Compare commits

..

22 Commits

Author SHA1 Message Date
David Blass 16e04e7152 bump version 2025-10-08 16:49:12 -04:00
David Blass 522779ef54 bump version 2025-10-08 16:47:03 -04:00
David Blass d3d2dad025 no-frozen-lockfile 2025-10-08 16:46:52 -04:00
David Blass 66bf86f081 bump version 2025-10-08 16:42:55 -04:00
David Blass 608322f026 use frozen lockfile in ci 2025-10-08 16:42:09 -04:00
David Blass e3a3d416fb bump version 2025-10-08 16:33:04 -04:00
David Blass f0e339f5c2 big 2025-10-08 16:21:10 -04:00
David Blass 87d32763e9 fix 2025-10-08 15:19:02 -04:00
ssalbdivad 671334f37d embarrassing 2025-10-08 14:07:28 -04:00
David Blass 267ed3686f bump version 2025-09-24 13:52:37 -04:00
David Blass ff1226a824 fix input type 2025-09-24 13:52:18 -04:00
ssalbdivad e13c5eed00 cleanup, add InstallationToken type 2025-09-23 12:48:35 -04:00
Colin McDonnell f2a1c3c1bb Update 2025-09-16 03:22:50 -07:00
Colin McDonnell e672deb934 Update 2025-09-16 03:22:12 -07:00
Colin McDonnell 70b365fca1 Clean up msgs 2025-09-10 15:01:45 -07:00
Colin McDonnell 5c8b03a427 Lock 2025-09-10 00:56:50 -07:00
Colin McDonnell 92225d30c5 No frozen lockfile 2025-09-10 00:36:03 -07:00
Colin McDonnell 3630ba6618 0.0.8 2025-09-10 00:32:54 -07:00
Colin McDonnell 6a03bb8e1b Update precommit 2025-09-10 00:31:21 -07:00
Colin McDonnell 3139f541e4 feat: integrate OIDC token exchange in GitHub Action
- Add setupGitHubInstallationToken utility for OIDC token generation
- Implement automatic token exchange with Pullfrog API endpoint
- Add support for multiple authentication methods (input, env, OIDC)
- Create setup utilities for test repository management
- Update action entry point to handle new token flow
- Add environment variable documentation for API key
- Remove large bundled dependencies and optimize build
- Support both development and production token workflows
2025-09-10 00:30:45 -07:00
Colin McDonnell c5b9c7cfc4 Tweak 2025-09-09 17:19:59 -07:00
Colin McDonnell 7a14716481 Disable npm publishing for now 2025-09-09 16:58:30 -07:00
25 changed files with 2388 additions and 26573 deletions
+7 -17
View File
@@ -34,7 +34,7 @@ jobs:
registry-url: "https://registry.npmjs.org"
- name: Install dependencies
run: pnpm install
run: pnpm install --no-frozen-lockfile
- name: Get package version
id: version
@@ -95,24 +95,14 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.version.outputs.tag }}
release_name: "@pullfrog/action ${{ steps.version.outputs.tag }}"
release_name: "${{ steps.version.outputs.tag }}"
body: |
## 📦 @pullfrog/action ${{ steps.version.outputs.version }}
### Usage in GitHub Actions
Use the major version tag for automatic updates:
```yaml
- uses: pullfrog/action@${{ steps.version.outputs.major_tag }}
with:
message: "Your message here"
```
Or pin to this specific version:
```yaml
- uses: pullfrog/action@${{ steps.version.outputs.tag }}
with:
message: "Your message here"
```
### Installation via npm
@@ -123,11 +113,11 @@ jobs:
draft: false
prerelease: false
- name: Publish to npm
if: steps.check_tag.outputs.exists == 'false'
run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
# - name: Publish to npm
# if: steps.check_tag.outputs.exists == 'false'
# run: npm publish --access public
# env:
# NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Summary
if: always()
+1 -1
View File
@@ -3,4 +3,4 @@ echo "🔨 Building action..."
npm run build
# Add the built files to the commit
git add index.cjs entry.cjs
git add entry.cjs
+299
View File
@@ -0,0 +1,299 @@
# Claude Code Action Architecture & Flow
This document provides a comprehensive overview of how the official (Anthropic) Claude Code Action works, from token exchange through post-run cleanup.
## Overview
The Claude Code Action is a sophisticated GitHub automation platform that enables Claude to interact with GitHub repositories through secure token exchange, intelligent mode detection, and comprehensive GitHub API integration.
## High-Level Architecture
```mermaid
graph TD
Start([GitHub Action Triggered]) --> Setup[Setup Environment<br/>- Install Bun<br/>- Install Dependencies]
Setup --> ParseContext[Parse GitHub Context<br/>- Extract event data<br/>- Parse inputs]
ParseContext --> ModeDetection{Mode Detection}
ModeDetection -->|Has explicit prompt| AgentMode[AGENT MODE<br/>Direct automation]
ModeDetection -->|@claude mention/assignment/label| TagMode[TAG MODE<br/>Interactive response]
ModeDetection -->|No trigger| DefaultAgent[Default to Agent<br/>(won't trigger)]
%% Token Exchange Branch
AgentMode --> TokenExchange[Token Exchange Process]
TagMode --> TokenExchange
TokenExchange --> TokenMethod{Token Method}
TokenMethod -->|Custom token provided| UseCustom[Use Custom GitHub Token]
TokenMethod -->|No custom token| OIDC[Generate OIDC Token<br/>core.getIDToken()]
OIDC --> Exchange[Exchange OIDC for App Token<br/>api.anthropic.com/api/github/github-app-token-exchange]
Exchange --> CreateOctokit[Create Authenticated Octokit Client<br/>REST + GraphQL]
UseCustom --> CreateOctokit
%% Permission Checks
CreateOctokit --> PermCheck[Check Write Permissions<br/>Only for entity contexts]
PermCheck -->|No permissions| PermFail[❌ Exit: No write access]
PermCheck -->|Has permissions| TriggerCheck{Check Trigger Conditions}
%% Trigger Validation
TriggerCheck -->|Agent Mode| AgentTrigger{Has explicit prompt?}
TriggerCheck -->|Tag Mode| TagTrigger{Contains @claude mention<br/>or assignment/label?}
AgentTrigger -->|No prompt| NoTrigger[❌ Skip: No trigger found]
AgentTrigger -->|Has prompt| PrepareAgent[Prepare Agent Mode]
TagTrigger -->|No mention| NoTrigger
TagTrigger -->|Has mention| PrepareTag[Prepare Tag Mode]
%% Mode-Specific Preparation
PrepareAgent --> AgentPrep[Agent Mode Preparation<br/>- Create prompt file<br/>- Setup MCP servers<br/>- No tracking comment]
PrepareTag --> TagPrep[Tag Mode Preparation<br/>- Create tracking comment<br/>- Setup branches<br/>- Fetch GitHub data<br/>- Setup MCP servers]
%% Data Fetching (Tag Mode)
TagPrep --> DataFetch[Fetch GitHub Data<br/>GraphQL + REST API]
DataFetch --> FetchWhat{What to fetch?}
FetchWhat -->|Pull Request| PRData[PR Data:<br/>- Comments & reviews<br/>- Changed files + SHAs<br/>- Commit history<br/>- Author info]
FetchWhat -->|Issue| IssueData[Issue Data:<br/>- Comments<br/>- Issue details<br/>- Author info]
PRData --> ProcessImages[Process Images<br/>Download & convert to base64]
IssueData --> ProcessImages
ProcessImages --> SetupBranch[Setup Branch<br/>- Create Claude branch<br/>- Configure git auth]
%% MCP Server Setup
AgentPrep --> MCPSetup[Setup MCP Servers]
SetupBranch --> MCPSetup
MCPSetup --> MCPServers{MCP Servers}
MCPServers --> GitHubActions[GitHub Actions Server<br/>- Workflow data<br/>- CI results]
MCPServers --> GitHubComments[GitHub Comment Server<br/>- Comment operations]
MCPServers --> GitHubFiles[GitHub File Ops Server<br/>- File operations<br/>- Branch management]
MCPServers --> GitHubInline[GitHub Inline Comment Server<br/>- PR review comments]
GitHubActions --> PromptGen[Generate Prompt]
GitHubComments --> PromptGen
GitHubFiles --> PromptGen
GitHubInline --> PromptGen
%% Prompt Generation
PromptGen --> PromptType{Prompt Type}
PromptType -->|Agent Mode| AgentPrompt[Agent Prompt:<br/>- Direct user prompt<br/>- Minimal context]
PromptType -->|Tag Mode| TagPrompt[Tag Prompt:<br/>- Rich GitHub context<br/>- PR/Issue details<br/>- Changed files<br/>- Comments & reviews<br/>- Commit instructions]
