Compare commits
33 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
af6ad2c4ac | ||
|
|
9446d602a4 | ||
|
|
9739430845 | ||
|
|
e105a5ce41 | ||
|
|
65a8d298fc | ||
|
|
1f6750a867 | ||
|
|
3a4bd7a335 | ||
|
|
09488142e3 | ||
|
|
c729573012 | ||
|
|
fa073b82c5 | ||
|
|
1157ae8180 | ||
|
|
39e1ff891d | ||
|
|
2da133cc84 | ||
|
|
121a7cf487 | ||
|
|
e06ed630a2 | ||
|
|
230b1cd3d0 | ||
|
|
3d8acac3cb | ||
|
|
d46015cb8d | ||
|
|
b44f5a29f4 | ||
|
|
a6d96d58d5 | ||
|
|
4eebe5ea25 | ||
|
|
cf1eafb00d | ||
|
|
debf34cf91 | ||
|
|
541dd69625 | ||
|
|
f65d1a34dc | ||
|
|
9d962e5274 | ||
|
|
8b38b47848 | ||
|
|
b7792492cd | ||
|
|
a2600c61b7 | ||
|
|
306ffe21b9 | ||
|
|
326b9a12f4 | ||
|
|
8207a8ca01 | ||
|
|
c6c19e0fb7 |
2
.github/workflows/check-dist.yml
vendored
2
.github/workflows/check-dist.yml
vendored
@@ -43,7 +43,7 @@ jobs:
|
||||
|
||||
- name: Build dist/ Directory
|
||||
id: build
|
||||
run: npm run bundle
|
||||
run: npm run package
|
||||
|
||||
# This will fail the workflow if the `dist/` directory is different than
|
||||
# expected.
|
||||
|
||||
2
.github/workflows/licensed.yml
vendored
2
.github/workflows/licensed.yml
vendored
@@ -42,7 +42,7 @@ jobs:
|
||||
|
||||
- name: Setup Ruby
|
||||
id: setup-ruby
|
||||
uses: ruby/setup-ruby@8aeb6ff8030dd539317f8e1769a044873b56ea71
|
||||
uses: ruby/setup-ruby@4eb9f110bac952a8b68ecf92e3b5c7a987594ba6
|
||||
with:
|
||||
ruby-version: ruby
|
||||
|
||||
|
||||
2
.github/workflows/linter.yml
vendored
2
.github/workflows/linter.yml
vendored
@@ -38,7 +38,7 @@ jobs:
|
||||
|
||||
- name: Lint Codebase
|
||||
id: super-linter
|
||||
uses: super-linter/super-linter/slim@5119dcd8011e92182ce8219d9e9efc82f16fddb6
|
||||
uses: super-linter/super-linter/slim@61abc07d755095a68f4987d1c2c3d1d64408f1f9
|
||||
env:
|
||||
DEFAULT_BRANCH: main
|
||||
FILTER_REGEX_EXCLUDE: dist/**/*
|
||||
|
||||
@@ -16,6 +16,6 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Update the ${{ env.TAG_NAME }} tag
|
||||
uses: actions/publish-action@v0.3.0
|
||||
uses: actions/publish-action@v0.4.0
|
||||
with:
|
||||
source-tag: ${{ env.TAG_NAME }}
|
||||
|
||||
@@ -9,3 +9,4 @@ export const getBooleanInput = vi.fn<typeof core.getBooleanInput>()
|
||||
export const setOutput = vi.fn<typeof core.setOutput>()
|
||||
export const setFailed = vi.fn<typeof core.setFailed>()
|
||||
export const warning = vi.fn<typeof core.warning>()
|
||||
export const setSecret = vi.fn<typeof core.setSecret>()
|
||||
|
||||
@@ -150,9 +150,9 @@ X-Custom-Header: custom-value`
|
||||
header2: 'value2',
|
||||
'X-Custom-Header': 'custom-value',
|
||||
})
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: header1: value1')
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: header2: value2')
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: X-Custom-Header: custom-value')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: header1: value1')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: header2: value2')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: X-Custom-Header: custom-value')
|
||||
})
|
||||
|
||||
it('parses JSON format headers correctly', () => {
|
||||
@@ -165,9 +165,9 @@ X-Custom-Header: custom-value`
|
||||
header2: 'value2',
|
||||
'X-Team': 'engineering',
|
||||
})
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: header1: value1')
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: header2: value2')
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: X-Team: engineering')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: header1: value1')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: header2: value2')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: X-Team: engineering')
|
||||
})
|
||||
|
||||
it('returns empty object for empty input', () => {
|
||||
@@ -194,13 +194,13 @@ password: pass123`
|
||||
})
|
||||
|
||||
// Sensitive headers should be masked
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: Ocp-Apim-Subscription-Key: ***MASKED***')
