docs: add code queue PR preflight template

This commit is contained in:
Codex
2026-05-20 13:39:17 +00:00
parent 674cb59e85
commit 0464aa01a8
6 changed files with 323 additions and 7 deletions
+229
View File
@@ -0,0 +1,229 @@
import { spawnSync } from "node:child_process";
import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
import { tmpdir } from "node:os";
import { join } from "node:path";
type JsonRecord = Record<string, unknown>;
interface CliResult {
status: number | null;
ok: boolean;
json: JsonRecord | null;
stdoutBytes: number;
stderrBytes: number;
stdoutPreview?: string;
stderrPreview?: string;
}
const DEFAULT_REPO = "pikasTech/unidesk";
const DEFAULT_BASE = "master";
const DEFAULT_HEAD = "code-queue/pr-preflight-example";
const DEFAULT_COMMENT_PR = "1";
const PREVIEW_CHARS = 400;
function optionValue(args: string[], name: string, defaultValue: string): string {
const index = args.indexOf(name);
if (index === -1) return defaultValue;
const value = args[index + 1];
if (value === undefined || value.length === 0 || value.startsWith("--")) throw new Error(`${name} requires a value`);
return value;
}
function secrets(): string[] {
return [process.env.GH_TOKEN, process.env.GITHUB_TOKEN].filter((value): value is string => value !== undefined && value.length > 0);
}
function redactText(text: string): string {
let redacted = text;
for (const secret of secrets()) {
redacted = redacted.split(secret).join("<redacted>");
}
return redacted;
}
function redactUnknown(value: unknown): unknown {
if (typeof value === "string") return redactText(value);
if (Array.isArray(value)) return value.map(redactUnknown);
if (typeof value === "object" && value !== null) {
const entries = Object.entries(value).map(([key, entry]) => [key, redactUnknown(entry)]);
return Object.fromEntries(entries);
}
return value;
}
function preview(text: string): string {
return redactText(text.length > PREVIEW_CHARS ? `${text.slice(0, PREVIEW_CHARS)}...` : text);
}
function runCli(args: string[]): CliResult {
const result = spawnSync("bun", ["scripts/cli.ts", ...args], {
cwd: process.cwd(),
env: process.env,
encoding: "utf8",
timeout: 30_000,
});
const stdout = result.stdout ?? "";
const stderr = result.stderr ?? "";
let json: JsonRecord | null = null;
try {
json = redactUnknown(JSON.parse(stdout) as unknown) as JsonRecord;
} catch {
json = null;
}
return {
status: result.status,
ok: result.status === 0 && json?.ok === true,
json,
stdoutBytes: Buffer.byteLength(stdout),
stderrBytes: Buffer.byteLength(stderr),
...(json === null && stdout.length > 0 ? { stdoutPreview: preview(stdout) } : {}),
...(stderr.length > 0 ? { stderrPreview: preview(stderr) } : {}),
};
}
function dataOf(result: CliResult): JsonRecord | null {
const data = result.json?.data;
return typeof data === "object" && data !== null && !Array.isArray(data) ? data as JsonRecord : null;
}
function envTokenProbe(): JsonRecord {
if (process.env.GH_TOKEN && process.env.GH_TOKEN.length > 0) return { ok: true, present: true, source: "GH_TOKEN" };
if (process.env.GITHUB_TOKEN && process.env.GITHUB_TOKEN.length > 0) return { ok: true, present: true, source: "GITHUB_TOKEN" };
return {
ok: false,
present: false,
source: null,
message: "Runner PR workflow requires GH_TOKEN or GITHUB_TOKEN in the environment; token values must never be printed.",
};
}
function dryRunSummary(result: CliResult): JsonRecord {
const data = dataOf(result);
return {
ok: result.ok,
status: result.status,
stdoutBytes: result.stdoutBytes,
stderrBytes: result.stderrBytes,
...(data === null ? {} : {
command: data.command,
dryRun: data.dryRun,
planned: data.planned,
repo: data.repo,
base: data.base,
head: data.head,
issueNumber: data.issueNumber,
bodyChars: data.bodyChars,
request: data.request,
}),
...(result.stdoutPreview === undefined ? {} : { stdoutPreview: result.stdoutPreview }),
...(result.stderrPreview === undefined ? {} : { stderrPreview: result.stderrPreview }),
};
}
function main(): void {
const args = process.argv.slice(2);
if (args.includes("--help") || args.includes("-h")) {
process.stdout.write(`${JSON.stringify({
ok: true,
command: "code-queue-pr-preflight-example",
usage: "bun scripts/code-queue-pr-preflight-example.ts [--repo owner/name] [--base branch] [--head branch] [--comment-pr number]",
note: "Read-only/dry-run runner preflight. It checks GH_TOKEN/GITHUB_TOKEN presence, GitHub REST egress and repo visibility through gh auth status, then exercises PR create/comment dry-run paths without creating or merging a PR.",
}, null, 2)}\n`);
return;
}
const repo = optionValue(args, "--repo", DEFAULT_REPO);
const base = optionValue(args, "--base", DEFAULT_BASE);
const head = optionValue(args, "--head", process.env.CODE_QUEUE_HEAD_BRANCH ?? DEFAULT_HEAD);
const commentPr = optionValue(args, "--comment-pr", DEFAULT_COMMENT_PR);
const tmp = mkdtempSync(join(tmpdir(), "unidesk-pr-preflight-"));
const bodyFile = join(tmp, "body.md");
writeFileSync(bodyFile, [
"# Code Queue PR preflight",
"",
"This file is used only for local dry-run planning.",
"",
].join("\n"), "utf8");
try {
const token = envTokenProbe();
const auth = runCli(["gh", "auth", "status", "--repo", repo]);
const createDryRun = runCli([
"gh",
"pr",
"create",
"--repo",
repo,
"--title",
"Code Queue PR preflight dry run",
"--body-file",
bodyFile,
"--base",
base,
"--head",
head,
"--dry-run",
]);
const commentDryRun = runCli([
"gh",
"pr",
"comment",
commentPr,
"--repo",
repo,
"--body-file",
bodyFile,
"--dry-run",
]);
const authData = dataOf(auth);
const ok = token.ok === true && auth.ok && createDryRun.ok && commentDryRun.ok;
process.stdout.write(`${JSON.stringify({
ok,
command: "code-queue-pr-preflight-example",
repo,
base,
head,
commentPr,
checks: {
envToken: token,
githubAuthStatus: {
ok: auth.ok,
status: auth.status,
stdoutBytes: auth.stdoutBytes,
stderrBytes: auth.stderrBytes,
...(authData === null ? {} : {
degraded: authData.degraded,
token: authData.token,
probes: authData.probes,
restFallback: authData.restFallback,
}),
...(auth.stdoutPreview === undefined ? {} : { stdoutPreview: auth.stdoutPreview }),
...(auth.stderrPreview === undefined ? {} : { stderrPreview: auth.stderrPreview }),
},
prCreateDryRun: dryRunSummary(createDryRun),
prCommentDryRun: dryRunSummary(commentDryRun),
},
safety: {
writesRemote: false,
createsPullRequest: false,
commentsPullRequest: false,
mergesPullRequest: false,
tokenValuesPrinted: false,
},
}, null, 2)}\n`);
if (!ok) process.exitCode = 1;
} finally {
rmSync(tmp, { recursive: true, force: true });
}
}
try {
main();
} catch (error) {
process.stdout.write(`${JSON.stringify({
ok: false,
command: "code-queue-pr-preflight-example",
error: redactText(error instanceof Error ? error.message : String(error)),
}, null, 2)}\n`);
process.exitCode = 1;
}