableString([
[ ["Cost", `$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`],
"Cost",
`$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`
],
["Input Tokens", parsedChunk.usage?.input_tokens || 0], ["Input Tokens", parsedChunk.usage?.input_tokens || 0],
["Output Tokens", parsedChunk.usage?.output_tokens || 0], ["Output Tokens", parsedChunk.usage?.output_tokens || 0],
["Duration", `${parsedChunk.duration_ms}ms`], ["Duration", `${parsedChunk.duration_ms}ms`],
@@ -25942,14 +25961,15 @@ function processJSONChunk(chunk, agent) {
// main.ts // main.ts
async function main(params) { async function main(params) {
try { try {
const anthropicApiKey = params.anthropicApiKey || process.env.ANTHROPIC_API_KEY; const { inputs, env, cwd } = params;
if (!anthropicApiKey) { if (cwd !== process.cwd()) {
throw new Error("anthropic_api_key is required"); process.chdir(cwd);
} }
Object.assign(process.env, env);
core2.info(`\u2192 Starting agent run with Claude Code`); core2.info(`\u2192 Starting agent run with Claude Code`);
const agent = new ClaudeAgent({ apiKey: anthropicApiKey }); const agent = new ClaudeAgent({ apiKey: inputs.anthropic_api_key });
await agent.install(); await agent.install();
const result = await agent.execute(params.prompt); const result = await agent.execute(inputs.prompt);
if (!result.success) { if (!result.success) {
return { return {
success: false, success: false,
@@ -25970,33 +25990,82 @@ async function main(params) {
} }
} }
// utils/github.ts
var core3 = __toESM(require_core(), 1);
async function setupGitHubInstallationToken() {
const inputToken = core3.getInput("github_installation_token");
const envToken = process.env.GITHUB_INSTALLATION_TOKEN;
const existingToken = inputToken || envToken;
if (existingToken) {
core3.setSecret(existingToken);
core3.info("Using provided GitHub installation token");
return existingToken;
}
core3.info("Generating OIDC token...");
try {
const oidcToken = await core3.getIDToken("pullfrog-api");
core3.info("OIDC token generated successfully");
const apiUrl = process.env.API_URL || "https://pullfrog.ai";
core3.info("Exchanging OIDC token for installation token...");
const tokenResponse = await fetch(`${apiUrl}/api/github/installation-token`, {
method: "POST",
headers: {
Authorization: `Bearer ${oidcToken}`,
"Content-Type": "application/json"
}
});
if (!tokenResponse.ok) {
const errorText = await tokenResponse.text();
throw new Error(
`Token exchange failed: ${tokenResponse.status} ${tokenResponse.statusText} - ${errorText}`
);
}
const tokenData = await tokenResponse.json();
core3.info(`Installation token obtained for ${tokenData.repository || "all repositories"}`);
core3.setSecret(tokenData.token);
process.env.GITHUB_INSTALLATION_TOKEN = tokenData.token;
return tokenData.token;
} catch (error2) {
throw new Error(
`Failed to setup GitHub installation token: ${error2 instanceof Error ? error2.message : "Unknown error"}`
);
}
}
// entry.ts // entry.ts
async function run() { async function run() {
try { try {
const prompt = core3.getInput("prompt", { required: true }); const prompt = core4.getInput("prompt", { required: true });
const anthropicApiKey = core3.getInput("anthropic_api_key", { const anthropic_api_key = core4.getInput("anthropic_api_key");
required: true
});
if (!anthropicApiKey) {
throw new Error("anthropic_api_key is required");
}
if (!prompt) { if (!prompt) {
throw new Error("prompt is required"); throw new Error("prompt is required");
} }
const params = { const inputs = {
prompt, prompt,
anthropicApiKey anthropic_api_key
};
const githubToken = core4.getInput("github_token") || process.env.GITHUB_TOKEN;
if (githubToken) {
inputs.github_token = githubToken;
}
const githubInstallationToken = core4.getInput("github_installation_token") || process.env.GITHUB_INSTALLATION_TOKEN;
if (githubInstallationToken) {
inputs.github_installation_token = githubInstallationToken;
} else {
await setupGitHubInstallationToken();
}
const params = {
inputs,
env: {},
cwd: process.cwd()
}; };
const result = await main(params); const result = await main(params);
core3.setOutput("status", result.success ? "success" : "failed");
core3.setOutput("prompt", prompt);
core3.setOutput("output", result.output || "");
if (!result.success) { if (!result.success) {
throw new Error(result.error || "Agent execution failed"); throw new Error(result.error || "Agent execution failed");
} }
} catch (error2) { } catch (error2) {
const errorMessage = error2 instanceof Error ? error2.message : "Unknown error occurred"; const errorMessage = error2 instanceof Error ? error2.message : "Unknown error occurred";
core3.setFailed(`Action failed: ${errorMessage}`); core4.setFailed(`Action failed: ${errorMessage}`);
} }
} }
run().catch((error2) => { run().catch((error2) => {
+28 -18
View File
@@ -6,44 +6,54 @@
*/ */
import * as core from "@actions/core"; import * as core from "@actions/core";
import { main } from "./main"; import { type ExecutionInputs, type MainParams, main } from "./main.ts";
import { setupGitHubInstallationToken } from "./utils/github.ts";
async function run(): Promise<void> { async function run(): Promise<void> {
try { try {
