Compare commits

...

5 Commits

Author SHA1 Message Date
David Blass 0e53a97619 improve github_token flow 2025-11-11 18:15:51 -05:00
David Blass cc56089a41 remove token input 2025-11-11 18:04:54 -05:00
David Blass 401496f19f read github token from inputs 2025-11-11 17:56:59 -05:00
David Blass 8822968cbb add debug logs 2025-11-11 17:45:29 -05:00
David Blass c18db965c3 bump version 2025-11-11 17:40:40 -05:00
5 changed files with 107 additions and 19 deletions
+42 -8
View File
@@ -40481,7 +40481,7 @@ function query({
// package.json
var package_default = {
name: "@pullfrog/action",
version: "0.0.91",
version: "0.0.96",
type: "module",
files: [
"index.js",
@@ -40911,6 +40911,9 @@ function checkExistingToken() {
const envToken = process.env.GITHUB_INSTALLATION_TOKEN;
return inputToken || envToken || null;
}
function getGitHubTokenInput() {
return core2.getInput("github_token") || null;
}
function isGitHubActionsEnvironment() {
return Boolean(process.env.GITHUB_ACTIONS);
}
@@ -41057,14 +41060,31 @@ async function acquireNewToken() {
}
}
function getDefaultGitHubToken() {
return process.env.GITHUB_TOKEN || null;
const inputToken = getGitHubTokenInput();
if (inputToken) {
return inputToken;
}
const token = process.env.GITHUB_TOKEN;
if (!token && isGitHubActionsEnvironment()) {
const githubEnvVars = Object.keys(process.env).filter((key) => key.startsWith("GITHUB_")).reduce(
(acc, key) => {
acc[key] = key === "GITHUB_TOKEN" ? process.env[key] ? "***SET***" : "NOT_SET" : process.env[key];
return acc;
},
{}
);
log.warning(
`GITHUB_TOKEN not found. Available GITHUB_* env vars: ${JSON.stringify(githubEnvVars)}`
);
}
return token || null;
}
async function setupGitHubInstallationToken() {
const existingToken = checkExistingToken();
if (existingToken) {
core2.setSecret(existingToken);
log.info("Using provided GitHub installation token");
return { githubInstallationToken: existingToken, wasAcquired: false };
return { githubInstallationToken: existingToken, wasAcquired: false, isFallbackToken: false };
}
const acquiredToken = await acquireNewToken();
if (!acquiredToken) {
@@ -41077,11 +41097,11 @@ async function setupGitHubInstallationToken() {
log.info("Using GITHUB_TOKEN (app not installed or token exchange failed)");
core2.setSecret(defaultToken);
process.env.GITHUB_INSTALLATION_TOKEN = defaultToken;
return { githubInstallationToken: defaultToken, wasAcquired: false };
return { githubInstallationToken: defaultToken, wasAcquired: false, isFallbackToken: true };
}
core2.setSecret(acquiredToken);
process.env.GITHUB_INSTALLATION_TOKEN = acquiredToken;
return { githubInstallationToken: acquiredToken, wasAcquired: true };
return { githubInstallationToken: acquiredToken, wasAcquired: true, isFallbackToken: false };
}
async function revokeInstallationToken(token) {
const apiUrl = process.env.GITHUB_API_URL || "https://api.github.com";
@@ -41417,6 +41437,9 @@ var DEFAULT_REPO_SETTINGS = {
};
async function getRepoSettings(token, repoContext) {
const apiUrl = process.env.API_URL || "https://pullfrog.ai";
const timeoutMs = 5e3;
const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
try {
const response = await fetch(
`${apiUrl}/api/repo/${repoContext.owner}/${repoContext.name}/settings`,
@@ -41425,9 +41448,11 @@ async function getRepoSettings(token, repoContext) {
headers: {
Authorization: `Bearer ${token}`,
"Content-Type": "application/json"
}
},
signal: controller.signal
}
);
clearTimeout(timeoutId);
if (!response.ok) {
return DEFAULT_REPO_SETTINGS;
}
@@ -41437,6 +41462,7 @@ async function getRepoSettings(token, repoContext) {
}
return settings;
} catch {
clearTimeout(timeoutId);
return DEFAULT_REPO_SETTINGS;
}
}
@@ -41484,12 +41510,20 @@ async function main(inputs) {
try {
log.info(`\u{1F438} Running pullfrog/action@${package_default.version}...`);
setupGitConfig();
const { githubInstallationToken, wasAcquired } = await setupGitHubInstallationToken();
const { githubInstallationToken, wasAcquired, isFallbackToken } = await setupGitHubInstallationToken();
if (wasAcquired) {
tokenToRevoke = githubInstallationToken;
}
const repoContext = parseRepoContext();
const repoSettings = await getRepoSettings(githubInstallationToken, repoContext);
let repoSettings;
if (isFallbackToken) {
log.info("Using default repository settings (app not installed)");
repoSettings = DEFAULT_REPO_SETTINGS;
} else {
log.info("Fetching repository settings...");
repoSettings = await getRepoSettings(githubInstallationToken, repoContext);
log.info("Repository settings fetched");
}
const agent = repoSettings.defaultAgent || "claude";
if (agent !== "claude") throw new Error(`Unsupported agent: ${agent}`);
setupGitAuth(githubInstallationToken, repoContext);
+13 -3
View File
@@ -2,7 +2,7 @@ import { type } from "arktype";
import { claude } from "./agents/claude.ts";
import { createMcpConfigs } from "./mcp/config.ts";
import packageJson from "./package.json" with { type: "json" };
import { getRepoSettings } from "./utils/api.ts";
import { DEFAULT_REPO_SETTINGS, getRepoSettings, type RepoSettings } from "./utils/api.ts";
import { log } from "./utils/cli.ts";
import {
parseRepoContext,