AgentPrompt --> ClaudeRun[Run Claude Code]
TagPrompt --> ClaudeRun
%% Claude Execution
ClaudeRun --> ClaudeExec[Claude Code Execution<br/>base-action/src/index.ts]
ClaudeExec --> ClaudeArgs[Prepare Claude Args<br/>- Prompt file path<br/>- Custom claude_args<br/>- Output format: stream-json]
ClaudeArgs --> ClaudeProvider{Provider}
ClaudeProvider -->|Default| AnthropicAPI[Anthropic API<br/>ANTHROPIC_API_KEY]
ClaudeProvider -->|Bedrock| AWSBedrock[AWS Bedrock<br/>OIDC + AWS credentials]
ClaudeProvider -->|Vertex| GCPVertex[GCP Vertex AI<br/>OIDC + GCP credentials]
AnthropicAPI --> ClaudeProcess[Spawn Claude Process<br/>- Named pipe for input<br/>- Stream JSON output]
AWSBedrock --> ClaudeProcess
GCPVertex --> ClaudeProcess
ClaudeProcess --> ClaudeTools[Claude Tool Usage<br/>- MCP tools<br/>- File operations<br/>- GitHub API calls<br/>- Bash commands]
ClaudeTools --> ClaudeOutput[Claude Output Processing<br/>- Capture execution log<br/>- Parse JSON stream<br/>- Extract metrics]
%% Post-Run Actions
ClaudeOutput --> PostRun{Post-Run Actions}
PostRun -->|Success| Success[✅ Success Path]
PostRun -->|Failure| Failure[❌ Failure Path]
Success --> UpdateComment[Update Tracking Comment<br/>- Job run link<br/>- Branch link<br/>- PR link (if created)<br/>- Execution metrics]
Failure --> UpdateComment
UpdateComment --> BranchCleanup[Branch Cleanup<br/>- Check for changes<br/>- Delete empty branches<br/>- Keep branches with commits]
BranchCleanup --> FormatReport[Format Execution Report<br/>- Parse conversation turns<br/>- Format tool usage<br/>- Add to GitHub step summary]
FormatReport --> RevokeToken[Revoke App Token<br/>DELETE /installation/token]
RevokeToken --> End([Action Complete])
```
## Key Components
### 1. Token Exchange Process
The action uses a secure OIDC token exchange system:
1. **OIDC Token Generation**: `core.getIDToken("claude-code-github-action")`
2. **Token Exchange**: POST to `https://api.anthropic.com/api/github/github-app-token-exchange`
3. **Authentication**: Creates authenticated Octokit clients for GitHub API access
**Security Benefits:**
- Repository-scoped access
- Time-limited tokens
- Permission-limited (only configured GitHub App permissions)
- Automatic token masking in logs
### 2. Mode Detection
The action automatically detects the appropriate execution mode:
#### **Agent Mode**
- **Trigger**: Explicit `prompt` input provided
- **Use Case**: Direct automation, custom workflows
- **Behavior**: Minimal context, direct execution
- **Tracking**: No tracking comments
#### **Tag Mode**
- **Trigger**: @claude mentions, issue assignments, or labels
- **Use Case**: Interactive GitHub responses
- **Behavior**: Rich context, comprehensive GitHub data
- **Tracking**: Creates and updates tracking comments
### 3. Data Fetching (Tag Mode)
When in Tag Mode, the action fetches comprehensive GitHub context:
#### **Pull Request Data:**
- Comments and reviews (including inline comments)
- Changed files with SHAs
- Commit history and metadata
- Author information
- File diff data
#### **Issue Data:**
- Issue details and metadata
- All comments
- Author information
- Labels and assignments
#### **Image Processing:**
- Downloads images from GitHub
- Converts to base64 for Claude
- Maps original URLs to processed content
### 4. MCP Server Integration
The action sets up multiple MCP (Model Context Protocol) servers to provide Claude with GitHub capabilities:
#### **GitHub Actions Server**
- Access to workflow runs and CI data
- Build status and test results
- Artifact information
#### **GitHub Comment Server**
- Comment creation and updates
- Issue and PR comment management
#### **GitHub File Operations Server**
- File reading and writing
- Branch creation and management
- Commit operations
#### **GitHub Inline Comment Server**
- PR review comment operations
- Line-specific feedback
### 5. Prompt Generation
The action generates context-rich prompts based on the detected mode:
#### **Agent Mode Prompts:**
- Direct user prompt
- Minimal GitHub context
- Focused on specific task
#### **Tag Mode Prompts:**
- Comprehensive GitHub context
- PR/Issue details and history
- Changed files and diffs
- Comment threads and reviews
- Commit instructions and guidelines
### 6. Claude Execution
The action runs Claude Code through multiple provider options:
#### **Provider Support:**
- **Anthropic API** (default): Direct API access with API key
- **AWS Bedrock**: OIDC authentication with AWS credentials
- **GCP Vertex AI**: OIDC authentication with GCP credentials
#### **Execution Process:**
1. **Named Pipe Setup**: Creates pipe for prompt input
2. **Process Spawning**: Spawns Claude Code process
3. **Stream Processing**: Captures JSON stream output
4. **Tool Integration**: Enables MCP tools and GitHub operations
### 7. Post-Run Actions
After Claude execution, the action performs comprehensive cleanup and reporting:
#### **Comment Updates:**
- Updates tracking comments with results
- Adds job run links and execution metrics
- Includes branch and PR links when created
#### **Branch Management:**
- Checks for actual changes in Claude branches
- Deletes empty branches to avoid clutter
- Preserves branches with meaningful commits
#### **Report Generation:**
- Parses execution logs and conversation turns
- Formats tool usage and results
- Adds formatted report to GitHub step summary
#### **Security Cleanup:**
- Revokes GitHub App installation token
- Cleans up temporary files and processes
## Security Considerations
### **Access Control:**
- Repository-scoped permissions only
- Write access validation for actors
- Bot user controls and allowlists
### **Token Management:**
- Short-lived installation tokens
- Automatic token revocation after use
- Secure OIDC-based exchange
### **Permission Boundaries:**
- Limited to configured GitHub App permissions
- No cross-repository access
- Scoped to specific repository operations
## Integration Points
### **With Pullfrog:**
The Claude Code Action can be integrated with Pullfrog's workflow system, providing:
- Standardized agent interaction patterns
- Consistent GitHub integration
- Reusable authentication flows
- Common MCP server infrastructure
### **With GitHub:**
- Native GitHub Actions integration
- Comprehensive API coverage (REST + GraphQL)
- Proper webhook handling
- Standard GitHub UI integration
## Development Notes
### **Key Files:**
- `src/entrypoints/prepare.ts`: Main preparation logic
- `src/modes/`: Mode detection and handling
- `src/github/token.ts`: OIDC token exchange
- `src/mcp/`: MCP server implementations
- `base-action/`: Core Claude Code execution
### **Testing:**
- Unit tests for individual components
- Integration tests for full workflows
- Local testing with `act` tool
- Comprehensive fixture support
This architecture provides a robust, secure, and extensible foundation for Claude-GitHub integration while maintaining clear separation of concerns and comprehensive error handling.
+10
View File
@@ -2,6 +2,8 @@
GitHub Action for running Claude Code and other agents via Pullfrog.
> **📖 Claude Code Action Architecture**: For a detailed technical overview of how the Claude Code Action works (token exchange, modes, data fetching, execution flow), see [CLAUDE-ACTION.md](./CLAUDE-ACTION.md).
## Quick Start
```bash
@@ -55,6 +57,14 @@ pnpm dev # Watch mode
The action is bundled into `entry.cjs` with all dependencies included, eliminating runtime dependency on node_modules.
