-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Expand file tree
/
Copy pathrun.ts
More file actions
348 lines (318 loc) · 11.9 KB
/
run.ts
File metadata and controls
348 lines (318 loc) · 11.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
#!/usr/bin/env bun
/**
* Unified entrypoint for the Claude Code Action.
* Merges all previously separate action.yml steps (prepare, install, run, cleanup)
* into a single TypeScript orchestrator.
*/
import * as core from "@actions/core";
import { dirname } from "path";
import { spawn } from "child_process";
import { appendFile } from "fs/promises";
import { existsSync, readFileSync } from "fs";
import { setupGitHubToken, WorkflowValidationSkipError } from "../github/token";
import { checkWritePermissions } from "../github/validation/permissions";
import { createOctokit } from "../github/api/client";
import type { Octokits } from "../github/api/client";
import {
parseGitHubContext,
isEntityContext,
isPullRequestEvent,
isPullRequestReviewEvent,
isPullRequestReviewCommentEvent,
} from "../github/context";
import type { GitHubContext } from "../github/context";
import { detectMode } from "../modes/detector";
import { prepareTagMode } from "../modes/tag";
import { prepareAgentMode } from "../modes/agent";
import { checkContainsTrigger } from "../github/validation/trigger";
import { restoreConfigFromBase } from "../github/operations/restore-config";
import { validateBranchName } from "../github/operations/branch";
import { collectActionInputsPresence } from "./collect-inputs";
import { updateCommentLink } from "./update-comment-link";
import { formatTurnsFromData } from "./format-turns";
import type { Turn } from "./format-turns";
// Base-action imports (used directly instead of subprocess)
import { validateEnvironmentVariables } from "../../base-action/src/validate-env";
import { setupClaudeCodeSettings } from "../../base-action/src/setup-claude-code-settings";
import { installPlugins } from "../../base-action/src/install-plugins";
import { preparePrompt } from "../../base-action/src/prepare-prompt";
import { runClaude } from "../../base-action/src/run-claude";
import type { ClaudeRunResult } from "../../base-action/src/run-claude-sdk";
/**
* Install Claude Code CLI, handling retry logic and custom executable paths.
*/
async function installClaudeCode(): Promise<void> {
const customExecutable = process.env.PATH_TO_CLAUDE_CODE_EXECUTABLE;
if (customExecutable) {
console.log(`Using custom Claude Code executable: ${customExecutable}`);
const claudeDir = dirname(customExecutable);
// Add to PATH by appending to GITHUB_PATH
const githubPath = process.env.GITHUB_PATH;
if (githubPath) {
await appendFile(githubPath, `${claudeDir}\n`);
}
// Also add to current process PATH
process.env.PATH = `${claudeDir}:${process.env.PATH}`;
return;
}
const claudeCodeVersion = "2.1.92";
console.log(`Installing Claude Code v${claudeCodeVersion}...`);
for (let attempt = 1; attempt <= 3; attempt++) {
console.log(`Installation attempt ${attempt}...`);
try {
await new Promise<void>((resolve, reject) => {
const child = spawn(
"bash",
[
"-c",
`curl -fsSL https://claude.ai/install.sh | bash -s -- ${claudeCodeVersion}`,
],
{ stdio: "inherit" },
);
child.on("close", (code) => {
if (code === 0) resolve();
else reject(new Error(`Install failed with exit code ${code}`));
});
child.on("error", reject);
});
console.log("Claude Code installed successfully");
// Add to PATH
const homeBin = `${process.env.HOME}/.local/bin`;
const githubPath = process.env.GITHUB_PATH;
if (githubPath) {
await appendFile(githubPath, `${homeBin}\n`);
}
process.env.PATH = `${homeBin}:${process.env.PATH}`;
return;
} catch (error) {
if (attempt === 3) {
throw new Error(
`Failed to install Claude Code after 3 attempts: ${error}`,
);
}
console.log("Installation failed, retrying...");
await new Promise((resolve) => setTimeout(resolve, 5000));
}
}
}
/**
* Write the step summary from Claude's execution output file.