// Get inputs from GitHub Actions // Get inputs from GitHub Actions
const prompt = core.getInput("prompt", { required: true }); const prompt = core.getInput("prompt", { required: true });
const anthropicApiKey = core.getInput("anthropic_api_key", { const anthropic_api_key = core.getInput("anthropic_api_key");
required: true,
});
if (!anthropicApiKey) {
throw new Error("anthropic_api_key is required");
}
if (!prompt) { if (!prompt) {
throw new Error("prompt is required"); throw new Error("prompt is required");
} }
// Create params object // Create params object with new structure
const params = { const inputs: ExecutionInputs = {
prompt, prompt,
anthropicApiKey, anthropic_api_key,
};
// Add optional properties only if they exist
const githubToken = core.getInput("github_token") || process.env.GITHUB_TOKEN;
if (githubToken) {
inputs.github_token = githubToken;
}
const githubInstallationToken =
core.getInput("github_installation_token") || process.env.GITHUB_INSTALLATION_TOKEN;
if (githubInstallationToken) {
inputs.github_installation_token = githubInstallationToken;
} else {
await setupGitHubInstallationToken();
}
const params: MainParams = {
inputs,
env: {},
cwd: process.cwd(),
}; };
// Run the main function
const result = await main(params); const result = await main(params);
// Set outputs // TODO: Set outputs
core.setOutput("status", result.success ? "success" : "failed");
core.setOutput("prompt", prompt);
core.setOutput("output", result.output || "");
if (!result.success) { if (!result.success) {
throw new Error(result.error || "Agent execution failed"); throw new Error(result.error || "Agent execution failed");
} }
} catch (error) { } catch (error) {
const errorMessage = const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";
error instanceof Error ? error.message : "Unknown error occurred";
core.setFailed(`Action failed: ${errorMessage}`); core.setFailed(`Action failed: ${errorMessage}`);
} }
} }
+8 -2
View File
@@ -1,7 +1,13 @@
import type { MainParams } from "../main"; import type { MainParams } from "../main.ts";
const testParams = { const testParams = {
prompt: "List all files in the current directory, then create a file called dynamic-test.txt with the content 'This was loaded from a TypeScript file!', then delete it." inputs: {
prompt:
"List all files in the current directory, then create a file called dynamic-test.txt with the content 'This was loaded from a TypeScript file!', then delete it.",
anthropic_api_key: "sk-test-key",
},
env: {},
cwd: process.cwd(),
} satisfies MainParams; } satisfies MainParams;
export default testParams; export default testParams;
+3 -1
View File
@@ -1 +1,3 @@
Print the list of tools available. Then create a new file called test.txt with the content "Hello from Pullfrog!". Use the MCP GitHub comment tool to add a comment containing your best frog joke to GitHub issue https://github.com/pullfrogai/scratch/issues/2.
Do not use the gh cli. If the mcp tool does not work, bail.
-25978
View File
File diff suppressed because one or more lines are too long
+8 -3
View File
@@ -3,6 +3,11 @@
* This exports the main function for programmatic usage * This exports the main function for programmatic usage
*/ */
export { main } from "./main"; export { ClaudeAgent } from "./agents/claude.ts";
export { ClaudeAgent } from "./agents"; export type { Agent, AgentConfig, AgentResult } from "./agents/types.ts";
export type { Agent, AgentConfig, AgentResult } from "./agents/types"; export {
type ExecutionInputs,
type MainParams,
type MainResult,
main,
} from "./main.ts";
+29 -12
View File
@@ -1,9 +1,24 @@
import * as core from "@actions/core"; import * as core from "@actions/core";
import { ClaudeAgent } from "./agents"; import { ClaudeAgent } from "./agents/claude.ts";
// Expected environment variables that should be passed as inputs
export const EXPECTED_INPUTS: string[] = [
"ANTHROPIC_API_KEY",
"GITHUB_TOKEN",
"GITHUB_INSTALLATION_TOKEN",
];
export interface ExecutionInputs {
prompt: string;
anthropic_api_key: string;
github_token?: string;
github_installation_token?: string;
}
export interface MainParams { export interface MainParams {
prompt: string; inputs: ExecutionInputs;
anthropicApiKey?: string; env: Record<string, string>;
cwd: string;
} }
export interface MainResult { export interface MainResult {
@@ -14,22 +29,25 @@ export interface MainResult {
export async function main(params: MainParams): Promise<MainResult> { export async function main(params: MainParams): Promise<MainResult> {
try { try {
// Use provided API key or fall back to environment variable // Extract inputs from params
const anthropicApiKey = const { inputs, env, cwd } = params;
params.anthropicApiKey || process.env.ANTHROPIC_API_KEY;
if (!anthropicApiKey) { // Set working directory if different from current
throw new Error("anthropic_api_key is required"); if (cwd !== process.cwd()) {
process.chdir(cwd);
} }
// Set environment variables
Object.assign(process.env, env);
core.info(`→ Starting agent run with Claude Code`); core.info(`→ Starting agent run with Claude Code`);
// Create and install the Claude agent // Create and install the Claude agent
