docs: add code queue PR preflight template
This commit is contained in:
@@ -0,0 +1,229 @@
|
||||
import { spawnSync } from "node:child_process";
|
||||
import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
|
||||
import { tmpdir } from "node:os";
|
||||
import { join } from "node:path";
|
||||
|
||||
type JsonRecord = Record<string, unknown>;
|
||||
|
||||
interface CliResult {
|
||||
status: number | null;
|
||||
ok: boolean;
|
||||
json: JsonRecord | null;
|
||||
stdoutBytes: number;
|
||||
stderrBytes: number;
|
||||
stdoutPreview?: string;
|
||||
stderrPreview?: string;
|
||||
}
|
||||
|
||||
const DEFAULT_REPO = "pikasTech/unidesk";
|
||||
const DEFAULT_BASE = "master";
|
||||
const DEFAULT_HEAD = "code-queue/pr-preflight-example";
|
||||
const DEFAULT_COMMENT_PR = "1";
|
||||
const PREVIEW_CHARS = 400;
|
||||
|
||||
function optionValue(args: string[], name: string, defaultValue: string): string {
|
||||
const index = args.indexOf(name);
|
||||
if (index === -1) return defaultValue;
|
||||
const value = args[index + 1];
|
||||
if (value === undefined || value.length === 0 || value.startsWith("--")) throw new Error(`${name} requires a value`);
|
||||
return value;
|
||||
}
|
||||
|
||||
function secrets(): string[] {
|
||||
return [process.env.GH_TOKEN, process.env.GITHUB_TOKEN].filter((value): value is string => value !== undefined && value.length > 0);
|
||||
}
|
||||
|
||||
function redactText(text: string): string {
|
||||
let redacted = text;
|
||||
for (const secret of secrets()) {
|
||||
redacted = redacted.split(secret).join("<redacted>");
|
||||
}
|
||||
return redacted;
|
||||
}
|
||||
|
||||
function redactUnknown(value: unknown): unknown {
|
||||
if (typeof value === "string") return redactText(value);
|
||||
if (Array.isArray(value)) return value.map(redactUnknown);
|
||||
if (typeof value === "object" && value !== null) {
|
||||
const entries = Object.entries(value).map(([key, entry]) => [key, redactUnknown(entry)]);
|
||||
return Object.fromEntries(entries);
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
function preview(text: string): string {
|
||||
return redactText(text.length > PREVIEW_CHARS ? `${text.slice(0, PREVIEW_CHARS)}...` : text);
|
||||
}
|
||||
|
||||
function runCli(args: string[]): CliResult {
|
||||
const result = spawnSync("bun", ["scripts/cli.ts", ...args], {
|
||||
cwd: process.cwd(),
|
||||
env: process.env,
|
||||
encoding: "utf8",
|
||||
timeout: 30_000,
|
||||
});
|
||||
const stdout = result.stdout ?? "";
|
||||
const stderr = result.stderr ?? "";
|
||||
let json: JsonRecord | null = null;
|
||||
try {
|
||||
json = redactUnknown(JSON.parse(stdout) as unknown) as JsonRecord;
|
||||
} catch {
|
||||
json = null;
|
||||
}
|
||||
return {
|
||||
status: result.status,
|
||||
ok: result.status === 0 && json?.ok === true,
|
||||
json,
|
||||
stdoutBytes: Buffer.byteLength(stdout),
|
||||
stderrBytes: Buffer.byteLength(stderr),
|
||||
...(json === null && stdout.length > 0 ? { stdoutPreview: preview(stdout) } : {}),
|
||||
...(stderr.length > 0 ? { stderrPreview: preview(stderr) } : {}),
|
||||
};
|
||||
}
|
||||
|
||||
function dataOf(result: CliResult): JsonRecord | null {
|
||||
const data = result.json?.data;
|
||||
return typeof data === "object" && data !== null && !Array.isArray(data) ? data as JsonRecord : null;
|
||||
}
|
||||
|
||||
function envTokenProbe(): JsonRecord {
|
||||
if (process.env.GH_TOKEN && process.env.GH_TOKEN.length > 0) return { ok: true, present: true, source: "GH_TOKEN" };
|
||||
if (process.env.GITHUB_TOKEN && process.env.GITHUB_TOKEN.length > 0) return { ok: true, present: true, source: "GITHUB_TOKEN" };
|
||||
return {
|
||||
ok: false,
|
||||
present: false,
|
||||
source: null,
|
||||
message: "Runner PR workflow requires GH_TOKEN or GITHUB_TOKEN in the environment; token values must never be printed.",
|
||||
};
|
||||
}
|
||||
|
||||
function dryRunSummary(result: CliResult): JsonRecord {
|
||||
const data = dataOf(result);
|
||||
return {
|
||||
ok: result.ok,
|
||||
status: result.status,
|
||||
stdoutBytes: result.stdoutBytes,
|
||||
stderrBytes: result.stderrBytes,
|
