230 lines
7.2 KiB
TypeScript
230 lines
7.2 KiB
TypeScript
import { spawnSync } from "node:child_process";
|
|
import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
|
|
import { tmpdir } from "node:os";
|
|
import { join } from "node:path";
|
|
|
|
type JsonRecord = Record<string, unknown>;
|
|
|
|
interface CliResult {
|
|
status: number | null;
|
|
ok: boolean;
|
|
json: JsonRecord | null;
|
|
stdoutBytes: number;
|
|
stderrBytes: number;
|
|
stdoutPreview?: string;
|
|
stderrPreview?: string;
|
|
}
|
|
|
|
const DEFAULT_REPO = "pikasTech/unidesk";
|
|
const DEFAULT_BASE = "master";
|
|
const DEFAULT_HEAD = "code-queue/pr-preflight-example";
|
|
const DEFAULT_COMMENT_PR = "1";
|
|
const PREVIEW_CHARS = 400;
|
|
|
|
function optionValue(args: string[], name: string, defaultValue: string): string {
|
|
const index = args.indexOf(name);
|
|
if (index === -1) return defaultValue;
|
|
const value = args[index + 1];
|
|
if (value === undefined || value.length === 0 || value.startsWith("--")) throw new Error(`${name} requires a value`);
|
|
return value;
|
|
}
|
|
|
|
function secrets(): string[] {
|
|
return [process.env.GH_TOKEN, process.env.GITHUB_TOKEN].filter((value): value is string => value !== undefined && value.length > 0);
|
|
}
|
|
|
|
function redactText(text: string): string {
|
|
let redacted = text;
|
|
for (const secret of secrets()) {
|
|
redacted = redacted.split(secret).join("<redacted>");
|
|
}
|
|
return redacted;
|
|
}
|
|
|
|
function redactUnknown(value: unknown): unknown {
|
|
if (typeof value === "string") return redactText(value);
|
|
if (Array.isArray(value)) return value.map(redactUnknown);
|
|
if (typeof value === "object" && value !== null) {
|
|
const entries = Object.entries(value).map(([key, entry]) => [key, redactUnknown(entry)]);
|
|
return Object.fromEntries(entries);
|
|
}
|
|
return value;
|
|
}
|
|
|
|
function preview(text: string): string {
|
|
return redactText(text.length > PREVIEW_CHARS ? `${text.slice(0, PREVIEW_CHARS)}...` : text);
|
|
}
|
|
|
|
function runCli(args: string[]): CliResult {
|
|
const result = spawnSync("bun", ["scripts/cli.ts", ...args], {
|
|
cwd: process.cwd(),
|
|
env: process.env,
|
|
encoding: "utf8",
|
|
timeout: 30_000,
|
|
});
|
|
const stdout = result.stdout ?? "";
|
|
const stderr = result.stderr ?? "";
|
|
let json: JsonRecord | null = null;
|
|
try {
|
|
json = redactUnknown(JSON.parse(stdout) as unknown) as JsonRecord;
|
|
} catch {
|
|
json = null;
|
|
}
|
|
return {
|
|
status: result.status,
|
|
ok: result.status === 0 && json?.ok === true,
|
|
json,
|
|
stdoutBytes: Buffer.byteLength(stdout),
|
|
stderrBytes: Buffer.byteLength(stderr),
|
|
...(json === null && stdout.length > 0 ? { stdoutPreview: preview(stdout) } : {}),
|
|
...(stderr.length > 0 ? { stderrPreview: preview(stderr) } : {}),
|
|
};
|
|
}
|
|
|
|
function dataOf(result: CliResult): JsonRecord | null {
|
|
const data = result.json?.data;
|
|
return typeof data === "object" && data !== null && !Array.isArray(data) ? data as JsonRecord : null;
|
|
}
|
|
|
|
function envTokenProbe(): JsonRecord {
|
|
if (process.env.GH_TOKEN && process.env.GH_TOKEN.length > 0) return { ok: true, present: true, source: "GH_TOKEN" };
|
|
if (process.env.GITHUB_TOKEN && process.env.GITHUB_TOKEN.length > 0) return { ok: true, present: true, source: "GITHUB_TOKEN" };
|
|
return {
|
|
ok: false,
|
|
present: false,
|
|
source: null,
|
|
message: "Runner PR workflow requires GH_TOKEN or GITHUB_TOKEN in the environment; token values must never be printed.",
|
|
};
|
|
}
|
|
|
|
function dryRunSummary(result: CliResult): JsonRecord {
|
|
const data = dataOf(result);
|
|
return {
|
|
ok: result.ok,
|
|
status: result.status,
|
|
stdoutBytes: result.stdoutBytes,
|
|