*/
async function writeStepSummary(executionFile: string): Promise<void> {
const summaryFile = process.env.GITHUB_STEP_SUMMARY;
if (!summaryFile) return;
try {
const fileContent = readFileSync(executionFile, "utf-8");
const data: Turn[] = JSON.parse(fileContent);
const markdown = formatTurnsFromData(data);
await appendFile(summaryFile, markdown);
console.log("Successfully formatted Claude Code report");
} catch (error) {
console.error(`Failed to format output: ${error}`);
// Fall back to raw JSON
try {
let fallback = "## Claude Code Report (Raw Output)\n\n";
fallback +=
"Failed to format output (please report). Here's the raw JSON:\n\n";
fallback += "```json\n";
fallback += readFileSync(executionFile, "utf-8");
fallback += "\n```\n";
await appendFile(summaryFile, fallback);
} catch {
console.error("Failed to write raw output to step summary");
}
}
}
async function run() {
let githubToken: string | undefined;
let commentId: number | undefined;
let claudeBranch: string | undefined;
let baseBranch: string | undefined;
let executionFile: string | undefined;
let claudeSuccess = false;
let prepareSuccess = true;
let prepareError: string | undefined;
let context: GitHubContext | undefined;
let octokit: Octokits | undefined;
// Track whether we've completed prepare phase, so we can attribute errors correctly
let prepareCompleted = false;
try {
// Phase 1: Prepare
const actionInputsPresent = collectActionInputsPresence();
context = parseGitHubContext();
const modeName = detectMode(context);
console.log(
`Auto-detected mode: ${modeName} for event: ${context.eventName}`,
);
try {
githubToken = await setupGitHubToken();
} catch (error) {
if (error instanceof WorkflowValidationSkipError) {
core.setOutput("skipped_due_to_workflow_validation_mismatch", "true");
console.log("Exiting due to workflow validation skip");
return;
}
throw error;
}
octokit = createOctokit(githubToken);
// Set GITHUB_TOKEN and GH_TOKEN in process env for downstream usage
process.env.GITHUB_TOKEN = githubToken;
process.env.GH_TOKEN = githubToken;
// Check write permissions (only for entity contexts)
if (isEntityContext(context)) {
const hasWritePermissions = await checkWritePermissions(
octokit.rest,
context,
context.inputs.allowedNonWriteUsers,
!!process.env.OVERRIDE_GITHUB_TOKEN,
);
if (!hasWritePermissions) {
throw new Error(
"Actor does not have write permissions to the repository",
);
}
}
// Check trigger conditions
const containsTrigger =
modeName === "tag"
? isEntityContext(context) && checkContainsTrigger(context)
: !!context.inputs?.prompt;
console.log(`Mode: ${modeName}`);
console.log(`Context prompt: ${context.inputs?.prompt || "NO PROMPT"}`);
console.log(`Trigger result: ${containsTrigger}`);
if (!containsTrigger) {
console.log("No trigger found, skipping remaining steps");
core.setOutput("github_token", githubToken);
return;
}
// Run prepare
console.log(
`Preparing with mode: ${modeName} for event: ${context.eventName}`,
);
const prepareResult =
modeName === "tag"
? await prepareTagMode({ context, octokit, githubToken })
: await prepareAgentMode({ context, octokit, githubToken });
commentId = prepareResult.commentId;
claudeBranch = prepareResult.branchInfo.claudeBranch;
baseBranch = prepareResult.branchInfo.baseBranch;
prepareCompleted = true;
// Phase 2: Install Claude Code CLI
await installClaudeCode();
// Phase 3: Run Claude (import base-action directly)
// Set env vars needed by the base-action code
process.env.INPUT_ACTION_INPUTS_PRESENT = actionInputsPresent;
process.env.CLAUDE_CODE_ACTION = "1";
process.env.DETAILED_PERMISSION_MESSAGES = "1";
validateEnvironmentVariables();
// On PRs, .claude/ and .mcp.json in the checkout are attacker-controlled.