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: X-Api-Token: ***MASKED***')
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: Authorization: ***MASKED***')
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: password: ***MASKED***')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: Ocp-Apim-Subscription-Key: ***MASKED***')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: X-Api-Token: ***MASKED***')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: Authorization: ***MASKED***')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: password: ***MASKED***')
|
||||
|
||||
// Non-sensitive headers should not be masked
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: serviceName: my-service')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: serviceName: my-service')
|
||||
})
|
||||
|
||||
it('validates header names and skips invalid ones', () => {
|
||||
@@ -214,13 +214,11 @@ valid123: value5`
|
||||
|
||||
expect(result).toEqual({
|
||||
'valid-header': 'value1',
|
||||
invalid_underscore: 'value3',
|
||||
valid123: 'value5',
|
||||
})
|
||||
|
||||
expect(core.warning).toHaveBeenCalledWith(expect.stringContaining('Skipping invalid header name: invalid header'))
|
||||
expect(core.warning).toHaveBeenCalledWith(
|
||||
expect.stringContaining('Skipping invalid header name: invalid_underscore'),
|
||||
)
|
||||
expect(core.warning).toHaveBeenCalledWith(expect.stringContaining('Skipping invalid header name: invalid@header'))
|
||||
})
|
||||
|
||||
@@ -367,8 +365,8 @@ systemID: terraform-ci`
|
||||
})
|
||||
|
||||
// Only the subscription key should be masked
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: Ocp-Apim-Subscription-Key: ***MASKED***')
|
||||
expect(core.info).toHaveBeenCalledWith('Custom header added: serviceName: terraform-plan-workflow')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: Ocp-Apim-Subscription-Key: ***MASKED***')
|
||||
expect(core.debug).toHaveBeenCalledWith('Custom header added: serviceName: terraform-plan-workflow')
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
@@ -58,7 +58,7 @@ describe('inference.ts', () => {
|
||||
|
||||
expect(result).toBe('Hello, user!')
|
||||
expect(core.info).toHaveBeenCalledWith('Running simple inference without tools')
|
||||
expect(core.info).toHaveBeenCalledWith('Model response: Hello, user!')
|
||||
expect(core.debug).toHaveBeenCalledWith('Model response: Hello, user!')
|
||||
|
||||
// Verify the request structure
|
||||
expect(mockCreate).toHaveBeenCalledWith({
|
||||
@@ -136,7 +136,7 @@ describe('inference.ts', () => {
|
||||
const result = await simpleInference(mockRequest)
|
||||
|
||||
expect(result).toBeNull()
|
||||
expect(core.info).toHaveBeenCalledWith('Model response: No response content')
|
||||
expect(core.debug).toHaveBeenCalledWith('Model response: No response content')
|
||||
})
|
||||
|
||||
it('includes response format when specified', async () => {
|
||||
|
||||
@@ -136,6 +136,7 @@ describe('main.ts', () => {
|
||||
await run()
|
||||
|
||||
expect(core.setOutput).toHaveBeenCalled()
|
||||
expect(core.setSecret).toHaveBeenCalledWith('fake-token')
|
||||
verifyStandardResponse()
|
||||
expect(mockProcessExit).toHaveBeenCalledWith(0)
|
||||
})
|
||||
@@ -199,6 +200,7 @@ describe('main.ts', () => {
|
||||
|
||||
await run()
|
||||
|
||||
expect(core.setSecret).toHaveBeenCalledWith('fake-token')
|
||||
expect(mockConnectToGitHubMCP).toHaveBeenCalledWith('fake-token', '')
|
||||
expect(mockMcpInference).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
|
||||
@@ -177,8 +177,8 @@ describe('mcp.ts', () => {
|
||||
name: 'test-tool',
|
||||
content: JSON.stringify(toolResult.content),
|
||||
})
|
||||
expect(core.info).toHaveBeenCalledWith('Executing GitHub MCP tool: test-tool with args: {"param": "value"}')
|
||||
expect(core.info).toHaveBeenCalledWith('GitHub MCP tool test-tool executed successfully')
|
||||