## Environment Variables
Create `.env` in `/action`:
```bash
ANTHROPIC_API_KEY=sk-ant-api03-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Claude API key
```
## Architecture
- **entry.cjs**: Bundled action entry point (self-contained)
+6
View File
@@ -10,6 +10,12 @@ inputs:
anthropic_api_key:
description: "Anthropic API key for Claude Code authentication"
required: false
github_token:
description: "GitHub token for repository access"
required: false
github_installation_token:
description: "GitHub App installation token"
required: false
runs:
using: "node20"
+35 -31
View File
@@ -1,8 +1,9 @@
import { access, constants } from "node:fs/promises";
import * as core from "@actions/core";
import { boxString, tableString } from "../utils";
import { spawn } from "../utils/subprocess";
import type { Agent, AgentConfig, AgentResult } from "./types";
import { createMcpConfig } from "../mcp/config.ts";
import { spawn } from "../utils/subprocess.ts";
import { boxString, tableString } from "../utils/table.ts";
import type { Agent, AgentConfig, AgentResult } from "./types.ts";
/**
* Claude Code agent implementation
@@ -53,20 +54,18 @@ export class ClaudeAgent implements Agent {
// Use shell execution to properly handle the pipe
const result = await spawn({
cmd: "bash",
args: [
"-c",
"curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93",
],
args: ["-c", "curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93"],
env: { ANTHROPIC_API_KEY: this.apiKey },
timeout: 120000, // 2 minute timeout
onStdout: (chunk) => process.stdout.write(chunk),
onStdout: () => {
// no logs
// process.stdout.write(chunk)
},
onStderr: (chunk) => process.stderr.write(chunk),
});
if (result.exitCode !== 0) {
throw new Error(
`Installation failed with exit code ${result.exitCode}: ${result.stderr}`,
);
throw new Error(`Installation failed with exit code ${result.exitCode}: ${result.stderr}`);
}
core.info("Claude Code installed successfully");
@@ -95,8 +94,24 @@ export class ClaudeAgent implements Agent {
"stream-json",
"--verbose",
"--permission-mode",
"acceptEdits",
"bypassPermissions",
];
// Add MCP configuration if GitHub credentials are available
if (
process.env.GITHUB_INSTALLATION_TOKEN &&
process.env.REPO_OWNER &&
process.env.REPO_NAME
) {
const mcpConfig = createMcpConfig(
process.env.GITHUB_INSTALLATION_TOKEN,
process.env.REPO_OWNER,
process.env.REPO_NAME
);
console.log("📋 MCP Config:", mcpConfig);
args.push("--mcp-config", mcpConfig);
}
const env = {
ANTHROPIC_API_KEY: this.apiKey,
};
@@ -136,7 +151,7 @@ export class ClaudeAgent implements Agent {
// throw on non-zero exit code
if (result.exitCode !== 0) {
throw new Error(
`Command failed with exit code ${result.exitCode}\n\nStdout: ${result.stdout}\n\nStderr: ${result.stderr}`,
`Command failed with exit code ${result.exitCode}\n\nStdout: ${result.stdout}\n\nStderr: ${result.stderr}`
);
}
@@ -155,7 +170,7 @@ export class ClaudeAgent implements Agent {
// Log run summary
const duration = Date.now() - this.runStats.startTime;
core.info(
`📊 Run Summary: ${this.runStats.toolsUsed} tools used, ${this.runStats.turns} turns, ${duration}ms duration`,
`📊 Run Summary: ${this.runStats.toolsUsed} tools used, ${this.runStats.turns} turns, ${duration}ms duration`
);
core.info("✅ Task complete.");
@@ -178,8 +193,7 @@ export class ClaudeAgent implements Agent {
} catch {
// Group might not have been started, ignore
}
const errorMessage =
error instanceof Error ? error.message : "Unknown error";
const errorMessage = error instanceof Error ? error.message : "Unknown error";
return {
success: false,
error: `Failed to execute Claude Code: ${errorMessage}`,
@@ -230,12 +244,7 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
["model", parsedChunk.model],
["cwd", parsedChunk.cwd],
["permission_mode", parsedChunk.permissionMode],
[
"tools",
parsedChunk.tools?.length
? `${parsedChunk.tools.length} tools`
: "none",
],
["tools", parsedChunk.tools?.length ? `${parsedChunk.tools.length} tools` : "none"],
[
"mcp_servers",
parsedChunk.mcp_servers?.length
@@ -248,7 +257,7 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
? `${parsedChunk.slash_commands.length} commands`
: "none",
],
]),
])
);
}
break;
@@ -264,9 +273,7 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
if (content.type === "text") {
// Skip empty text content
if (content.text.trim()) {
core.info(
boxString(content.text.trim(), { title: "Claude Code" }),
);
core.info(boxString(content.text.trim(), { title: "Claude Code" }));
}
} else if (content.type === "tool_use") {
// Track tools used
@@ -376,15 +383,12 @@ function processJSONChunk(chunk: string, agent?: ClaudeAgent): void {
core.info(
tableString([
[
"Cost",
`$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`,
],
["Cost", `$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`],
["Input Tokens", parsedChunk.usage?.input_tokens || 0],
["Output Tokens", parsedChunk.usage?.output_tokens || 0],
["Duration", `${parsedChunk.duration_ms}ms`],
["Turns", parsedChunk.num_turns || 1],
]),
])
);
} else {
core.error(`❌ Failed: ${parsedChunk.error || "Unknown error"}`);
-2
View File
@@ -1,2 +0,0 @@
export * from "./claude";
export * from "./types";
+150 -81
View File
@@ -13047,7 +13047,7 @@ var require_fetch = __commonJS({
this.emit("terminated", error2);
}
};
function fetch(input, init = {}) {
function fetch2(input, init = {}) {
webidl.argumentLengthCheck(arguments, 1, { header: "globalThis.fetch" });
const p = createDeferredPromise();
let requestObject;
@@ -13977,7 +13977,7 @@ var require_fetch = __commonJS({
}
}
module2.exports = {
fetch,
fetch: fetch2,
Fetch,
fetching,
finalizeAndReportTiming
@@ -17233,7 +17233,7 @@ var require_undici = __commonJS({
module2.exports.getGlobalDispatcher = getGlobalDispatcher;
if (util.nodeMajor > 16 || util.nodeMajor === 16 && util.nodeMinor >= 8) {
let fetchImpl = null;
module2.exports.fetch = async function fetch(resource) {
module2.exports.fetch = async function fetch2(resource) {
if (!fetchImpl) {
fetchImpl = require_fetch().fetch;
}
@@ -17582,12 +17582,12 @@ var require_lib = __commonJS({
throw new Error("Client has already been disposed.");
}
const parsedUrl = new URL(requestUrl);
let info3 = this._prepareRequest(verb, parsedUrl, headers);
let info4 = this._prepareRequest(verb, parsedUrl, headers);
const maxTries = this._allowRetries && RetryableHttpVerbs.includes(verb) ? this._maxRetries + 1 : 1;
let numTries = 0;
let response;
do {
response = yield this.requestRaw(info3, data);
response = yield this.requestRaw(info4, data);
if (response && response.message && response.message.statusCode === HttpCodes.Unauthorized) {
let authenticationHandler;
for (const handler of this.handlers) {
@@ -17597,7 +17597,7 @@ var require_lib = __commonJS({
}
}
if (authenticationHandler) {
return authenticationHandler.handleAuthentication(this, info3, data);
return authenticationHandler.handleAuthentication(this, info4, data);
} else {
return response;
}
@@ -17620,8 +17620,8 @@ var require_lib = __commonJS({
}
}
}
info3 = this._prepareRequest(verb, parsedRedirectUrl, headers);
response = yield this.requestRaw(info3, data);
info4 = this._prepareRequest(verb, parsedRedirectUrl, headers);
response = yield this.requestRaw(info4, data);
redirectsRemaining--;
}
if (!response.message.statusCode || !HttpResponseRetryCodes.includes(response.message.statusCode)) {
@@ -17650,7 +17650,7 @@ var require_lib = __commonJS({
* @param info
* @param data
*/
requestRaw(info3, data) {
requestRaw(info4, data) {
return __awaiter(this, void 0, void 0, function* () {
return new Promise((resolve, reject) => {
function callbackForResult(err, res) {
@@ -17662,7 +17662,7 @@ var require_lib = __commonJS({
resolve(res);
}
}
this.requestRawWithCallback(info3, data, callbackForResult);
this.requestRawWithCallback(info4, data, callbackForResult);
});
});
}
@@ -17672,12 +17672,12 @@ var require_lib = __commonJS({
* @param data
* @param onResult
*/
requestRawWithCallback(info3, data, onResult) {
requestRawWithCallback(info4, data, onResult) {
if (typeof data === "string") {
if (!info3.options.headers) {
info3.options.headers = {};
if (!info4.options.headers) {
info4.options.headers = {};
}
info3.options.headers["Content-Length"] = Buffer.byteLength(data, "utf8");
info4.options.headers["Content-Length"] = Buffer.byteLength(data, "utf8");
}
let callbackCalled = false;
function handleResult(err, res) {
@@ -17686,7 +17686,7 @@ var require_lib = __commonJS({
onResult(err, res);
}
}
const req = info3.httpModule.request(info3.options, (msg) => {
const req = info4.httpModule.request(info4.options, (msg) => {
const res = new HttpClientResponse(msg);
handleResult(void 0, res);
});
@@ -17698,7 +17698,7 @@ var require_lib = __commonJS({
if (socket) {
socket.end();
}
handleResult(new Error(`Request timeout: ${info3.options.path}`));
handleResult(new Error(`Request timeout: ${info4.options.path}`));
});
req.on("error", function(err) {
handleResult(err);
@@ -17734,27 +17734,27 @@ var require_lib = __commonJS({
return this._getProxyAgentDispatcher(parsedUrl, proxyUrl);
}
_prepareRequest(method, requestUrl, headers) {
const info3 = {};
info3.parsedUrl = requestUrl;
const usingSsl = info3.parsedUrl.protocol === "https:";
info3.httpModule = usingSsl ? https : http;
const info4 = {};
info4.parsedUrl = requestUrl;
const usingSsl = info4.parsedUrl.protocol === "https:";
info4.httpModule = usingSsl ? https : http;
const defaultPort = usingSsl ? 443 : 80;
info3.options = {};
info3.options.host = info3.parsedUrl.hostname;
info3.options.port = info3.parsedUrl.port ? parseInt(info3.parsedUrl.port) : defaultPort;
info3.options.path = (info3.parsedUrl.pathname || "") + (info3.parsedUrl.search || "");
info3.options.method = method;
info3.options.headers = this._mergeHeaders(headers);
info4.options = {};
info4.options.host = info4.parsedUrl.hostname;
info4.options.port = info4.parsedUrl.port ? parseInt(info4.parsedUrl.port) : defaultPort;
info4.options.path = (info4.parsedUrl.pathname || "") + (info4.parsedUrl.search || "");