// Restore them from the base branch before the CLI reads them.
//
// We read pull_request.base.ref from the payload directly because agent
// mode's branchInfo.baseBranch defaults to the repo's default branch rather
// than the PR's actual target (agent/index.ts). For issue_comment on a PR the payload
// lacks base.ref, so we fall back to the mode-provided value — tag mode
// fetches it from GraphQL; agent mode on issue_comment is an edge case
// that at worst restores from the wrong trusted branch (still secure).
if (isEntityContext(context) && context.isPR) {
let restoreBase = baseBranch;
if (
isPullRequestEvent(context) ||
isPullRequestReviewEvent(context) ||
isPullRequestReviewCommentEvent(context)
) {
restoreBase = context.payload.pull_request.base.ref;
validateBranchName(restoreBase);
}
if (restoreBase) {
restoreConfigFromBase(restoreBase);
}
}
await setupClaudeCodeSettings(process.env.INPUT_SETTINGS);
await installPlugins(
process.env.INPUT_PLUGIN_MARKETPLACES,
process.env.INPUT_PLUGINS,
process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE,
);
const promptFile =
process.env.INPUT_PROMPT_FILE ||
`${process.env.RUNNER_TEMP}/claude-prompts/claude-prompt.txt`;
const promptConfig = await preparePrompt({
prompt: "",
promptFile,
});
const claudeResult: ClaudeRunResult = await runClaude(promptConfig.path, {
claudeArgs: prepareResult.claudeArgs,
appendSystemPrompt: process.env.APPEND_SYSTEM_PROMPT,
maxTurns: process.env.INPUT_MAX_TURNS,
model: process.env.ANTHROPIC_MODEL,
pathToClaudeCodeExecutable:
process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE,
showFullOutput: process.env.INPUT_SHOW_FULL_OUTPUT,
});
claudeSuccess = claudeResult.conclusion === "success";
executionFile = claudeResult.executionFile;
// Set action-level outputs
if (claudeResult.executionFile) {
core.setOutput("execution_file", claudeResult.executionFile);
}
if (claudeResult.sessionId) {
core.setOutput("session_id", claudeResult.sessionId);
}
if (claudeResult.structuredOutput) {
core.setOutput("structured_output", claudeResult.structuredOutput);
}
core.setOutput("conclusion", claudeResult.conclusion);
} catch (error) {
const errorMessage = error instanceof Error ? error.message : String(error);
// Only mark as prepare failure if we haven't completed the prepare phase
if (!prepareCompleted) {
prepareSuccess = false;
prepareError = errorMessage;
}
core.setFailed(`Action failed with error: ${errorMessage}`);
} finally {
// Phase 4: Cleanup (always runs)
// Update tracking comment
if (
commentId &&
context &&
isEntityContext(context) &&
githubToken &&
octokit
) {
try {
await updateCommentLink({
commentId,
githubToken,
claudeBranch,
baseBranch: baseBranch || context.repository.default_branch || "main",
triggerUsername: context.actor,
context,
octokit,
claudeSuccess,
outputFile: executionFile,
prepareSuccess,
prepareError,
useCommitSigning: context.inputs.useCommitSigning,
});
} catch (error) {
console.error("Error updating comment with job link:", error);
}
}
// Write step summary (unless display_report is set to false)
if (
executionFile &&
existsSync(executionFile) &&
process.env.DISPLAY_REPORT !== "false"
) {
await writeStepSummary(executionFile);
}
// Set remaining action-level outputs
core.setOutput("branch_name", claudeBranch);
core.setOutput("github_token", githubToken);
}
}
if (import.meta.main) {
run();
}