expect(core.debug).toHaveBeenCalledWith('Executing GitHub MCP tool: test-tool with args: {"param": "value"}')
|
||||
expect(core.debug).toHaveBeenCalledWith('GitHub MCP tool test-tool executed successfully')
|
||||
})
|
||||
|
||||
it('handles tool execution errors gracefully', async () => {
|
||||
|
||||
@@ -135,5 +135,17 @@ describe('prompt.ts', () => {
|
||||
it('errors on missing files', () => {
|
||||
expect(() => parseFileTemplateVariables('x: ./does-not-exist.txt')).toThrow('was not found')
|
||||
})
|
||||
|
||||
it('errors on non-string file paths', () => {
|
||||
expect(() => parseFileTemplateVariables('x: 123')).toThrow(
|
||||
"File template variable 'x' must be a string file path",
|
||||
)
|
||||
expect(() => parseFileTemplateVariables('x: true')).toThrow(
|
||||
"File template variable 'x' must be a string file path",
|
||||
)
|
||||
expect(() => parseFileTemplateVariables('x: { nested: "object" }')).toThrow(
|
||||
"File template variable 'x' must be a string file path",
|
||||
)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
@@ -46,7 +46,7 @@ export default [
|
||||
|
||||
parserOptions: {
|
||||
project: ['tsconfig.eslint.json'],
|
||||
tsconfigRootDir: '.',
|
||||
tsconfigRootDir: __dirname,
|
||||
},
|
||||
},
|
||||
|
||||
|
||||
984
package-lock.json
generated
984
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
28
package.json
28
package.json
@@ -23,11 +23,11 @@
|
||||
"license": "MIT",
|
||||
"prettier": "@github/prettier-config",
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.11.1",
|
||||
"@modelcontextprotocol/sdk": "^1.25.2",
|
||||
"@actions/core": "^3.0.0",
|
||||
"@modelcontextprotocol/sdk": "^1.26.0",
|
||||
"@types/tmp": "^0.2.6",
|
||||
"js-yaml": "^4.1.1",
|
||||
"openai": "^5.11.0",
|
||||
"openai": "^6.28.0",
|
||||
"pkce-challenge": "^5.0.0",
|
||||
"tmp": "^0.2.4"
|
||||
},
|
||||
@@ -37,21 +37,21 @@
|
||||
"@github/prettier-config": "^0.0.6",
|
||||
"@rollup/plugin-commonjs": "^28.0.5",
|
||||
"@rollup/plugin-json": "^6.1.0",
|
||||
"@rollup/plugin-node-resolve": "^16.0.1",
|
||||
"@rollup/plugin-typescript": "^12.1.2",
|
||||
"@rollup/plugin-node-resolve": "^16.0.3",
|
||||
"@rollup/plugin-typescript": "^12.3.0",
|
||||
"@types/js-yaml": "^4.0.9",
|
||||
"@types/node": "^24.1.0",
|
||||
"@typescript-eslint/eslint-plugin": "^8.34.0",
|
||||
"@types/node": "^24.12.0",
|
||||
"@typescript-eslint/eslint-plugin": "^8.57.0",
|
||||
"@typescript-eslint/parser": "^8.32.1",
|
||||
"eslint": "^9.29.0",
|
||||
"eslint-config-prettier": "^10.1.5",
|
||||
"eslint-import-resolver-typescript": "^4.4.3",
|
||||
"eslint-plugin-import": "^2.31.0",
|
||||
"eslint-plugin-prettier": "^5.4.1",
|
||||
"prettier": "^3.5.3",
|
||||
"eslint-config-prettier": "^10.1.8",
|
||||
"eslint-import-resolver-typescript": "^4.4.4",
|
||||
"eslint-plugin-import": "^2.32.0",
|
||||
"eslint-plugin-prettier": "^5.5.5",
|
||||
"prettier": "^3.8.1",
|
||||
"prettier-eslint": "^16.4.2",
|
||||
"rollup": "^4.43.0",
|
||||
"typescript": "^5.8.3",
|
||||
"rollup": "^4.59.0",
|
||||
"typescript": "^5.9.3",
|
||||
"vitest": "^3"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
|
||||
@@ -121,9 +121,10 @@ function validateAndMaskHeaders(headers: Record<string, unknown>): Record<string
|
||||
const sensitivePatterns = ['key', 'token', 'secret', 'password', 'authorization']
|
||||
|
||||
for (const [name, value] of Object.entries(headers)) {
|
||||
// Validate header name (basic HTTP header name validation, RFC 7230: letters, digits, and hyphens)
|
||||
if (!/^[A-Za-z0-9-]+$/.test(name)) {
|
||||
core.warning(`Skipping invalid header name: ${name} (only alphanumeric characters and hyphens allowed)`)
|
||||
// Validate header name (RFC 7230: token = 1*tchar)
|
||||
// tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
|
||||
if (!/^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$/.test(name)) {
|
||||
core.warning(`Skipping invalid header name: ${name} (contains invalid characters)`)