const agent = new ClaudeAgent({ apiKey: anthropicApiKey }); const agent = new ClaudeAgent({ apiKey: inputs.anthropic_api_key });
await agent.install(); await agent.install();
// Execute the agent with the prompt // Execute the agent with the prompt
const result = await agent.execute(params.prompt); const result = await agent.execute(inputs.prompt);
if (!result.success) { if (!result.success) {
return { return {
@@ -44,8 +62,7 @@ export async function main(params: MainParams): Promise<MainResult> {
output: result.output || "", output: result.output || "",
}; };
} catch (error) { } catch (error) {
const errorMessage = const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";
error instanceof Error ? error.message : "Unknown error occurred";
return { return {
success: false, success: false,
error: errorMessage, error: errorMessage,
+28
View File
@@ -0,0 +1,28 @@
/**
* Simple MCP configuration helper for adding our minimal GitHub comment server
*/
const actionPath = process.env.GITHUB_ACTION_PATH || process.cwd();
export function createMcpConfig(
githubInstallationToken: string,
repoOwner: string,
repoName: string
) {
return JSON.stringify(
{
mcpServers: {
minimal_github_comment: {
command: "node",
args: [`${actionPath}/mcp/server.ts`],
env: {
GITHUB_INSTALLATION_TOKEN: githubInstallationToken,
REPO_OWNER: repoOwner,
REPO_NAME: repoName,
},
},
},
},
null,
2
);
}
+97
View File
@@ -0,0 +1,97 @@
#!/usr/bin/env node
// Minimal GitHub Issue Comment MCP Server
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { Octokit } from "@octokit/rest";
import { type } from "arktype";
import { z } from "zod";
// Get repository information from environment variables
const REPO_OWNER = process.env.REPO_OWNER;
const REPO_NAME = process.env.REPO_NAME;
if (!REPO_OWNER || !REPO_NAME) {
console.error("Error: REPO_OWNER and REPO_NAME environment variables are required");
process.exit(1);
}
const server = new McpServer({
name: "Minimal GitHub Issue Comment Server",
version: "0.0.1",
});
// Define the schema for creating issue comments
const Comment = type({
issueNumber: type.number.describe("the issue number to comment on"),
body: type.string.describe("the comment body content"),
});
server.tool(
"create_issue_comment",
"Create a comment on a GitHub issue",
{
issueNumber: z.number().describe("the issue number to comment on"),
body: z.string().describe("the comment body content"),
},
async ({ issueNumber, body }) => {
try {
Comment.assert({ issueNumber, body });
const githubInstallationToken = process.env.GITHUB_INSTALLATION_TOKEN;
if (!githubInstallationToken) {
throw new Error("GITHUB_INSTALLATION_TOKEN environment variable is required");
}
const octokit = new Octokit({
auth: githubInstallationToken,
});
const result = await octokit.rest.issues.createComment({
owner: REPO_OWNER,
repo: REPO_NAME,
issue_number: issueNumber,
body: body,
});
return {
content: [
{
type: "text",
text: JSON.stringify(
{
success: true,
commentId: result.data.id,
url: result.data.html_url,
body: result.data.body,
},
null,
2
),
},
],
};
} catch (error) {
const errorMessage = error instanceof Error ? error.message : String(error);
return {
content: [
{
type: "text",
text: `Error creating comment: ${errorMessage}`,
},
],
error: errorMessage,
isError: true,
};
}
}
);
async function runServer() {
const transport = new StdioServerTransport();
await server.connect(transport);
process.on("exit", () => {
server.close();
});
}
runServer().catch(console.error);
+13 -6
View File
@@ -1,6 +1,6 @@
{ {
"name": "@pullfrog/action", "name": "@pullfrog/action",
"version": "0.0.7", "version": "0.0.13",
"type": "module", "type": "module",
"files": [ "files": [
"index.js", "index.js",
@@ -17,25 +17,32 @@
}, },
"scripts": { "scripts": {
"test": "echo \"Error: no test specified\" && exit 1", "test": "echo \"Error: no test specified\" && exit 1",
"typecheck": "tsc --noEmit",
"build": "node esbuild.config.js", "build": "node esbuild.config.js",
"build:npm": "zshy", "build:npm": "zshy",
"build:dev": "node esbuild.config.js", "build:dev": "node esbuild.config.js",
"prepare": "husky", "prepare": "husky",
"play": "tsx --env-file=../.env play.ts" "play": "node play.ts",
"upDeps": "pnpm up --latest"
}, },
"dependencies": { "dependencies": {
"@actions/core": "^1.10.1", "@actions/core": "^1.11.1",
"@modelcontextprotocol/sdk": "^1.17.5",
"@octokit/rest": "^22.0.0",
"@octokit/webhooks-types": "^7.6.1",
"arktype": "^2.1.22",
"dotenv": "^17.2.2",
"execa": "^9.6.0", "execa": "^9.6.0",
"table": "^6.9.0" "table": "^6.9.0"
}, },
"devDependencies": { "devDependencies": {
"@types/node": "^20.10.0", "@types/node": "^20.10.0",
"commander": "^14.0.0", "arg": "^5.0.2",
"dotenv": "^17.2.2",
"esbuild": "^0.25.9", "esbuild": "^0.25.9",
"husky": "^9.0.0", "husky": "^9.0.0",
"typescript": "^5.3.0", "typescript": "^5.3.0",
"zshy": "^0.4.1" "zshy": "^0.4.1",
"zod": "^3.24.4"
}, },
"repository": { "repository": {
"type": "git", "type": "git",
+172 -165
View File
@@ -1,191 +1,198 @@
#!/usr/bin/env tsx import { existsSync, readFileSync } from "node:fs";
import { dirname, extname, join, resolve } from "node:path";
import { execSync } from "node:child_process";
import { existsSync, readFileSync, rmSync, writeFileSync } from "node:fs";