@@ -34,14 +34,24 @@ export async function main(inputs: Inputs): Promise<MainResult> {
setupGitConfig();
const { githubInstallationToken, wasAcquired } = await setupGitHubInstallationToken();
const { githubInstallationToken, wasAcquired, isFallbackToken } =
await setupGitHubInstallationToken();
if (wasAcquired) {
tokenToRevoke = githubInstallationToken;
}
const repoContext = parseRepoContext();
// Fetch repo settings (agent, permissions, workflows) from API
const repoSettings = await getRepoSettings(githubInstallationToken, repoContext);
// Skip API call if we're using GITHUB_TOKEN fallback (app not installed)
let repoSettings: RepoSettings;
if (isFallbackToken) {
log.info("Using default repository settings (app not installed)");
repoSettings = DEFAULT_REPO_SETTINGS;
} else {
log.info("Fetching repository settings...");
repoSettings = await getRepoSettings(githubInstallationToken, repoContext);
log.info("Repository settings fetched");
}
const agent = repoSettings.defaultAgent || "claude";
if (agent !== "claude") throw new Error(`Unsupported agent: ${agent}`);
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "@pullfrog/action",
"version": "0.0.91",
"version": "0.0.96",
"type": "module",
"files": [
"index.js",
+11 -2
View File
@@ -13,7 +13,7 @@ export interface RepoSettings {
}>;
}
const DEFAULT_REPO_SETTINGS: RepoSettings = {
export const DEFAULT_REPO_SETTINGS: RepoSettings = {
defaultAgent: null,
webAccessLevel: "full_access",
webAccessAllowTrusted: false,
@@ -32,6 +32,11 @@ export async function getRepoSettings(
): Promise<RepoSettings> {
const apiUrl = process.env.API_URL || "https://pullfrog.ai";
// Add timeout to prevent hanging (5 seconds)
const timeoutMs = 5000;
const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
try {
const response = await fetch(
`${apiUrl}/api/repo/${repoContext.owner}/${repoContext.name}/settings`,
@@ -41,9 +46,12 @@ export async function getRepoSettings(
Authorization: `Bearer ${token}`,
"Content-Type": "application/json",
},
signal: controller.signal,
}
);
clearTimeout(timeoutId);
if (!response.ok) {
// If API returns 404 or other error, fall back to defaults
return DEFAULT_REPO_SETTINGS;
@@ -58,7 +66,8 @@ export async function getRepoSettings(
return settings;
} catch {
// If fetch fails (network error, etc.), fall back to defaults
clearTimeout(timeoutId);
// If fetch fails (network error, timeout, etc.), fall back to defaults
return DEFAULT_REPO_SETTINGS;
}
}
+40 -5
View File
@@ -49,6 +49,10 @@ function checkExistingToken(): string | null {
return inputToken || envToken || null;
}
function getGitHubTokenInput(): string | null {
return core.getInput("github_token") || null;
}
function isGitHubActionsEnvironment(): boolean {
return Boolean(process.env.GITHUB_ACTIONS);
}
@@ -255,23 +259,54 @@ async function acquireNewToken(): Promise<string | null> {
}
function getDefaultGitHubToken(): string | null {
return process.env.GITHUB_TOKEN || null;
// Try input first (explicitly passed from workflow)
const inputToken = getGitHubTokenInput();
if (inputToken) {
return inputToken;
}
// Then try environment variable (automatically set by GitHub Actions)
const token = process.env.GITHUB_TOKEN;
// Log diagnostic info when GITHUB_TOKEN is missing
if (!token && isGitHubActionsEnvironment()) {
const githubEnvVars = Object.keys(process.env)
.filter((key) => key.startsWith("GITHUB_"))
.reduce(
(acc, key) => {
acc[key] =
key === "GITHUB_TOKEN"
? process.env[key]
? "***SET***"
: "NOT_SET"
: process.env[key];
return acc;
},
{} as Record<string, string | undefined>
);
log.warning(
`GITHUB_TOKEN not found. Available GITHUB_* env vars: ${JSON.stringify(githubEnvVars)}`
);
}
return token || null;
}
/**
* Setup GitHub installation token for the action
* Returns the token and whether it was acquired (needs revocation)
* Returns the token, whether it was acquired (needs revocation), and whether we fell back to GITHUB_TOKEN
* Falls back to GITHUB_TOKEN if app is not installed
*/
export async function setupGitHubInstallationToken(): Promise<{
githubInstallationToken: string;
wasAcquired: boolean;
isFallbackToken: boolean;
}> {
const existingToken = checkExistingToken();
if (existingToken) {
core.setSecret(existingToken);
log.info("Using provided GitHub installation token");
return { githubInstallationToken: existingToken, wasAcquired: false };
return { githubInstallationToken: existingToken, wasAcquired: false, isFallbackToken: false };
}
const acquiredToken = await acquireNewToken();
@@ -288,13 +323,13 @@ export async function setupGitHubInstallationToken(): Promise<{
log.info("Using GITHUB_TOKEN (app not installed or token exchange failed)");
core.setSecret(defaultToken);
process.env.GITHUB_INSTALLATION_TOKEN = defaultToken;
return { githubInstallationToken: defaultToken, wasAcquired: false };
return { githubInstallationToken: defaultToken, wasAcquired: false, isFallbackToken: true };
}
core.setSecret(acquiredToken);
process.env.GITHUB_INSTALLATION_TOKEN = acquiredToken;
return { githubInstallationToken: acquiredToken, wasAcquired: true };
return { githubInstallationToken: acquiredToken, wasAcquired: true, isFallbackToken: false };
}
/**