|
||||
continue
|
||||
}
|
||||
|
||||
@@ -143,9 +144,9 @@ function validateAndMaskHeaders(headers: Record<string, unknown>): Record<string
|
||||
const lowerName = name.toLowerCase()
|
||||
const isSensitive = sensitivePatterns.some(pattern => lowerName.includes(pattern))
|
||||
if (isSensitive) {
|
||||
core.info(`Custom header added: ${name}: ***MASKED***`)
|
||||
core.debug(`Custom header added: ${name}: ***MASKED***`)
|
||||
} else {
|
||||
core.info(`Custom header added: ${name}: ${stringValue}`)
|
||||
core.debug(`Custom header added: ${name}: ${stringValue}`)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -76,7 +76,7 @@ export async function simpleInference(request: InferenceRequest): Promise<string
|
||||
|
||||
const response = await chatCompletion(client, chatCompletionRequest, 'simpleInference')
|
||||
const modelResponse = response.choices[0]?.message?.content
|
||||
core.info(`Model response: ${modelResponse || 'No response content'}`)
|
||||
core.debug(`Model response: ${modelResponse || 'No response content'}`)
|
||||
return modelResponse || null
|
||||
}
|
||||
|
||||
@@ -131,7 +131,7 @@ export async function mcpInference(
|
||||
const modelResponse = assistantMessage?.content
|
||||
const toolCalls = assistantMessage?.tool_calls
|
||||
|
||||
core.info(`Model response: ${modelResponse || 'No response content'}`)
|
||||
core.debug(`Model response: ${modelResponse || 'No response content'}`)
|
||||
|
||||
messages.push({
|
||||
role: 'assistant',
|
||||
@@ -196,16 +196,14 @@ async function chatCompletion(
|
||||
try {
|
||||
response = JSON.parse(response)
|
||||
} catch (e) {
|
||||
const preview = response.slice(0, 400)
|
||||
throw new Error(
|
||||
`${context}: Chat completion response was a string and not valid JSON (${(e as Error).message}). Preview: ${preview}`,
|
||||
`${context}: Chat completion response was a string and not valid JSON (${(e as Error).message})`,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
if (!response || typeof response !== 'object' || !('choices' in response)) {
|
||||
const preview = JSON.stringify(response)?.slice(0, 800)
|
||||
throw new Error(`${context}: Unexpected response shape (no choices). Preview: ${preview}`)
|
||||
throw new Error(`${context}: Unexpected response shape (no choices)`)
|
||||
}
|
||||
|
||||
return response as OpenAI.Chat.Completions.ChatCompletion
|
||||
|
||||
@@ -61,9 +61,12 @@ export async function run(): Promise<void> {
|
||||
if (token === undefined) {
|
||||
throw new Error('GITHUB_TOKEN is not set')
|
||||
}
|
||||
core.setSecret(token)
|
||||
|
||||
// Get GitHub MCP token (use dedicated token if provided, otherwise fall back to main token)
|
||||
const githubMcpToken = core.getInput('github-mcp-token') || token
|
||||
core.setSecret(githubMcpToken)
|
||||
|
||||
const githubMcpToolsets = core.getInput('github-mcp-toolsets')
|
||||
|
||||
const endpoint = core.getInput('endpoint')
|
||||
|
||||
@@ -96,7 +96,7 @@ export async function connectToGitHubMCP(token: string, toolsets?: string): Prom
|
||||
* Execute a single tool call via GitHub MCP
|
||||
*/
|
||||
export async function executeToolCall(githubMcpClient: Client, toolCall: ToolCall): Promise<ToolResult> {
|
||||
core.info(`Executing GitHub MCP tool: ${toolCall.function.name} with args: ${toolCall.function.arguments}`)
|
||||
core.debug(`Executing GitHub MCP tool: ${toolCall.function.name} with args: ${toolCall.function.arguments}`)
|
||||
|
||||
try {
|
||||
const args = JSON.parse(toolCall.function.arguments)
|
||||
@@ -106,7 +106,7 @@ export async function executeToolCall(githubMcpClient: Client, toolCall: ToolCal
|
||||
arguments: args,
|
||||
})
|
||||
|
||||
core.info(`GitHub MCP tool ${toolCall.function.name} executed successfully`)
|
||||
core.debug(`GitHub MCP tool ${toolCall.function.name} executed successfully`)
|
||||
|
||||
return {
|
||||
tool_call_id: toolCall.id,
|
||||
|
||||
Reference in New Issue
Block a user