import { dirname, join, resolve, extname } from "node:path";
import { fileURLToPath, pathToFileURL } from "node:url"; import { fileURLToPath, pathToFileURL } from "node:url";
import { Command } from "commander"; import arg from "arg";
import { main } from "./main"; import { config } from "dotenv";
import { runAct } from "./utils/act"; import { main } from "./main.ts";
import { runAct } from "./utils/act.ts";
import { setupTestRepo } from "./utils/setup.ts";
// Load environment variables from .env file
config();
const __filename = fileURLToPath(import.meta.url); const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename); const __dirname = dirname(__filename);
async function loadPrompt(filePath: string): Promise<string> { export async function run(
const ext = extname(filePath).toLowerCase(); prompt: string,
options: { act?: boolean } = {}
// Try to resolve the file path ): Promise<{ success: boolean; output?: string | undefined; error?: string | undefined }> {
let resolvedPath: string;
// First try as fixtures path
const fixturesPath = join(__dirname, "fixtures", filePath);
if (existsSync(fixturesPath)) {
resolvedPath = fixturesPath;
} else if (existsSync(filePath)) {
resolvedPath = resolve(filePath);
} else {
throw new Error(`File not found: ${filePath}`);
}
switch (ext) {
case ".txt": {
// Plain text - pass directly as prompt
return readFileSync(resolvedPath, "utf8").trim();
}
case ".json": {
// JSON - stringify and pass as prompt
const content = readFileSync(resolvedPath, "utf8");
const parsed = JSON.parse(content);
return JSON.stringify(parsed, null, 2);
}
case ".ts": {
// TypeScript - dynamic import and stringify default export
const fileUrl = pathToFileURL(resolvedPath).href;
const module = await import(fileUrl);
if (!module.default) {
throw new Error(
`TypeScript file ${filePath} must have a default export`,
);
}
// If it's a string, use it directly
if (typeof module.default === "string") {
return module.default;
}
// If it's a MainParams object with a prompt field, extract the prompt
if (typeof module.default === "object" && module.default.prompt) {
return module.default.prompt;
}
// Otherwise stringify it
return JSON.stringify(module.default, null, 2);
}
default:
throw new Error(
`Unsupported file type: ${ext}. Supported types: .txt, .json, .ts`,
);
}
}
async function runPlay(
filePath: string,
options: { act?: boolean },
): Promise<void> {
try { try {
// Load the prompt from the specified file
const prompt = await loadPrompt(filePath);
if (options.act) { if (options.act) {
// Use Docker/act to run the action // Use Docker/act to run the action
console.log("🐳 Running with Docker/act..."); console.log("🐳 Running with Docker/act...");
runAct(prompt); runAct(prompt);
return { success: true };
}
// Setup test repository and run directly
const tempDir = join(process.cwd(), ".temp");
setupTestRepo({ tempDir, forceClean: true });
// Change to the temp directory
const originalCwd = process.cwd();
process.chdir(tempDir);
console.log("🚀 Running action with prompt...");
console.log("─".repeat(50));
console.log("Prompt:");
console.log(prompt);
console.log("─".repeat(50));
// Set environment variables from our .env for the action to use
const { EXPECTED_INPUTS } = await import("./main.ts");
EXPECTED_INPUTS.forEach((inputName) => {
const value = process.env[inputName];
if (value) {
process.env[`INPUT_${inputName.toLowerCase()}`] = value;
}
});
// Run main with the new params structure
const inputs: any = {
prompt,
anthropic_api_key: process.env.ANTHROPIC_API_KEY || "",
};
// Add optional properties only if they exist
if (process.env.GITHUB_TOKEN) {
inputs.github_token = process.env.GITHUB_TOKEN;
}
if (process.env.GITHUB_INSTALLATION_TOKEN) {
inputs.github_installation_token = process.env.GITHUB_INSTALLATION_TOKEN;
}
const result = await main({
inputs,
env: process.env as Record<string, string>,
cwd: process.cwd(),
});
// Change back to original directory
process.chdir(originalCwd);
if (result.success) {
console.log("✅ Action completed successfully");
if (result.output) {
console.log("Output:", result.output);
}
return { success: true, output: result.output || undefined, error: undefined };
} else { } else {
// Clone the test repository and run directly console.error("❌ Action failed:", result.error);
const tempDir = join(process.cwd(), ".temp"); return { success: false, error: result.error || undefined, output: undefined };
const repoUrl = "git@github.com:pullfrogai/scratch.git"; }
} catch (error) {
const errorMessage = (error as Error).message;
console.error("❌ Error:", errorMessage);
return { success: false, error: errorMessage, output: undefined };
}
}
// Remove existing temp directory if it exists // CLI execution when run directly
if (existsSync(tempDir)) { if (import.meta.url === `file://${process.argv[1]}`) {
console.log("🗑️ Removing existing .temp directory..."); const args = arg({
rmSync(tempDir, { recursive: true, force: true }); "--help": Boolean,
"--act": Boolean,
"--raw": String,
"-h": "--help",
});
if (args["--help"]) {
console.log(`
Usage: tsx play.ts [file] [options]
Test the Pullfrog action with various prompts.