||||
...(data === null ? {} : {
|
||||
command: data.command,
|
||||
dryRun: data.dryRun,
|
||||
planned: data.planned,
|
||||
repo: data.repo,
|
||||
base: data.base,
|
||||
head: data.head,
|
||||
issueNumber: data.issueNumber,
|
||||
bodyChars: data.bodyChars,
|
||||
request: data.request,
|
||||
}),
|
||||
...(result.stdoutPreview === undefined ? {} : { stdoutPreview: result.stdoutPreview }),
|
||||
...(result.stderrPreview === undefined ? {} : { stderrPreview: result.stderrPreview }),
|
||||
};
|
||||
}
|
||||
|
||||
function main(): void {
|
||||
const args = process.argv.slice(2);
|
||||
if (args.includes("--help") || args.includes("-h")) {
|
||||
process.stdout.write(`${JSON.stringify({
|
||||
ok: true,
|
||||
command: "code-queue-pr-preflight-example",
|
||||
usage: "bun scripts/code-queue-pr-preflight-example.ts [--repo owner/name] [--base branch] [--head branch] [--comment-pr number]",
|
||||
note: "Read-only/dry-run runner preflight. It checks GH_TOKEN/GITHUB_TOKEN presence, GitHub REST egress and repo visibility through gh auth status, then exercises PR create/comment dry-run paths without creating or merging a PR.",
|
||||
}, null, 2)}\n`);
|
||||
return;
|
||||
}
|
||||
|
||||
const repo = optionValue(args, "--repo", DEFAULT_REPO);
|
||||
const base = optionValue(args, "--base", DEFAULT_BASE);
|
||||
const head = optionValue(args, "--head", process.env.CODE_QUEUE_HEAD_BRANCH ?? DEFAULT_HEAD);
|
||||
const commentPr = optionValue(args, "--comment-pr", DEFAULT_COMMENT_PR);
|
||||
const tmp = mkdtempSync(join(tmpdir(), "unidesk-pr-preflight-"));
|
||||
const bodyFile = join(tmp, "body.md");
|
||||
writeFileSync(bodyFile, [
|
||||
"# Code Queue PR preflight",
|
||||
"",
|
||||
"This file is used only for local dry-run planning.",
|
||||
"",
|
||||
].join("\n"), "utf8");
|
||||
|
||||
try {
|
||||
const token = envTokenProbe();
|
||||
const auth = runCli(["gh", "auth", "status", "--repo", repo]);
|
||||
const createDryRun = runCli([
|
||||
"gh",
|
||||
"pr",
|
||||
"create",
|
||||
"--repo",
|
||||
repo,
|
||||
"--title",
|
||||
"Code Queue PR preflight dry run",
|
||||
"--body-file",
|
||||
bodyFile,
|
||||
"--base",
|
||||
base,
|
||||
"--head",
|
||||
head,
|
||||
"--dry-run",
|
||||
]);
|
||||
const commentDryRun = runCli([
|
||||
"gh",
|
||||
"pr",
|
||||
"comment",
|
||||
commentPr,
|
||||
"--repo",
|
||||
repo,
|
||||
"--body-file",
|
||||
bodyFile,
|
||||
"--dry-run",
|
||||
]);
|
||||
const authData = dataOf(auth);
|
||||
const ok = token.ok === true && auth.ok && createDryRun.ok && commentDryRun.ok;
|
||||
process.stdout.write(`${JSON.stringify({
|
||||
ok,
|
||||
command: "code-queue-pr-preflight-example",
|
||||
repo,
|
||||
base,
|
||||
head,
|
||||
commentPr,
|
||||
checks: {
|
||||
envToken: token,
|
||||
githubAuthStatus: {
|
||||
ok: auth.ok,
|
||||
status: auth.status,
|
||||
stdoutBytes: auth.stdoutBytes,
|
||||
stderrBytes: auth.stderrBytes,
|
||||
...(authData === null ? {} : {
|
||||
degraded: authData.degraded,
|
||||
token: authData.token,
|
||||
probes: authData.probes,
|
||||
restFallback: authData.restFallback,
|
||||
}),
|
||||
...(auth.stdoutPreview === undefined ? {} : { stdoutPreview: auth.stdoutPreview }),
|
||||
...(auth.stderrPreview === undefined ? {} : { stderrPreview: auth.stderrPreview }),
|
||||
},
|
||||
prCreateDryRun: dryRunSummary(createDryRun),
|
||||
prCommentDryRun: dryRunSummary(commentDryRun),
|
||||
},
|
||||
safety: {
|
||||
writesRemote: false,
|
||||
createsPullRequest: false,
|
||||
commentsPullRequest: false,
|
||||
mergesPullRequest: false,
|
||||
tokenValuesPrinted: false,
|
||||
},
|
||||
}, null, 2)}\n`);
|
||||
if (!ok) process.exitCode = 1;
|
||||
} finally {
|
||||
rmSync(tmp, { recursive: true, force: true });
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
main();
|
||||
} catch (error) {
|
||||
process.stdout.write(`${JSON.stringify({
|
||||
ok: false,
|
||||
command: "code-queue-pr-preflight-example",
|
||||
error: redactText(error instanceof Error ? error.message : String(error)),
|
||||
}, null, 2)}\n`);
|
||||
process.exitCode = 1;
|
||||
}
|
||||
Reference in New Issue
Block a user