stderrBytes: result.stderrBytes,
|
|
...(data === null ? {} : {
|
|
command: data.command,
|
|
dryRun: data.dryRun,
|
|
planned: data.planned,
|
|
repo: data.repo,
|
|
base: data.base,
|
|
head: data.head,
|
|
issueNumber: data.issueNumber,
|
|
bodyChars: data.bodyChars,
|
|
request: data.request,
|
|
}),
|
|
...(result.stdoutPreview === undefined ? {} : { stdoutPreview: result.stdoutPreview }),
|
|
...(result.stderrPreview === undefined ? {} : { stderrPreview: result.stderrPreview }),
|
|
};
|
|
}
|
|
|
|
function main(): void {
|
|
const args = process.argv.slice(2);
|
|
if (args.includes("--help") || args.includes("-h")) {
|
|
process.stdout.write(`${JSON.stringify({
|
|
ok: true,
|
|
command: "code-queue-pr-preflight-example",
|
|
usage: "bun scripts/code-queue-pr-preflight-example.ts [--repo owner/name] [--base branch] [--head branch] [--comment-pr number]",
|
|
note: "Read-only/dry-run runner preflight. It checks GH_TOKEN/GITHUB_TOKEN presence, GitHub REST egress and repo visibility through gh auth status, then exercises PR create/comment dry-run paths without creating or merging a PR.",
|
|
}, null, 2)}\n`);
|
|
return;
|
|
}
|
|
|
|
const repo = optionValue(args, "--repo", DEFAULT_REPO);
|
|
const base = optionValue(args, "--base", DEFAULT_BASE);
|
|
const head = optionValue(args, "--head", process.env.CODE_QUEUE_HEAD_BRANCH ?? DEFAULT_HEAD);
|
|
const commentPr = optionValue(args, "--comment-pr", DEFAULT_COMMENT_PR);
|
|
const tmp = mkdtempSync(join(tmpdir(), "unidesk-pr-preflight-"));
|
|
const bodyFile = join(tmp, "body.md");
|
|
writeFileSync(bodyFile, [
|
|
"# Code Queue PR preflight",
|
|
"",
|
|
"This file is used only for local dry-run planning.",
|
|
"",
|
|
].join("\n"), "utf8");
|
|
|
|
try {
|
|
const token = envTokenProbe();
|
|
const auth = runCli(["gh", "auth", "status", "--repo", repo]);
|
|
const createDryRun = runCli([
|
|
"gh",
|
|
"pr",
|
|
"create",
|
|
"--repo",
|
|
repo,
|
|
"--title",
|
|
"Code Queue PR preflight dry run",
|
|
"--body-file",
|
|
bodyFile,
|
|
"--base",
|
|
base,
|
|
"--head",
|
|
head,
|
|
"--dry-run",
|
|
]);
|
|
const commentDryRun = runCli([
|
|
"gh",
|
|
"pr",
|
|
"comment",
|
|
commentPr,
|
|
"--repo",
|
|
repo,
|
|
"--body-file",
|
|
bodyFile,
|
|
"--dry-run",
|
|
]);
|
|
const authData = dataOf(auth);
|
|
const ok = token.ok === true && auth.ok && createDryRun.ok && commentDryRun.ok;
|
|
process.stdout.write(`${JSON.stringify({
|
|
ok,
|
|
command: "code-queue-pr-preflight-example",
|
|
repo,
|
|
base,
|
|
head,
|
|
commentPr,
|
|
checks: {
|
|
envToken: token,
|
|
githubAuthStatus: {
|
|
ok: auth.ok,
|
|
status: auth.status,
|
|
stdoutBytes: auth.stdoutBytes,
|
|
stderrBytes: auth.stderrBytes,
|
|
...(authData === null ? {} : {
|
|
degraded: authData.degraded,
|
|
token: authData.token,
|
|
probes: authData.probes,
|
|
restFallback: authData.restFallback,
|
|
}),
|
|
...(auth.stdoutPreview === undefined ? {} : { stdoutPreview: auth.stdoutPreview }),
|
|
...(auth.stderrPreview === undefined ? {} : { stderrPreview: auth.stderrPreview }),
|
|
},
|
|
prCreateDryRun: dryRunSummary(createDryRun),
|
|
prCommentDryRun: dryRunSummary(commentDryRun),
|
|
},
|
|
safety: {
|
|
writesRemote: false,
|
|
createsPullRequest: false,
|
|
commentsPullRequest: false,
|
|
mergesPullRequest: false,
|
|
tokenValuesPrinted: false,
|
|
},
|
|
}, null, 2)}\n`);
|
|
if (!ok) process.exitCode = 1;
|
|
} finally {
|
|
rmSync(tmp, { recursive: true, force: true });
|
|
}
|
|
}
|
|
|
|
try {
|
|
main();
|
|
} catch (error) {
|
|
process.stdout.write(`${JSON.stringify({
|
|
ok: false,
|
|
command: "code-queue-pr-preflight-example",
|
|
error: redactText(error instanceof Error ? error.message : String(error)),
|
|
}, null, 2)}\n`);
|
|
process.exitCode = 1;
|
|
}
|