Arguments:
file Prompt file to use (.txt, .json, or .ts) [default: fixtures/basic.txt]
Options:
--act Use Docker/act to run the action instead of running directly
--raw [prompt] Use raw string as prompt instead of loading from file
-h, --help Show this help message
Examples:
tsx play.ts # Use default fixture
tsx play.ts fixtures/basic.txt # Use specific text file
tsx play.ts custom.json # Use JSON file
tsx play.ts --act fixtures/test.ts # Use TypeScript file with Docker/act
tsx play.ts --raw "Hello world" # Use raw string as prompt
`);
process.exit(0);
}
let prompt: string;
if (args["--raw"]) {
// Use raw prompt string
prompt = args["--raw"];
} else {
// Load prompt from file
const filePath = args._[0] || "fixtures/basic.txt";
const ext = extname(filePath).toLowerCase();
let resolvedPath: string;
// First try as fixtures path
const fixturesPath = join(__dirname, "fixtures", filePath);
if (existsSync(fixturesPath)) {
resolvedPath = fixturesPath;
} else if (existsSync(filePath)) {
resolvedPath = resolve(filePath);
} else {
throw new Error(`File not found: ${filePath}`);
}
switch (ext) {
case ".txt": {
// Plain text - pass directly as prompt
prompt = readFileSync(resolvedPath, "utf8").trim();
break;
} }
// Clone the repository case ".json": {
console.log("📦 Cloning pullfrogai/scratch into .temp..."); // JSON - stringify and pass as prompt
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" }); const content = readFileSync(resolvedPath, "utf8");
const parsed = JSON.parse(content);
prompt = JSON.stringify(parsed, null, 2);
break;
}
// List of environment variables to copy to .temp case ".ts": {
const envVarsToCopy = [ // TypeScript - dynamic import and stringify default export
"ANTHROPIC_API_KEY", const fileUrl = pathToFileURL(resolvedPath).href;
"GITHUB_TOKEN", const module = await import(fileUrl);
// Add more environment variables here as needed
];
// Build .env content from the list if (!module.default) {
const envLines = envVarsToCopy throw new Error(`TypeScript file ${filePath} must have a default export`);
.map((varName) => `${varName}=${process.env[varName] || ""}`)
.join("\n");
const envPath = join(tempDir, ".env");
writeFileSync(envPath, envLines + "\n");
console.log("📝 Created .env file in .temp directory with:");
let hasRequiredVars = true;
envVarsToCopy.forEach((varName) => {
const hasValue = !!process.env[varName];
console.log(` - ${varName}: ${hasValue ? "✓" : "✗ (missing)"}`);
// Check for required variables
if (varName === "ANTHROPIC_API_KEY" && !hasValue) {
hasRequiredVars = false;
} }
});
if (!hasRequiredVars) { // If it's a string, use it directly
console.warn("\n⚠️ Warning: ANTHROPIC_API_KEY is not set or empty."); if (typeof module.default === "string") {
console.warn( prompt = module.default;
" Please ensure you have a valid API key in your .env file.", } else if (typeof module.default === "object" && module.default.prompt) {
); // If it's a MainParams object with a prompt field, extract the prompt
console.warn( prompt = module.default.prompt;
" Get your API key from: https://console.anthropic.com/api-keys\n", } else {
); // Otherwise stringify it
} prompt = JSON.stringify(module.default, null, 2);
// Change to the temp directory
process.chdir(tempDir);
console.log("🚀 Running test in .temp directory...");
console.log("─".repeat(50));
console.log(`Prompt from ${filePath}:`);
console.log(prompt);
console.log("─".repeat(50));
// Run main with the params object
const result = await main({ prompt });
if (result.success) {
console.log("✅ Test completed successfully");
if (result.output) {
console.log("Output:", result.output);
} }
} else { break;
console.error("❌ Test failed:", result.error);
process.exit(1);
} }
default:
throw new Error(`Unsupported file type: ${ext}. Supported types: .txt, .json, .ts`);
}
}
try {
const result = await run(prompt, { act: args["--act"] || false });
if (!result.success) {
process.exit(1);
} }
} catch (error) { } catch (error) {
console.error("❌ Error:", (error as Error).message); console.error("❌ Error:", (error as Error).message);
process.exit(1); process.exit(1);
} }
} }
// Set up CLI
const program = new Command();
program
.name("play")
.description("Test the Pullfrog action with various prompts")
.version("1.0.0")
.argument(
"[file]",
"Prompt file to use (.txt, .json, or .ts)",
"fixtures/basic.txt",
)
.option(
"--act",
"Use Docker/act to run the action instead of running directly",
)
.action(async (file: string, options: { act?: boolean }) => {
await runPlay(file, options);
});
// Parse arguments and run
program.parseAsync(process.argv).catch((error) => {
console.error("Fatal error:", error);
process.exit(1);
});
+975 -170
View File
File diff suppressed because it is too large Load Diff
+356
View File
@@ -0,0 +1,356 @@
#!/usr/bin/env tsx
/**
* GitHub App Installation Token Generator
*
* Generates a temporary installation token for a GitHub App to access a specific repository.
* Uses environment variables for configuration and supports multiple installations.