info4.options.method = method;
info4.options.headers = this._mergeHeaders(headers);
if (this.userAgent != null) {
info3.options.headers["user-agent"] = this.userAgent;
info4.options.headers["user-agent"] = this.userAgent;
}
info3.options.agent = this._getAgent(info3.parsedUrl);
info4.options.agent = this._getAgent(info4.parsedUrl);
if (this.handlers) {
for (const handler of this.handlers) {
handler.prepareRequest(info3.options);
handler.prepareRequest(info4.options);
}
}
return info3;
return info4;
}
_mergeHeaders(headers) {
if (this.requestOptions && this.requestOptions.headers) {
@@ -19661,10 +19661,10 @@ var require_core = __commonJS({
(0, command_1.issueCommand)("set-env", { name }, convertedVal);
}
exports2.exportVariable = exportVariable;
function setSecret(secret) {
function setSecret2(secret) {
(0, command_1.issueCommand)("add-mask", {}, secret);
}
exports2.setSecret = setSecret;
exports2.setSecret = setSecret2;
function addPath(inputPath) {
const filePath = process.env["GITHUB_PATH"] || "";
if (filePath) {
@@ -19675,7 +19675,7 @@ var require_core = __commonJS({
process.env["PATH"] = `${inputPath}${path.delimiter}${process.env["PATH"]}`;
}
exports2.addPath = addPath;
function getInput2(name, options) {
function getInput3(name, options) {
const val = process.env[`INPUT_${name.replace(/ /g, "_").toUpperCase()}`] || "";
if (options && options.required && !val) {
throw new Error(`Input required and not supplied: ${name}`);
@@ -19685,9 +19685,9 @@ var require_core = __commonJS({
}
return val.trim();
}
exports2.getInput = getInput2;
exports2.getInput = getInput3;
function getMultilineInput(name, options) {
const inputs = getInput2(name, options).split("\n").filter((x) => x !== "");
const inputs = getInput3(name, options).split("\n").filter((x) => x !== "");
if (options && options.trimWhitespace === false) {
return inputs;
}
@@ -19697,7 +19697,7 @@ var require_core = __commonJS({
function getBooleanInput(name, options) {
const trueValue = ["true", "True", "TRUE"];
const falseValue = ["false", "False", "FALSE"];
const val = getInput2(name, options);
const val = getInput3(name, options);
if (trueValue.includes(val))
return true;
if (falseValue.includes(val))
@@ -19706,7 +19706,7 @@ var require_core = __commonJS({
Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
}
exports2.getBooleanInput = getBooleanInput;
function setOutput2(name, value) {
function setOutput(name, value) {
const filePath = process.env["GITHUB_OUTPUT"] || "";
if (filePath) {
return (0, file_command_1.issueFileCommand)("OUTPUT", (0, file_command_1.prepareKeyValueMessage)(name, value));
@@ -19714,7 +19714,7 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
process.stdout.write(os.EOL);
(0, command_1.issueCommand)("set-output", { name }, (0, utils_1.toCommandValue)(value));
}
exports2.setOutput = setOutput2;
exports2.setOutput = setOutput;
function setCommandEcho(enabled) {
(0, command_1.issue)("echo", enabled ? "on" : "off");
}
@@ -19744,10 +19744,10 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
(0, command_1.issueCommand)("notice", (0, utils_1.toCommandProperties)(properties), message instanceof Error ? message.toString() : message);
}
exports2.notice = notice;
function info3(message) {
function info4(message) {
process.stdout.write(message + os.EOL);
}
exports2.info = info3;
exports2.info = info4;
function startGroup2(name) {
(0, command_1.issue)("group", name);
}
@@ -19781,12 +19781,12 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
return process.env[`STATE_${name}`] || "";
}
exports2.getState = getState;
function getIDToken(aud) {
function getIDToken2(aud) {
return __awaiter(this, void 0, void 0, function* () {
return yield oidc_utils_1.OidcClient.getIDToken(aud);
});
}
exports2.getIDToken = getIDToken;
exports2.getIDToken = getIDToken2;
var summary_1 = require_summary();
Object.defineProperty(exports2, "summary", { enumerable: true, get: function() {
return summary_1.summary;
@@ -25494,7 +25494,7 @@ var require_src = __commonJS({
});
// entry.ts
var core3 = __toESM(require_core(), 1);
var core4 = __toESM(require_core(), 1);
// main.ts
var core2 = __toESM(require_core(), 1);
@@ -25503,6 +25503,28 @@ var core2 = __toESM(require_core(), 1);
var import_promises = require("node:fs/promises");
var core = __toESM(require_core(), 1);
// mcp/config.ts
var actionPath = process.env.GITHUB_ACTION_PATH || process.cwd();
function createMcpConfig(githubInstallationToken, repoOwner, repoName) {
return JSON.stringify(
{
mcpServers: {
minimal_github_comment: {
command: "node",
args: [`${actionPath}/mcp/server.ts`],
env: {
GITHUB_INSTALLATION_TOKEN: githubInstallationToken,
REPO_OWNER: repoOwner,
REPO_NAME: repoName
}
}
}
},
null,
2
);
}
// utils/subprocess.ts
var import_node_child_process = require("node:child_process");
async function spawn(options) {
@@ -25707,20 +25729,16 @@ var ClaudeAgent = class {
try {
const result = await spawn({
cmd: "bash",
args: [
"-c",
"curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93"
],
args: ["-c", "curl -fsSL https://claude.ai/install.sh | bash -s 1.0.93"],
env: { ANTHROPIC_API_KEY: this.apiKey },
timeout: 12e4,
// 2 minute timeout
onStdout: (chunk) => process.stdout.write(chunk),
onStdout: () => {
},
onStderr: (chunk) => process.stderr.write(chunk)
});
if (result.exitCode !== 0) {
throw new Error(
`Installation failed with exit code ${result.exitCode}: ${result.stderr}`
);
throw new Error(`Installation failed with exit code ${result.exitCode}: ${result.stderr}`);
}
core.info("Claude Code installed successfully");
} catch (error2) {
@@ -25741,8 +25759,17 @@ var ClaudeAgent = class {
"stream-json",
"--verbose",
"--permission-mode",
"acceptEdits"
"bypassPermissions"
];
if (process.env.GITHUB_INSTALLATION_TOKEN && process.env.REPO_OWNER && process.env.REPO_NAME) {
const mcpConfig = createMcpConfig(
process.env.GITHUB_INSTALLATION_TOKEN,
process.env.REPO_OWNER,
process.env.REPO_NAME
);
console.log("\u{1F4CB} MCP Config:", mcpConfig);
args.push("--mcp-config", mcpConfig);
}
const env = {
ANTHROPIC_API_KEY: this.apiKey
};
@@ -25821,10 +25848,7 @@ function processJSONChunk(chunk, agent) {
["model", parsedChunk.model],
["cwd", parsedChunk.cwd],
["permission_mode", parsedChunk.permissionMode],
[
"tools",
parsedChunk.tools?.length ? `${parsedChunk.tools.length} tools` : "none"
],
["tools", parsedChunk.tools?.length ? `${parsedChunk.tools.length} tools` : "none"],
[
"mcp_servers",
parsedChunk.mcp_servers?.length ? `${parsedChunk.mcp_servers.length} servers` : "none"
@@ -25845,9 +25869,7 @@ function processJSONChunk(chunk, agent) {
for (const content of parsedChunk.message.content) {
if (content.type === "text") {
if (content.text.trim()) {
core.info(
boxString(content.text.trim(), { title: "Claude Code" })
);
core.info(boxString(content.text.trim(), { title: "Claude Code" }));
}
} else if (content.type === "tool_use") {
if (agent) {
@@ -25915,10 +25937,7 @@ function processJSONChunk(chunk, agent) {
if (parsedChunk.subtype === "success") {
core.info(
tableString([
[
"Cost",
`$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`
],
["Cost", `$${parsedChunk.total_cost_usd?.toFixed(4) || "0.0000"}`],
["Input Tokens", parsedChunk.usage?.input_tokens || 0],
["Output Tokens", parsedChunk.usage?.output_tokens || 0],
["Duration", `${parsedChunk.duration_ms}ms`],
@@ -25942,14 +25961,15 @@ function processJSONChunk(chunk, agent) {
// main.ts
async function main(params) {
try {
const anthropicApiKey = params.anthropicApiKey || process.env.ANTHROPIC_API_KEY;
if (!anthropicApiKey) {
throw new Error("anthropic_api_key is required");
const { inputs, env, cwd } = params;
if (cwd !== process.cwd()) {
process.chdir(cwd);
}
Object.assign(process.env, env);
core2.info(`\u2192 Starting agent run with Claude Code`);
const agent = new ClaudeAgent({ apiKey: anthropicApiKey });
const agent = new ClaudeAgent({ apiKey: inputs.anthropic_api_key });
await agent.install();
const result = await agent.execute(params.prompt);
const result = await agent.execute(inputs.prompt);
if (!result.success) {
return {
success: false,
@@ -25970,33 +25990,82 @@ async function main(params) {
}
}
// utils/github.ts
var core3 = __toESM(require_core(), 1);
async function setupGitHubInstallationToken() {
const inputToken = core3.getInput("github_installation_token");
const envToken = process.env.GITHUB_INSTALLATION_TOKEN;
const existingToken = inputToken || envToken;
if (existingToken) {
core3.setSecret(existingToken);
core3.info("Using provided GitHub installation token");
return existingToken;
}
core3.info("Generating OIDC token...");
try {
const oidcToken = await core3.getIDToken("pullfrog-api");
core3.info("OIDC token generated successfully");
const apiUrl = process.env.API_URL || "https://pullfrog.ai";
core3.info("Exchanging OIDC token for installation token...");
const tokenResponse = await fetch(`${apiUrl}/api/github/installation-token`, {
method: "POST",
headers: {
Authorization: `Bearer ${oidcToken}`,
"Content-Type": "application/json"
}
});
if (!tokenResponse.ok) {
const errorText = await tokenResponse.text();
throw new Error(
`Token exchange failed: ${tokenResponse.status} ${tokenResponse.statusText} - ${errorText}`
);
}
const tokenData = await tokenResponse.json();
core3.info(`Installation token obtained for ${tokenData.repository || "all repositories"}`);
core3.setSecret(tokenData.token);
process.env.GITHUB_INSTALLATION_TOKEN = tokenData.token;
return tokenData.token;
} catch (error2) {
throw new Error(
`Failed to setup GitHub installation token: ${error2 instanceof Error ? error2.message : "Unknown error"}`
);
}
}
// entry.ts
async function run() {
try {
const prompt = core3.getInput("prompt", { required: true });
const anthropicApiKey = core3.getInput("anthropic_api_key", {
required: true
});
if (!anthropicApiKey) {
throw new Error("anthropic_api_key is required");
}
const prompt = core4.getInput("prompt", { required: true });
const anthropic_api_key = core4.getInput("anthropic_api_key");
if (!prompt) {
