security fixes
All checks were successful
Enterprise AI Code Review / ai-review (pull_request) Successful in 26s
All checks were successful
Enterprise AI Code Review / ai-review (pull_request) Successful in 26s
This commit is contained in:
@@ -30,56 +30,52 @@ jobs:
|
||||
- name: Run AI Comment Response
|
||||
env:
|
||||
AI_REVIEW_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }}
|
||||
AI_REVIEW_REPO: ${{ gitea.repository }}
|
||||
AI_REVIEW_API_URL: https://git.hiddenden.cafe/api/v1
|
||||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
||||
OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
|
||||
OLLAMA_HOST: ${{ secrets.OLLAMA_HOST }}
|
||||
EVENT_ISSUE_JSON: ${{ toJSON(gitea.event.issue) }}
|
||||
EVENT_COMMENT_JSON: ${{ toJSON(gitea.event.comment) }}
|
||||
IS_PR: ${{ gitea.event.issue.pull_request != null }}
|
||||
ISSUE_NUMBER: ${{ gitea.event.issue.number }}
|
||||
COMMENT_BODY: ${{ gitea.event.comment.body }}
|
||||
run: |
|
||||
cd .ai-review/tools/ai-review
|
||||
|
||||
# Check if this is a PR or an issue
|
||||
if [ "$IS_PR" = "true" ]; then
|
||||
# This is a PR comment - dispatch as issue_comment event
|
||||
# Create JSON payload using environment variables
|
||||
python -c "
|
||||
import os
|
||||
import json
|
||||
import sys
|
||||
# Determine if this is a PR or issue comment
|
||||
IS_PR="${{ gitea.event.issue.pull_request != null }}"
|
||||
REPO="${{ gitea.repository }}"
|
||||
ISSUE_NUMBER="${{ gitea.event.issue.number }}"
|
||||
|
||||
issue = json.loads(os.environ['EVENT_ISSUE_JSON'])
|
||||
comment = json.loads(os.environ['EVENT_COMMENT_JSON'])
|
||||
event_data = {
|
||||
'action': 'created',
|
||||
'issue': issue,
|
||||
'comment': comment
|
||||
}
|
||||
|
||||
# Import and run dispatcher
|
||||
sys.path.insert(0, '.')
|
||||
from dispatcher import get_dispatcher
|
||||
from agents.pr_agent import PRAgent
|
||||
from agents.issue_agent import IssueAgent
|
||||
|
||||
dispatcher = get_dispatcher()
|
||||
dispatcher.register_agent(PRAgent())
|
||||
dispatcher.register_agent(IssueAgent())
|
||||
|
||||
repo = os.environ['AI_REVIEW_REPO']
|
||||
owner, repo_name = repo.split('/')
|
||||
|
||||
result = dispatcher.dispatch('issue_comment', event_data, owner, repo_name)
|
||||
|
||||
if result.errors:
|
||||
print(f'Errors: {result.errors}')
|
||||
sys.exit(1)
|
||||
"
|
||||
else
|
||||
# This is an issue comment - use the comment command
|
||||
python main.py comment "$AI_REVIEW_REPO" "$ISSUE_NUMBER" "$COMMENT_BODY"
|
||||
# Validate inputs
|
||||
if [ -z "$REPO" ] || [ -z "$ISSUE_NUMBER" ]; then
|
||||
echo "Error: Missing required parameters"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Validate repository format (owner/repo)
|
||||
if ! echo "$REPO" | grep -qE '^[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]+$'; then
|
||||
echo "Error: Invalid repository format: $REPO"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$IS_PR" = "true" ]; then
|
||||
# This is a PR comment - use safe dispatch with minimal event data
|
||||
# Build minimal event payload (does not include sensitive user data)
|
||||
EVENT_DATA=$(cat <<EOF
|
||||
{
|
||||
"action": "created",
|
||||
"issue": {
|
||||
"number": ${{ gitea.event.issue.number }},
|
||||
"pull_request": {}
|
||||
},
|
||||
"comment": {
|
||||
"id": ${{ gitea.event.comment.id }},
|
||||
"body": $(echo '${{ gitea.event.comment.body }}' | jq -Rs .)
|
||||
}
|
||||
}
|
||||
EOF
|
||||
)
|
||||
|
||||
# Use safe dispatch utility
|
||||
python utils/safe_dispatch.py issue_comment "$REPO" "$EVENT_DATA"
|
||||
else
|
||||
# This is an issue comment - use the comment command
|
||||
COMMENT_BODY='${{ gitea.event.comment.body }}'
|
||||
python main.py comment "$REPO" "$ISSUE_NUMBER" "$COMMENT_BODY"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user