*
* Usage:
* node scripts/generate-installation-token.ts [--repo owner/name] [--update-env]
*
* Environment variables required:
* GITHUB_APP_ID - GitHub App ID
* GITHUB_PRIVATE_KEY - GitHub App private key (PEM format)
* REPO_OWNER - Target repository owner (default)
* REPO_NAME - Target repository name (default)
*/
import { createSign } from "node:crypto";
import { readFileSync, writeFileSync } from "node:fs";
import { join } from "node:path";
import { config } from "dotenv";
// Load environment variables
config();
interface GitHubAppConfig {
appId: string;
privateKey: string;
repoOwner: string;
repoName: string;
}
interface Installation {
id: number;
account: {
login: string;
type: string;
};
}
interface Repository {
owner: {
login: string;
};
name: string;
}
interface InstallationTokenResponse {
token: string;
expires_at: string;
}
interface RepositoriesResponse {
repositories: Repository[];
}
class GitHubAppTokenGenerator {
private config: GitHubAppConfig;
constructor(config: GitHubAppConfig) {
// Process private key to handle escaped newlines
config.privateKey = config.privateKey.replace(/\\n/g, "\n");
this.config = config;
this.validateConfig();
}
private validateConfig(): void {
const { appId, privateKey, repoOwner, repoName } = this.config;
if (!appId) {
throw new Error("GITHUB_APP_ID environment variable is required");
}
if (!privateKey) {
throw new Error("GITHUB_PRIVATE_KEY environment variable is required");
}
if (!repoOwner || !repoName) {
throw new Error("REPO_OWNER and REPO_NAME environment variables are required");
}
if (!privateKey.includes("BEGIN") || !privateKey.includes("END")) {
throw new Error("GITHUB_PRIVATE_KEY must be in PEM format");
}
}
/**
* Generates a JWT for GitHub App authentication
*/
private generateJWT(): string {
const now = Math.floor(Date.now() / 1000);
const payload = {
iat: now - 60, // issued 1 minute ago to account for clock skew
exp: now + 5 * 60, // expires in 5 minutes
iss: this.config.appId,
};
const header = {
alg: "RS256",
typ: "JWT",
};
const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
const encodedPayload = this.base64UrlEncode(JSON.stringify(payload));
const signaturePart = `${encodedHeader}.${encodedPayload}`;
const signature = createSign("RSA-SHA256")
.update(signaturePart)
.sign(this.config.privateKey, "base64")
.replace(/\+/g, "-")
.replace(/\//g, "_")
.replace(/=/g, "");
return `${signaturePart}.${signature}`;
}
private base64UrlEncode(str: string): string {
return Buffer.from(str)
.toString("base64")
.replace(/\+/g, "-")
.replace(/\//g, "_")
.replace(/=/g, "");
}
/**
* Makes authenticated requests to GitHub API
*/
private async githubRequest<T>(
path: string,
options: {
method?: string;
headers?: Record<string, string>;
body?: string;
} = {}
): Promise<T> {
const { method = "GET", headers = {}, body } = options;
const url = `https://api.github.com${path}`;
const requestHeaders = {
Accept: "application/vnd.github.v3+json",
"User-Agent": "Pullfrog-Installation-Token-Generator/1.0",
...headers,
};
const response = await fetch(url, {
method,
headers: requestHeaders,
...(body && { body }),
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(
`GitHub API request failed: ${response.status} ${response.statusText}\n${errorText}`
);
}
return response.json() as T;
}
/**
* Finds the installation ID for the target repository
*/
private async findInstallationId(jwt: string): Promise<number> {
console.log("🔍 Finding GitHub App installation...");
const installations = await this.githubRequest<Installation[]>("/app/installations", {
headers: { Authorization: `Bearer ${jwt}` },
});
console.log(`📋 Found ${installations.length} installation(s)`);
// Check each installation for access to target repository
for (const installation of installations) {
console.log(`🔎 Checking installation ${installation.id} (${installation.account.login})`);
try {
// Create a temporary token to check repository access
const tempToken = await this.createInstallationToken(jwt, installation.id);
const hasAccess = await this.checkRepositoryAccess(tempToken);
if (hasAccess) {
console.log(
`✅ Installation ${installation.id} has access to ${this.config.repoOwner}/${this.config.repoName}`
);
return installation.id;
}
} catch (error) {
console.log(
`❌ Installation ${installation.id} check failed:`,
error instanceof Error ? error.message : String(error)
);
}
}
throw new Error(
`No installation found with access to ${this.config.repoOwner}/${this.config.repoName}. ` +
"Ensure the GitHub App is installed on the target repository."
);
}
/**
* Checks if the installation token has access to the target repository
*/
private async checkRepositoryAccess(token: string): Promise<boolean> {
try {
const response = await this.githubRequest<RepositoriesResponse>(
"/installation/repositories",
{
headers: { Authorization: `token ${token}` },
}
);
return response.repositories.some(
(repo) => repo.owner.login === this.config.repoOwner && repo.name === this.config.repoName
);
} catch {
return false;
}
}
/**
* Creates an installation access token
*/
private async createInstallationToken(jwt: string, installationId: number): Promise<string> {
const response = await this.githubRequest<InstallationTokenResponse>(
`/app/installations/${installationId}/access_tokens`,
{
method: "POST",
headers: { Authorization: `Bearer ${jwt}` },
}
);
return response.token;
}
/**
* Generates a new installation token for the configured repository
*/
async generateToken(): Promise<{
token: string;
installationId: number;
expiresAt: string;
}> {
console.log(
`🚀 Generating installation token for ${this.config.repoOwner}/${this.config.repoName}`
);
console.log(`📱 App ID: ${this.config.appId}`);
// Step 1: Generate JWT for app authentication
const jwt = this.generateJWT();
console.log("🔐 Generated JWT token");
// Step 2: Find installation with repository access