throw new Error("prompt is required");
}
const params = {
const inputs = {
prompt,
anthropicApiKey
anthropic_api_key
};
const githubToken = core4.getInput("github_token") || process.env.GITHUB_TOKEN;
if (githubToken) {
inputs.github_token = githubToken;
}
const githubInstallationToken = core4.getInput("github_installation_token") || process.env.GITHUB_INSTALLATION_TOKEN;
if (githubInstallationToken) {
inputs.github_installation_token = githubInstallationToken;
} else {
await setupGitHubInstallationToken();
}
const params = {
inputs,
env: {},
cwd: process.cwd()
};
const result = await main(params);
core3.setOutput("status", result.success ? "success" : "failed");
core3.setOutput("prompt", prompt);
core3.setOutput("output", result.output || "");
if (!result.success) {
throw new Error(result.error || "Agent execution failed");
}
} catch (error2) {
const errorMessage = error2 instanceof Error ? error2.message : "Unknown error occurred";
core3.setFailed(`Action failed: ${errorMessage}`);
core4.setFailed(`Action failed: ${errorMessage}`);
}
}
run().catch((error2) => {
+28 -18
View File
@@ -6,44 +6,54 @@
*/
import * as core from "@actions/core";
import { main } from "./main";
import { type ExecutionInputs, type MainParams, main } from "./main.ts";
import { setupGitHubInstallationToken } from "./utils/github.ts";
async function run(): Promise<void> {
try {
// Get inputs from GitHub Actions
const prompt = core.getInput("prompt", { required: true });
const anthropicApiKey = core.getInput("anthropic_api_key", {
required: true,
});
if (!anthropicApiKey) {
throw new Error("anthropic_api_key is required");
}
const anthropic_api_key = core.getInput("anthropic_api_key");
if (!prompt) {
throw new Error("prompt is required");
}
// Create params object
const params = {
// Create params object with new structure
const inputs: ExecutionInputs = {
prompt,
anthropicApiKey,
anthropic_api_key,
};
// Add optional properties only if they exist
const githubToken = core.getInput("github_token") || process.env.GITHUB_TOKEN;
if (githubToken) {
inputs.github_token = githubToken;
}
const githubInstallationToken =
core.getInput("github_installation_token") || process.env.GITHUB_INSTALLATION_TOKEN;
if (githubInstallationToken) {
inputs.github_installation_token = githubInstallationToken;
} else {
await setupGitHubInstallationToken();
}
const params: MainParams = {
inputs,
env: {},
cwd: process.cwd(),
};
// Run the main function
const result = await main(params);
// Set outputs
core.setOutput("status", result.success ? "success" : "failed");
core.setOutput("prompt", prompt);
core.setOutput("output", result.output || "");
// TODO: Set outputs
if (!result.success) {
throw new Error(result.error || "Agent execution failed");
}
} catch (error) {
const errorMessage =
error instanceof Error ? error.message : "Unknown error occurred";
const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";
core.setFailed(`Action failed: ${errorMessage}`);
}
}
+8 -2
View File
@@ -1,7 +1,13 @@
import type { MainParams } from "../main";
import type { MainParams } from "../main.ts";
const testParams = {
prompt: "List all files in the current directory, then create a file called dynamic-test.txt with the content 'This was loaded from a TypeScript file!', then delete it."
inputs: {
prompt:
"List all files in the current directory, then create a file called dynamic-test.txt with the content 'This was loaded from a TypeScript file!', then delete it.",
anthropic_api_key: "sk-test-key",
},
env: {},
cwd: process.cwd(),
} satisfies MainParams;
export default testParams;
+3 -1
View File
@@ -1 +1,3 @@
Print the list of tools available. Then create a new file called test.txt with the content "Hello from Pullfrog!".
Use the MCP GitHub comment tool to add a comment containing your best frog joke to GitHub issue https://github.com/pullfrogai/scratch/issues/2.
Do not use the gh cli. If the mcp tool does not work, bail.
-25978
View File
File diff suppressed because one or more lines are too long
+8 -3
View File
@@ -3,6 +3,11 @@
* This exports the main function for programmatic usage
*/
export { main } from "./main";
export { ClaudeAgent } from "./agents";
export type { Agent, AgentConfig, AgentResult } from "./agents/types";
export { ClaudeAgent } from "./agents/claude.ts";
export type { Agent, AgentConfig, AgentResult } from "./agents/types.ts";
export {
type ExecutionInputs,
type MainParams,
type MainResult,
main,
} from "./main.ts";
+29 -12
View File
@@ -1,9 +1,24 @@
import * as core from "@actions/core";
import { ClaudeAgent } from "./agents";
import { ClaudeAgent } from "./agents/claude.ts";
// Expected environment variables that should be passed as inputs
export const EXPECTED_INPUTS: string[] = [
"ANTHROPIC_API_KEY",
"GITHUB_TOKEN",
"GITHUB_INSTALLATION_TOKEN",
];
export interface ExecutionInputs {
prompt: string;
anthropic_api_key: string;
github_token?: string;
github_installation_token?: string;
}
export interface MainParams {
prompt: string;
anthropicApiKey?: string;
inputs: ExecutionInputs;
env: Record<string, string>;
cwd: string;
}
export interface MainResult {
@@ -14,22 +29,25 @@ export interface MainResult {
export async function main(params: MainParams): Promise<MainResult> {
try {
// Use provided API key or fall back to environment variable
const anthropicApiKey =
params.anthropicApiKey || process.env.ANTHROPIC_API_KEY;
// Extract inputs from params
const { inputs, env, cwd } = params;
if (!anthropicApiKey) {
throw new Error("anthropic_api_key is required");
// Set working directory if different from current
if (cwd !== process.cwd()) {
process.chdir(cwd);
}
// Set environment variables
Object.assign(process.env, env);
core.info(`→ Starting agent run with Claude Code`);
// Create and install the Claude agent
const agent = new ClaudeAgent({ apiKey: anthropicApiKey });
const agent = new ClaudeAgent({ apiKey: inputs.anthropic_api_key });
await agent.install();
// Execute the agent with the prompt
const result = await agent.execute(params.prompt);
const result = await agent.execute(inputs.prompt);
if (!result.success) {
return {
@@ -44,8 +62,7 @@ export async function main(params: MainParams): Promise<MainResult> {
output: result.output || "",
};
} catch (error) {
const errorMessage =
error instanceof Error ? error.message : "Unknown error occurred";
const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";
return {
success: false,
error: errorMessage,
+28
View File
@@ -0,0 +1,28 @@
/**
* Simple MCP configuration helper for adding our minimal GitHub comment server
*/
const actionPath = process.env.GITHUB_ACTION_PATH || process.cwd();
export function createMcpConfig(
githubInstallationToken: string,
repoOwner: string,
repoName: string
) {
return JSON.stringify(
{
mcpServers: {
minimal_github_comment: {
command: "node",
args: [`${actionPath}/mcp/server.ts`],
env: {
GITHUB_INSTALLATION_TOKEN: githubInstallationToken,
REPO_OWNER: repoOwner,
REPO_NAME: repoName,
},
},
},
},
null,
2
);
}
+97
View File
@@ -0,0 +1,97 @@
#!/usr/bin/env node
// Minimal GitHub Issue Comment MCP Server
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { Octokit } from "@octokit/rest";
import { type } from "arktype";
import { z } from "zod";
// Get repository information from environment variables
const REPO_OWNER = process.env.REPO_OWNER;
const REPO_NAME = process.env.REPO_NAME;
if (!REPO_OWNER || !REPO_NAME) {
console.error("Error: REPO_OWNER and REPO_NAME environment variables are required");
process.exit(1);
}
const server = new McpServer({
name: "Minimal GitHub Issue Comment Server",
version: "0.0.1",
});
// Define the schema for creating issue comments
const Comment = type({
issueNumber: type.number.describe("the issue number to comment on"),
body: type.string.describe("the comment body content"),
});
server.tool(
"create_issue_comment",
"Create a comment on a GitHub issue",
{
issueNumber: z.number().describe("the issue number to comment on"),
body: z.string().describe("the comment body content"),
},
async ({ issueNumber, body }) => {
try {
Comment.assert({ issueNumber, body });
const githubInstallationToken = process.env.GITHUB_INSTALLATION_TOKEN;
if (!githubInstallationToken) {
throw new Error("GITHUB_INSTALLATION_TOKEN environment variable is required");
}
const octokit = new Octokit({
auth: githubInstallationToken,
});
const result = await octokit.rest.issues.createComment({
owner: REPO_OWNER,
repo: REPO_NAME,
issue_number: issueNumber,
body: body,
});
return {
content: [
{
type: "text",
text: JSON.stringify(
{
success: true,
commentId: result.data.id,
url: result.data.html_url,
body: result.data.body,
},
null,
2
),
},
],
};
} catch (error) {
const errorMessage = error instanceof Error ? error.message : String(error);
return {
content: [
{
type: "text",
text: `Error creating comment: ${errorMessage}`,
},
],
error: errorMessage,
isError: true,
};
}
}
);
async function runServer() {
const transport = new StdioServerTransport();
await server.connect(transport);
process.on("exit", () => {
server.close();
});
}
runServer().catch(console.error);
+13 -6
View File
@@ -1,6 +1,6 @@
{
"name": "@pullfrog/action",
"version": "0.0.7",
"version": "0.0.13",
"type": "module",
"files": [
"index.js",
@@ -17,25 +17,32 @@
},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"typecheck": "tsc --noEmit",
"build": "node esbuild.config.js",
"build:npm": "zshy",
"build:dev": "node esbuild.config.js",
"prepare": "husky",
"play": "tsx --env-file=../.env play.ts"
"play": "node play.ts",
"upDeps": "pnpm up --latest"
},
"dependencies": {
"@actions/core": "^1.10.1",
"@actions/core": "^1.11.1",
"@modelcontextprotocol/sdk": "^1.17.5",
"@octokit/rest": "^22.0.0",
"@octokit/webhooks-types": "^7.6.1",
"arktype": "^2.1.22",
"dotenv": "^17.2.2",
"execa": "^9.6.0",
"table": "^6.9.0"
},
"devDependencies": {
"@types/node": "^20.10.0",
"commander": "^14.0.0",
"dotenv": "^17.2.2",
"arg": "^5.0.2",
"esbuild": "^0.25.9",
"husky": "^9.0.0",
"typescript": "^5.3.0",
"zshy": "^0.4.1"
"zshy": "^0.4.1",
"zod": "^3.24.4"