const installationId = await this.findInstallationId(jwt);
// Step 3: Create installation access token
console.log(`🎫 Creating installation token for installation ${installationId}...`);
const token = await this.createInstallationToken(jwt, installationId);
// Calculate expiration (GitHub tokens expire after 1 hour)
const expiresAt = new Date(Date.now() + 60 * 60 * 1000).toISOString();
console.log("✅ Installation token generated successfully!");
console.log(`🎟️ Token: ${token.substring(0, 20)}...`);
console.log(`📅 Expires: ${expiresAt}`);
console.log(`🏢 Installation ID: ${installationId}`);
return { token, installationId, expiresAt };
}
/**
* Updates the .env file with the new installation token
*/
updateEnvFile(token: string): void {
const envPath = join(process.cwd(), ".env");
try {
let envContent = readFileSync(envPath, "utf8");
// Update or add the installation token
const tokenLine = `GITHUB_INSTALLATION_TOKEN=${token}`;
const tokenRegex = /^GITHUB_INSTALLATION_TOKEN=.*$/m;
if (tokenRegex.test(envContent)) {
envContent = envContent.replace(tokenRegex, tokenLine);
} else {
envContent += `\n${tokenLine}\n`;
}
writeFileSync(envPath, envContent);
console.log(`📝 Updated ${envPath} with new installation token`);
} catch (error) {
console.error(
"❌ Failed to update .env file:",
error instanceof Error ? error.message : String(error)
);
}
}
}
/**
* CLI interface
*/
async function main(): Promise<void> {
try {
const args = process.argv.slice(2);
const updateEnv = args.includes("--update-env");
// Parse repository from args if provided
const repoArg = args.find((arg) => arg.startsWith("--repo="));
let repoOwner = process.env.REPO_OWNER || "pullfrogai";
let repoName = process.env.REPO_NAME || "scratch";
if (repoArg) {
const [owner, name] = repoArg.split("=")[1].split("/");
if (owner && name) {
repoOwner = owner;
repoName = name;
} else {
throw new Error("Invalid --repo format. Use: --repo=owner/name");
}
}
const config: GitHubAppConfig = {
appId: process.env.GITHUB_APP_ID!,
privateKey: process.env.GITHUB_PRIVATE_KEY!,
repoOwner,
repoName,
};
const generator = new GitHubAppTokenGenerator(config);
const result = await generator.generateToken();
if (updateEnv) {
generator.updateEnvFile(result.token);
}
console.log("\n🎉 Token generation complete!");
if (!updateEnv) {
console.log("\n💡 To automatically update your .env file, run with --update-env flag");
}
} catch (error) {
console.error("❌ Error:", error instanceof Error ? error.message : String(error));
process.exit(1);
}
}
// Run if called directly
if (import.meta.url === `file://${process.argv[1]}`) {
main();
}
export { GitHubAppTokenGenerator };
+17 -40
View File
@@ -1,45 +1,22 @@
{ {
// Visit https://aka.ms/tsconfig to read more about this file
"compilerOptions": { "compilerOptions": {
// File Layout
// "rootDir": "./src",
"outDir": "./dist", "outDir": "./dist",
"module": "NodeNext",
// Environment Settings "target": "ESNext",
// See also https://aka.ms/tsconfig/module "moduleResolution": "NodeNext",
"module": "esnext", "lib": ["ESNext"],
"moduleResolution": "bundler", "allowImportingTsExtensions": true,
"target": "esnext", "rewriteRelativeImportExtensions": true,
"types": [], "skipLibCheck": true,
// For nodejs: "strict": true,
// "lib": ["esnext"], "noUncheckedSideEffectImports": true,
// "types": ["node"], "declaration": true,
// and npm install -D @types/node "verbatimModuleSyntax": true,
"esModuleInterop": true,
// Other Outputs "resolveJsonModule": true,
"sourceMap": true, "exactOptionalPropertyTypes": true,
"declaration": true, "forceConsistentCasingInFileNames": true,
"declarationMap": true, "stripInternal": true,
"moduleDetection": "force"
// Stricter Typechecking Options
"noUncheckedIndexedAccess": true,
"exactOptionalPropertyTypes": true,
// Style Options
// "noImplicitReturns": true,
// "noImplicitOverride": true,
// "noUnusedLocals": true,
// "noUnusedParameters": true,
// "noFallthroughCasesInSwitch": true,
// "noPropertyAccessFromIndexSignature": true,
// Recommended Options
"strict": true,
"jsx": "react-jsx",
"verbatimModuleSyntax": true,
"isolatedModules": true,
"noUncheckedSideEffectImports": true,
"moduleDetection": "force",
"skipLibCheck": true
} }
} }
+24 -43
View File
@@ -1,59 +1,36 @@
import { execSync } from "node:child_process"; import { execSync } from "node:child_process";
import { existsSync, readFileSync } from "node:fs"; import { existsSync } from "node:fs";
import { dirname, join } from "node:path"; import { dirname, join } from "node:path";
import { fileURLToPath } from "node:url"; import { fileURLToPath } from "node:url";
import { config, parse } from "dotenv"; import { config } from "dotenv";
import { buildAction, setupTestRepo } from "./setup.ts";
const __filename = fileURLToPath(import.meta.url); const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename); const __dirname = dirname(__filename);
const tempDir = join(__dirname, "..", ".temp");
const actionPath = join(__dirname, "..");
const envPath = join(__dirname, "..", "..", ".env");
// Environment variables that should be passed as secrets to the workflow
const ENV_VARS = ["ANTHROPIC_API_KEY", "GITHUB_INSTALLATION_TOKEN"];
export function runAct(prompt: string): void { export function runAct(prompt: string): void {
// First, ensure the scratch repo is cloned // Setup test repository
const tempDir = join(__dirname, "..", ".temp"); setupTestRepo({ tempDir });
// Check if .temp exists and either reset it or clone it // Load environment variables
if (existsSync(tempDir)) {
console.log("📦 Resetting existing .temp repository...");
execSync("git reset --hard HEAD && git clean -fd", {
cwd: tempDir,
stdio: "inherit",
});
} else {
console.log("📦 Cloning pullfrogai/scratch into .temp...");
const repoUrl = "git@github.com:pullfrogai/scratch.git";
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" });
}