},
"repository": {
"type": "git",
+172 -165
View File
@@ -1,191 +1,198 @@
#!/usr/bin/env tsx
import { execSync } from "node:child_process";
import { existsSync, readFileSync, rmSync, writeFileSync } from "node:fs";
import { dirname, join, resolve, extname } from "node:path";
import { existsSync, readFileSync } from "node:fs";
import { dirname, extname, join, resolve } from "node:path";
import { fileURLToPath, pathToFileURL } from "node:url";
import { Command } from "commander";
import { main } from "./main";
import { runAct } from "./utils/act";
import arg from "arg";
import { config } from "dotenv";
import { main } from "./main.ts";
import { runAct } from "./utils/act.ts";
import { setupTestRepo } from "./utils/setup.ts";
// Load environment variables from .env file
config();
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
async function loadPrompt(filePath: string): Promise<string> {
const ext = extname(filePath).toLowerCase();
// Try to resolve the file path
let resolvedPath: string;
// First try as fixtures path
const fixturesPath = join(__dirname, "fixtures", filePath);
if (existsSync(fixturesPath)) {
resolvedPath = fixturesPath;
} else if (existsSync(filePath)) {
resolvedPath = resolve(filePath);
} else {
throw new Error(`File not found: ${filePath}`);
}
switch (ext) {
case ".txt": {
// Plain text - pass directly as prompt
return readFileSync(resolvedPath, "utf8").trim();
}
case ".json": {
// JSON - stringify and pass as prompt
const content = readFileSync(resolvedPath, "utf8");
const parsed = JSON.parse(content);
return JSON.stringify(parsed, null, 2);
}
case ".ts": {
// TypeScript - dynamic import and stringify default export
const fileUrl = pathToFileURL(resolvedPath).href;
const module = await import(fileUrl);
if (!module.default) {
throw new Error(
`TypeScript file ${filePath} must have a default export`,
);
}
// If it's a string, use it directly
if (typeof module.default === "string") {
return module.default;
}
// If it's a MainParams object with a prompt field, extract the prompt
if (typeof module.default === "object" && module.default.prompt) {
return module.default.prompt;
}
// Otherwise stringify it
return JSON.stringify(module.default, null, 2);
}
default:
throw new Error(
`Unsupported file type: ${ext}. Supported types: .txt, .json, .ts`,
);
}
}
async function runPlay(
filePath: string,
options: { act?: boolean },
): Promise<void> {
export async function run(
prompt: string,
options: { act?: boolean } = {}
): Promise<{ success: boolean; output?: string | undefined; error?: string | undefined }> {
try {
// Load the prompt from the specified file
const prompt = await loadPrompt(filePath);
if (options.act) {
// Use Docker/act to run the action
console.log("🐳 Running with Docker/act...");
runAct(prompt);
return { success: true };
}
// Setup test repository and run directly
const tempDir = join(process.cwd(), ".temp");
setupTestRepo({ tempDir, forceClean: true });
// Change to the temp directory
const originalCwd = process.cwd();
process.chdir(tempDir);
console.log("🚀 Running action with prompt...");
console.log("─".repeat(50));
console.log("Prompt:");
console.log(prompt);
console.log("─".repeat(50));
// Set environment variables from our .env for the action to use
const { EXPECTED_INPUTS } = await import("./main.ts");
EXPECTED_INPUTS.forEach((inputName) => {
const value = process.env[inputName];
if (value) {
process.env[`INPUT_${inputName.toLowerCase()}`] = value;
}
});
// Run main with the new params structure
const inputs: any = {
prompt,
anthropic_api_key: process.env.ANTHROPIC_API_KEY || "",
};
// Add optional properties only if they exist
if (process.env.GITHUB_TOKEN) {
inputs.github_token = process.env.GITHUB_TOKEN;
}
if (process.env.GITHUB_INSTALLATION_TOKEN) {
inputs.github_installation_token = process.env.GITHUB_INSTALLATION_TOKEN;
}
const result = await main({
inputs,
env: process.env as Record<string, string>,
cwd: process.cwd(),
});
// Change back to original directory
process.chdir(originalCwd);
if (result.success) {
console.log("✅ Action completed successfully");
if (result.output) {
console.log("Output:", result.output);
}
return { success: true, output: result.output || undefined, error: undefined };
} else {
// Clone the test repository and run directly
const tempDir = join(process.cwd(), ".temp");
const repoUrl = "git@github.com:pullfrogai/scratch.git";
console.error("❌ Action failed:", result.error);
return { success: false, error: result.error || undefined, output: undefined };
}
} catch (error) {
const errorMessage = (error as Error).message;
console.error("❌ Error:", errorMessage);
return { success: false, error: errorMessage, output: undefined };
}
}
// Remove existing temp directory if it exists
if (existsSync(tempDir)) {
console.log("🗑️ Removing existing .temp directory...");
rmSync(tempDir, { recursive: true, force: true });
// CLI execution when run directly
if (import.meta.url === `file://${process.argv[1]}`) {
const args = arg({
"--help": Boolean,
"--act": Boolean,
"--raw": String,
"-h": "--help",
});
if (args["--help"]) {
console.log(`
Usage: tsx play.ts [file] [options]
Test the Pullfrog action with various prompts.
Arguments:
file Prompt file to use (.txt, .json, or .ts) [default: fixtures/basic.txt]
Options:
--act Use Docker/act to run the action instead of running directly
--raw [prompt] Use raw string as prompt instead of loading from file
-h, --help Show this help message
Examples:
tsx play.ts # Use default fixture
tsx play.ts fixtures/basic.txt # Use specific text file
tsx play.ts custom.json # Use JSON file
tsx play.ts --act fixtures/test.ts # Use TypeScript file with Docker/act
tsx play.ts --raw "Hello world" # Use raw string as prompt
`);
process.exit(0);
}
let prompt: string;
if (args["--raw"]) {
// Use raw prompt string
prompt = args["--raw"];
} else {
// Load prompt from file
const filePath = args._[0] || "fixtures/basic.txt";
const ext = extname(filePath).toLowerCase();
let resolvedPath: string;
// First try as fixtures path
const fixturesPath = join(__dirname, "fixtures", filePath);
if (existsSync(fixturesPath)) {
resolvedPath = fixturesPath;
} else if (existsSync(filePath)) {
resolvedPath = resolve(filePath);
} else {
throw new Error(`File not found: ${filePath}`);
}
switch (ext) {
case ".txt": {
// Plain text - pass directly as prompt
prompt = readFileSync(resolvedPath, "utf8").trim();
break;
}
// Clone the repository
console.log("📦 Cloning pullfrogai/scratch into .temp...");
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" });
case ".json": {
// JSON - stringify and pass as prompt
const content = readFileSync(resolvedPath, "utf8");
const parsed = JSON.parse(content);
prompt = JSON.stringify(parsed, null, 2);
break;
}
// List of environment variables to copy to .temp
const envVarsToCopy = [
"ANTHROPIC_API_KEY",
"GITHUB_TOKEN",
// Add more environment variables here as needed
];
case ".ts": {
// TypeScript - dynamic import and stringify default export
const fileUrl = pathToFileURL(resolvedPath).href;
const module = await import(fileUrl);
// Build .env content from the list
const envLines = envVarsToCopy
.map((varName) => `${varName}=${process.env[varName] || ""}`)
.join("\n");
const envPath = join(tempDir, ".env");
writeFileSync(envPath, envLines + "\n");
console.log("📝 Created .env file in .temp directory with:");
let hasRequiredVars = true;
envVarsToCopy.forEach((varName) => {
const hasValue = !!process.env[varName];
console.log(` - ${varName}: ${hasValue ? "✓" : "✗ (missing)"}`);
// Check for required variables
if (varName === "ANTHROPIC_API_KEY" && !hasValue) {
hasRequiredVars = false;
if (!module.default) {
throw new Error(`TypeScript file ${filePath} must have a default export`);
}
});
if (!hasRequiredVars) {
console.warn("\n⚠️ Warning: ANTHROPIC_API_KEY is not set or empty.");
console.warn(
" Please ensure you have a valid API key in your .env file.",
);
console.warn(
" Get your API key from: https://console.anthropic.com/api-keys\n",
);
}
// Change to the temp directory
process.chdir(tempDir);
console.log("🚀 Running test in .temp directory...");
console.log("─".repeat(50));
console.log(`Prompt from ${filePath}:`);
console.log(prompt);
console.log("─".repeat(50));
// Run main with the params object
const result = await main({ prompt });
if (result.success) {
console.log("✅ Test completed successfully");
if (result.output) {
console.log("Output:", result.output);
// If it's a string, use it directly
if (typeof module.default === "string") {
prompt = module.default;
} else if (typeof module.default === "object" && module.default.prompt) {
// If it's a MainParams object with a prompt field, extract the prompt
prompt = module.default.prompt;
} else {
// Otherwise stringify it
prompt = JSON.stringify(module.default, null, 2);
}
} else {
console.error("❌ Test failed:", result.error);
process.exit(1);
break;
}
default:
throw new Error(`Unsupported file type: ${ext}. Supported types: .txt, .json, .ts`);
}
}
try {
const result = await run(prompt, { act: args["--act"] || false });
if (!result.success) {
process.exit(1);
}
} catch (error) {
console.error("❌ Error:", (error as Error).message);
process.exit(1);
}
}
// Set up CLI
const program = new Command();
program
.name("play")
.description("Test the Pullfrog action with various prompts")
.version("1.0.0")
.argument(
"[file]",
"Prompt file to use (.txt, .json, or .ts)",
"fixtures/basic.txt",
)
.option(
"--act",
"Use Docker/act to run the action instead of running directly",
)
.action(async (file: string, options: { act?: boolean }) => {
await runPlay(file, options);
});
// Parse arguments and run
program.parseAsync(process.argv).catch((error) => {
console.error("Fatal error:", error);
process.exit(1);
});
+975 -170
View File
File diff suppressed because it is too large Load Diff
+356
View File
@@ -0,0 +1,356 @@
#!/usr/bin/env tsx
/**
* GitHub App Installation Token Generator
*
* Generates a temporary installation token for a GitHub App to access a specific repository.