const workflowPath = join(tempDir, ".github", "workflows", "pullfrog.yml");
const envPath = join(__dirname, "..", "..", ".env");
// Load environment variables into process
config({ path: envPath }); config({ path: envPath });
// Parse environment variables from .env file to get keys // Build action bundles
let envVars: string[] = []; buildAction(actionPath);
try {
const content = readFileSync(envPath, "utf8");
const parsed = parse(content);
envVars = Object.keys(parsed);
} catch (error) {
console.warn(
`Warning: Could not read .env file: ${(error as Error).message}`,
);
}
// Build fresh bundles with esbuild const workflowPath = join(tempDir, ".github", "workflows", "pullfrog.yml");
const actionPath = join(__dirname, "..");
console.log("🔨 Building fresh bundles with esbuild...");
execSync("node esbuild.config.js", {
cwd: actionPath,
stdio: "inherit",
});
// Create minimal dist for act (avoids pnpm symlink issues) // Create minimal dist for act (avoids pnpm symlink issues)
const distPath = join(actionPath, ".act-dist"); const distPath = join(actionPath, ".act-dist");
console.log("📦 Creating minimal distribution for act..."); console.log("📦 Creating minimal distribution for act...");
execSync(`rm -rf "${distPath}" && mkdir -p "${distPath}"`, { shell: true }); execSync(`rm -rf "${distPath}" && mkdir -p "${distPath}"`, { shell: "/bin/bash" });
// Copy only necessary files (bundled, no node_modules needed) // Copy only necessary files (bundled, no node_modules needed)
["action.yml", "entry.cjs", "index.cjs", "package.json"].forEach((file) => { ["action.yml", "entry.cjs", "index.cjs", "package.json"].forEach((file) => {
@@ -79,11 +56,15 @@ export function runAct(prompt: string): void {
`pullfrog/action@v0=${distPath}`, // Use minimal dist without symlinks `pullfrog/action@v0=${distPath}`, // Use minimal dist without symlinks
]; ];
// Add all environment variables as secrets (without values) // Add environment variables as secrets that will be available to the workflow
envVars.forEach((key) => { ENV_VARS.forEach((key) => {
actCommandParts.push("-s", key); if (process.env[key]) {
actCommandParts.push("-s", key);
}
}); });
// We only need the specific ENV_VARS, no need to add other variables
const actCommand = actCommandParts.join(" "); const actCommand = actCommandParts.join(" ");
console.log("🚀 Running act with prompt:"); console.log("🚀 Running act with prompt:");
+71
View File
@@ -0,0 +1,71 @@
import * as core from "@actions/core";
export interface InstallationToken {
token: string;
expires_at: string;
installation_id: number;
repository: string;
ref: string;
runner_environment: string;
owner?: string;
}
/**
* Setup GitHub installation token for the action
*/
export async function setupGitHubInstallationToken(): Promise<string> {
// Check if we have an installation token from inputs or environment
const inputToken = core.getInput("github_installation_token");
const envToken = process.env.GITHUB_INSTALLATION_TOKEN;
const existingToken = inputToken || envToken;
if (existingToken) {
// Mask the existing token in logs for security
core.setSecret(existingToken);
core.info("Using provided GitHub installation token");
return existingToken;
}
core.info("Generating OIDC token...");
try {
// Generate OIDC token for our API
const oidcToken = await core.getIDToken("pullfrog-api");
core.info("OIDC token generated successfully");
// Exchange OIDC token for installation token
const apiUrl = process.env.API_URL || "https://pullfrog.ai";
core.info("Exchanging OIDC token for installation token...");
const tokenResponse = await fetch(`${apiUrl}/api/github/installation-token`, {
method: "POST",
headers: {
Authorization: `Bearer ${oidcToken}`,
"Content-Type": "application/json",
},
});
if (!tokenResponse.ok) {
const errorText = await tokenResponse.text();
throw new Error(
`Token exchange failed: ${tokenResponse.status} ${tokenResponse.statusText} - ${errorText}`
);
}
// This type is enforced by us when the response is created
const tokenData = (await tokenResponse.json()) as InstallationToken;
core.info(`Installation token obtained for ${tokenData.repository || "all repositories"}`);
// Mask the token in logs for security
core.setSecret(tokenData.token);
// Set the token as an environment variable for this run
process.env.GITHUB_INSTALLATION_TOKEN = tokenData.token;
return tokenData.token;
} catch (error) {
throw new Error(
`Failed to setup GitHub installation token: ${error instanceof Error ? error.message : "Unknown error"}`
);
}
}
-3
View File
@@ -1,3 +0,0 @@
export * from "./files";
export * from "./subprocess";
export * from "./table";
+51
View File
@@ -0,0 +1,51 @@
import { execSync } from "node:child_process";
import { existsSync, rmSync } from "node:fs";
export interface SetupOptions {
tempDir: string;
repoUrl?: string;
forceClean?: boolean;
}
/**
* Setup the test repository for running actions
*/
export function setupTestRepo(options: SetupOptions): void {
const {
tempDir,
repoUrl = "git@github.com:pullfrogai/scratch.git",
forceClean = false,
} = options;
// Handle existing temp directory
if (existsSync(tempDir)) {
if (forceClean) {
console.log("🗑️ Removing existing .temp directory...");
rmSync(tempDir, { recursive: true, force: true });
// Clone the repository
console.log("📦 Cloning pullfrogai/scratch into .temp...");
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" });
} else {
console.log("📦 Resetting existing .temp repository...");
execSync("git reset --hard HEAD && git clean -fd", {
cwd: tempDir,
stdio: "inherit",
});
}
} else {
console.log("📦 Cloning pullfrogai/scratch into .temp...");
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" });
}
}
/**
* Build the action bundles
*/
export function buildAction(actionPath: string): void {
console.log("🔨 Building fresh bundles with esbuild...");
execSync("node esbuild.config.js", {
cwd: actionPath,
stdio: "inherit",
});
}