* Uses environment variables for configuration and supports multiple installations.
*
* Usage:
* node scripts/generate-installation-token.ts [--repo owner/name] [--update-env]
*
* Environment variables required:
* GITHUB_APP_ID - GitHub App ID
* GITHUB_PRIVATE_KEY - GitHub App private key (PEM format)
* REPO_OWNER - Target repository owner (default)
* REPO_NAME - Target repository name (default)
*/
import { createSign } from "node:crypto";
import { readFileSync, writeFileSync } from "node:fs";
import { join } from "node:path";
import { config } from "dotenv";
// Load environment variables
config();
interface GitHubAppConfig {
appId: string;
privateKey: string;
repoOwner: string;
repoName: string;
}
interface Installation {
id: number;
account: {
login: string;
type: string;
};
}
interface Repository {
owner: {
login: string;
};
name: string;
}
interface InstallationTokenResponse {
token: string;
expires_at: string;
}
interface RepositoriesResponse {
repositories: Repository[];
}
class GitHubAppTokenGenerator {
private config: GitHubAppConfig;
constructor(config: GitHubAppConfig) {
// Process private key to handle escaped newlines
config.privateKey = config.privateKey.replace(/\\n/g, "\n");
this.config = config;
this.validateConfig();
}
private validateConfig(): void {
const { appId, privateKey, repoOwner, repoName } = this.config;
if (!appId) {
throw new Error("GITHUB_APP_ID environment variable is required");
}
if (!privateKey) {
throw new Error("GITHUB_PRIVATE_KEY environment variable is required");
}
if (!repoOwner || !repoName) {
throw new Error("REPO_OWNER and REPO_NAME environment variables are required");
}
if (!privateKey.includes("BEGIN") || !privateKey.includes("END")) {
throw new Error("GITHUB_PRIVATE_KEY must be in PEM format");
}
}
/**
* Generates a JWT for GitHub App authentication
*/
private generateJWT(): string {
const now = Math.floor(Date.now() / 1000);
const payload = {
iat: now - 60, // issued 1 minute ago to account for clock skew
exp: now + 5 * 60, // expires in 5 minutes
iss: this.config.appId,
};
const header = {
alg: "RS256",
typ: "JWT",
};
const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
const encodedPayload = this.base64UrlEncode(JSON.stringify(payload));
const signaturePart = `${encodedHeader}.${encodedPayload}`;
const signature = createSign("RSA-SHA256")
.update(signaturePart)
.sign(this.config.privateKey, "base64")
.replace(/\+/g, "-")
.replace(/\//g, "_")
.replace(/=/g, "");
return `${signaturePart}.${signature}`;
}
private base64UrlEncode(str: string): string {
return Buffer.from(str)
.toString("base64")
.replace(/\+/g, "-")
.replace(/\//g, "_")
.replace(/=/g, "");
}
/**
* Makes authenticated requests to GitHub API
*/
private async githubRequest<T>(
path: string,
options: {
method?: string;
headers?: Record<string, string>;
body?: string;
} = {}
): Promise<T> {
const { method = "GET", headers = {}, body } = options;
const url = `https://api.github.com${path}`;
const requestHeaders = {
Accept: "application/vnd.github.v3+json",
"User-Agent": "Pullfrog-Installation-Token-Generator/1.0",
...headers,
};
const response = await fetch(url, {
method,
headers: requestHeaders,
...(body && { body }),
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(
`GitHub API request failed: ${response.status} ${response.statusText}\n${errorText}`
);
}
return response.json() as T;
}
/**
* Finds the installation ID for the target repository
*/
private async findInstallationId(jwt: string): Promise<number> {
console.log("🔍 Finding GitHub App installation...");
const installations = await this.githubRequest<Installation[]>("/app/installations", {
headers: { Authorization: `Bearer ${jwt}` },
});
console.log(`📋 Found ${installations.length} installation(s)`);
// Check each installation for access to target repository
for (const installation of installations) {
console.log(`🔎 Checking installation ${installation.id} (${installation.account.login})`);
try {
// Create a temporary token to check repository access
const tempToken = await this.createInstallationToken(jwt, installation.id);
const hasAccess = await this.checkRepositoryAccess(tempToken);
if (hasAccess) {
console.log(
`✅ Installation ${installation.id} has access to ${this.config.repoOwner}/${this.config.repoName}`
);
return installation.id;
}
} catch (error) {
console.log(
`❌ Installation ${installation.id} check failed:`,
error instanceof Error ? error.message : String(error)
);
}
}
throw new Error(
`No installation found with access to ${this.config.repoOwner}/${this.config.repoName}. ` +
"Ensure the GitHub App is installed on the target repository."
);
}
/**
* Checks if the installation token has access to the target repository
*/
private async checkRepositoryAccess(token: string): Promise<boolean> {
try {
const response = await this.githubRequest<RepositoriesResponse>(
"/installation/repositories",
{
headers: { Authorization: `token ${token}` },
}
);
return response.repositories.some(
(repo) => repo.owner.login === this.config.repoOwner && repo.name === this.config.repoName
);
} catch {
return false;
}
}
/**
* Creates an installation access token
*/
private async createInstallationToken(jwt: string, installationId: number): Promise<string> {
const response = await this.githubRequest<InstallationTokenResponse>(
`/app/installations/${installationId}/access_tokens`,
{
method: "POST",
headers: { Authorization: `Bearer ${jwt}` },
}
);
return response.token;
}
/**
* Generates a new installation token for the configured repository
*/
async generateToken(): Promise<{
token: string;
installationId: number;
expiresAt: string;
}> {
console.log(
`🚀 Generating installation token for ${this.config.repoOwner}/${this.config.repoName}`
);
console.log(`📱 App ID: ${this.config.appId}`);
// Step 1: Generate JWT for app authentication
const jwt = this.generateJWT();
console.log("🔐 Generated JWT token");
// Step 2: Find installation with repository access
const installationId = await this.findInstallationId(jwt);
// Step 3: Create installation access token
console.log(`🎫 Creating installation token for installation ${installationId}...`);
const token = await this.createInstallationToken(jwt, installationId);
// Calculate expiration (GitHub tokens expire after 1 hour)
const expiresAt = new Date(Date.now() + 60 * 60 * 1000).toISOString();
console.log("✅ Installation token generated successfully!");
console.log(`🎟️ Token: ${token.substring(0, 20)}...`);
console.log(`📅 Expires: ${expiresAt}`);
console.log(`🏢 Installation ID: ${installationId}`);
return { token, installationId, expiresAt };
}
/**
* Updates the .env file with the new installation token
*/
updateEnvFile(token: string): void {
const envPath = join(process.cwd(), ".env");
try {
let envContent = readFileSync(envPath, "utf8");
// Update or add the installation token
const tokenLine = `GITHUB_INSTALLATION_TOKEN=${token}`;
const tokenRegex = /^GITHUB_INSTALLATION_TOKEN=.*$/m;
if (tokenRegex.test(envContent)) {
envContent = envContent.replace(tokenRegex, tokenLine);
} else {
envContent += `\n${tokenLine}\n`;
}
writeFileSync(envPath, envContent);
console.log(`📝 Updated ${envPath} with new installation token`);
} catch (error) {
console.error(
"❌ Failed to update .env file:",
error instanceof Error ? error.message : String(error)
);
}
}
}
/**
* CLI interface
*/
async function main(): Promise<void> {
try {
const args = process.argv.slice(2);
const updateEnv = args.includes("--update-env");
// Parse repository from args if provided
const repoArg = args.find((arg) => arg.startsWith("--repo="));
let repoOwner = process.env.REPO_OWNER || "pullfrogai";
let repoName = process.env.REPO_NAME || "scratch";
if (repoArg) {
const [owner, name] = repoArg.split("=")[1].split("/");
if (owner && name) {
repoOwner = owner;
repoName = name;
} else {
throw new Error("Invalid --repo format. Use: --repo=owner/name");
}
}
const config: GitHubAppConfig = {
appId: process.env.GITHUB_APP_ID!,
privateKey: process.env.GITHUB_PRIVATE_KEY!,
repoOwner,
repoName,
};
const generator = new GitHubAppTokenGenerator(config);
const result = await generator.generateToken();
if (updateEnv) {
generator.updateEnvFile(result.token);
}
console.log("\n🎉 Token generation complete!");
if (!updateEnv) {
console.log("\n💡 To automatically update your .env file, run with --update-env flag");
}
} catch (error) {
console.error("❌ Error:", error instanceof Error ? error.message : String(error));
process.exit(1);
}
}
// Run if called directly
if (import.meta.url === `file://${process.argv[1]}`) {
main();
}
export { GitHubAppTokenGenerator };
+17 -40
View File
@@ -1,45 +1,22 @@
{
// Visit https://aka.ms/tsconfig to read more about this file
"compilerOptions": {
// File Layout
// "rootDir": "./src",
"outDir": "./dist",
// Environment Settings
// See also https://aka.ms/tsconfig/module
"module": "esnext",
"moduleResolution": "bundler",
"target": "esnext",
"types": [],
// For nodejs:
// "lib": ["esnext"],
// "types": ["node"],
// and npm install -D @types/node
// Other Outputs
"sourceMap": true,
"declaration": true,
"declarationMap": true,
// Stricter Typechecking Options
"noUncheckedIndexedAccess": true,
"exactOptionalPropertyTypes": true,
// Style Options
// "noImplicitReturns": true,
// "noImplicitOverride": true,
// "noUnusedLocals": true,
// "noUnusedParameters": true,
// "noFallthroughCasesInSwitch": true,
// "noPropertyAccessFromIndexSignature": true,
// Recommended Options
"strict": true,
"jsx": "react-jsx",
"verbatimModuleSyntax": true,
"isolatedModules": true,
"noUncheckedSideEffectImports": true,
"moduleDetection": "force",
"skipLibCheck": true
"module": "NodeNext",
"target": "ESNext",
"moduleResolution": "NodeNext",
"lib": ["ESNext"],
"allowImportingTsExtensions": true,
"rewriteRelativeImportExtensions": true,
"skipLibCheck": true,
"strict": true,
"noUncheckedSideEffectImports": true,
"declaration": true,
"verbatimModuleSyntax": true,
"esModuleInterop": true,
"resolveJsonModule": true,
"exactOptionalPropertyTypes": true,
"forceConsistentCasingInFileNames": true,
"stripInternal": true,
"moduleDetection": "force"
}
}
+24 -43
View File
@@ -1,59 +1,36 @@
import { execSync } from "node:child_process";
import { existsSync, readFileSync } from "node:fs";
import { existsSync } from "node:fs";
import { dirname, join } from "node:path";
import { fileURLToPath } from "node:url";
import { config, parse } from "dotenv";
import { config } from "dotenv";
import { buildAction, setupTestRepo } from "./setup.ts";
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
const tempDir = join(__dirname, "..", ".temp");
const actionPath = join(__dirname, "..");
const envPath = join(__dirname, "..", "..", ".env");
// Environment variables that should be passed as secrets to the workflow
const ENV_VARS = ["ANTHROPIC_API_KEY", "GITHUB_INSTALLATION_TOKEN"];
export function runAct(prompt: string): void {
// First, ensure the scratch repo is cloned
const tempDir = join(__dirname, "..", ".temp");
// Setup test repository
setupTestRepo({ tempDir });
// Check if .temp exists and either reset it or clone it
if (existsSync(tempDir)) {
console.log("📦 Resetting existing .temp repository...");
execSync("git reset --hard HEAD && git clean -fd", {
cwd: tempDir,
stdio: "inherit",
});
} else {
console.log("📦 Cloning pullfrogai/scratch into .temp...");
const repoUrl = "git@github.com:pullfrogai/scratch.git";
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" });
}
const workflowPath = join(tempDir, ".github", "workflows", "pullfrog.yml");
const envPath = join(__dirname, "..", "..", ".env");
// Load environment variables into process
// Load environment variables
config({ path: envPath });
// Parse environment variables from .env file to get keys
let envVars: string[] = [];
try {
const content = readFileSync(envPath, "utf8");
const parsed = parse(content);
envVars = Object.keys(parsed);
} catch (error) {
console.warn(
`Warning: Could not read .env file: ${(error as Error).message}`,
);
}
// Build action bundles
buildAction(actionPath);
// Build fresh bundles with esbuild
const actionPath = join(__dirname, "..");
console.log("🔨 Building fresh bundles with esbuild...");
execSync("node esbuild.config.js", {
cwd: actionPath,
stdio: "inherit",
});
const workflowPath = join(tempDir, ".github", "workflows", "pullfrog.yml");
// Create minimal dist for act (avoids pnpm symlink issues)
const distPath = join(actionPath, ".act-dist");
console.log("📦 Creating minimal distribution for act...");
execSync(`rm -rf "${distPath}" && mkdir -p "${distPath}"`, { shell: true });
execSync(`rm -rf "${distPath}" && mkdir -p "${distPath}"`, { shell: "/bin/bash" });
// Copy only necessary files (bundled, no node_modules needed)
["action.yml", "entry.cjs", "index.cjs", "package.json"].forEach((file) => {
@@ -79,11 +56,15 @@ export function runAct(prompt: string): void {
`pullfrog/action@v0=${distPath}`, // Use minimal dist without symlinks
];
// Add all environment variables as secrets (without values)
envVars.forEach((key) => {
actCommandParts.push("-s", key);
// Add environment variables as secrets that will be available to the workflow
ENV_VARS.forEach((key) => {
if (process.env[key]) {
actCommandParts.push("-s", key);
}
});
// We only need the specific ENV_VARS, no need to add other variables
const actCommand = actCommandParts.join(" ");
console.log("🚀 Running act with prompt:");
+71
View File
@@ -0,0 +1,71 @@
import * as core from "@actions/core";
export interface InstallationToken {
token: string;
expires_at: string;
installation_id: number;
repository: string;
ref: string;
runner_environment: string;
owner?: string;
}
/**
* Setup GitHub installation token for the action
*/
export async function setupGitHubInstallationToken(): Promise<string> {
// Check if we have an installation token from inputs or environment
const inputToken = core.getInput("github_installation_token");
const envToken = process.env.GITHUB_INSTALLATION_TOKEN;
const existingToken = inputToken || envToken;
if (existingToken) {
// Mask the existing token in logs for security
core.setSecret(existingToken);
core.info("Using provided GitHub installation token");
return existingToken;
}
core.info("Generating OIDC token...");
try {
// Generate OIDC token for our API
const oidcToken = await core.getIDToken("pullfrog-api");
core.info("OIDC token generated successfully");
// Exchange OIDC token for installation token
const apiUrl = process.env.API_URL || "https://pullfrog.ai";
core.info("Exchanging OIDC token for installation token...");
const tokenResponse = await fetch(`${apiUrl}/api/github/installation-token`, {
method: "POST",
headers: {
Authorization: `Bearer ${oidcToken}`,
"Content-Type": "application/json",
},
});
if (!tokenResponse.ok) {
const errorText = await tokenResponse.text();
throw new Error(
`Token exchange failed: ${tokenResponse.status} ${tokenResponse.statusText} - ${errorText}`
);
}
// This type is enforced by us when the response is created
const tokenData = (await tokenResponse.json()) as InstallationToken;
core.info(`Installation token obtained for ${tokenData.repository || "all repositories"}`);
// Mask the token in logs for security
core.setSecret(tokenData.token);
// Set the token as an environment variable for this run
process.env.GITHUB_INSTALLATION_TOKEN = tokenData.token;
return tokenData.token;
} catch (error) {
throw new Error(
`Failed to setup GitHub installation token: ${error instanceof Error ? error.message : "Unknown error"}`
);
}
}
-3
View File
@@ -1,3 +0,0 @@
export * from "./files";
export * from "./subprocess";
export * from "./table";
+51
View File
@@ -0,0 +1,51 @@
import { execSync } from "node:child_process";
import { existsSync, rmSync } from "node:fs";
export interface SetupOptions {
tempDir: string;
repoUrl?: string;
forceClean?: boolean;
}
/**
* Setup the test repository for running actions
*/
export function setupTestRepo(options: SetupOptions): void {
const {
tempDir,
repoUrl = "git@github.com:pullfrogai/scratch.git",
forceClean = false,
} = options;
// Handle existing temp directory
if (existsSync(tempDir)) {
if (forceClean) {
console.log("🗑️ Removing existing .temp directory...");
rmSync(tempDir, { recursive: true, force: true });
// Clone the repository
console.log("📦 Cloning pullfrogai/scratch into .temp...");
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" });
} else {
console.log("📦 Resetting existing .temp repository...");
execSync("git reset --hard HEAD && git clean -fd", {
cwd: tempDir,
stdio: "inherit",
});
}
} else {
console.log("📦 Cloning pullfrogai/scratch into .temp...");
execSync(`git clone ${repoUrl} ${tempDir}`, { stdio: "inherit" });
}
}
/**
* Build the action bundles
*/
export function buildAction(actionPath: string): void {
console.log("🔨 Building fresh bundles with esbuild...");
execSync("node esbuild.config.js", {
cwd: actionPath,
stdio: "inherit",
});
}