diff --git a/.changeset/patch-detection-failure-reporting.md b/.changeset/patch-detection-failure-reporting.md new file mode 100644 index 00000000000..9b841d9c161 --- /dev/null +++ b/.changeset/patch-detection-failure-reporting.md @@ -0,0 +1,7 @@ +--- +"gh-aw": patch +--- + +Detect and report detection job failures in the conclusion job. Adds support for a +`safe-outputs.messages.detection-failure` message, updates `notify_comment` and +message rendering, and includes tests covering detection failure scenarios. diff --git a/.github/workflows/ai-triage-campaign.lock.yml b/.github/workflows/ai-triage-campaign.lock.yml index 69206c46d8a..4db0f6f3395 100644 --- a/.github/workflows/ai-triage-campaign.lock.yml +++ b/.github/workflows/ai-triage-campaign.lock.yml @@ -74,6 +74,7 @@ # agent --> update_project # assign_to_agent --> conclusion # detection --> assign_to_agent +# detection --> conclusion # detection --> update_project # update_project --> conclusion # ``` @@ -5477,6 +5478,7 @@ jobs: - activation - agent - assign_to_agent + - detection - update_project if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -5725,6 +5727,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "AI Triage Campaign" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5777,17 +5780,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5826,17 +5819,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5871,7 +5876,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index d1d5bc60338..b8ba5e78346 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -70,6 +70,7 @@ # agent --> conclusion # agent --> detection # detection --> add_comment +# detection --> conclusion # pre_activation --> activation # ``` # @@ -791,17 +792,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -840,6 +831,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1268,17 +1267,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6583,6 +6572,7 @@ jobs: - activation - add_comment - agent + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6830,6 +6820,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Archie" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 📊 *Diagram rendered by [{workflow_name}]({run_url})*\",\"runStarted\":\"📐 Archie here! [{workflow_name}]({run_url}) is sketching the architecture on this {event_type}...\",\"runSuccess\":\"🎨 Blueprint complete! [{workflow_name}]({run_url}) has visualized the connections. The architecture speaks for itself! ✅\",\"runFailure\":\"📐 Drafting interrupted! [{workflow_name}]({run_url}) {status}. The diagram remains incomplete...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6883,17 +6874,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6932,17 +6913,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6977,7 +6970,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index c965205b4e5..aa82823582e 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -72,6 +72,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5076,6 +5077,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5335,6 +5337,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Artifacts Summary" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ steps.app-token.outputs.token }} script: | @@ -5387,17 +5390,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5436,17 +5429,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5481,7 +5486,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5672,17 +5682,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 9c0625bc85a..0bbe2354e70 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -79,6 +79,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -5849,6 +5850,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -6100,6 +6102,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Agentic Workflow Audit Agent" GH_AW_TRACKER_ID: "audit-workflows-daily" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6152,17 +6155,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6201,17 +6194,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6246,7 +6251,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6415,17 +6425,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index fd139e96687..b309403ec17 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -82,6 +82,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -4966,6 +4967,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5216,6 +5218,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Blog Auditor" GH_AW_TRACKER_ID: "blog-auditor-weekly" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5268,17 +5271,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5317,17 +5310,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5362,7 +5367,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5532,17 +5542,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 797fe3efa93..d9e1ce4f809 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -66,6 +66,7 @@ # agent --> conclusion # agent --> detection # detection --> add_comment +# detection --> conclusion # pre_activation --> activation # ``` # @@ -688,17 +689,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -737,6 +728,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1165,17 +1164,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6375,6 +6364,7 @@ jobs: - activation - add_comment - agent + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6622,6 +6612,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Brave Web Search Agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🦁 *Search results brought to you by [{workflow_name}]({run_url})*\",\"runStarted\":\"🔍 Brave Search activated! [{workflow_name}]({run_url}) is venturing into the web on this {event_type}...\",\"runSuccess\":\"🦁 Mission accomplished! [{workflow_name}]({run_url}) has returned with the findings. Knowledge acquired! 🏆\",\"runFailure\":\"🔍 Search interrupted! [{workflow_name}]({run_url}) {status}. The web remains unexplored...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6675,17 +6666,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6724,17 +6705,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6769,7 +6762,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 6dad089dca3..df5fdc059c6 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -72,6 +72,7 @@ # agent --> create_issue # agent --> detection # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # pre_activation --> activation # ``` @@ -5156,6 +5157,7 @@ jobs: - activation - agent - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5406,6 +5408,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Breaking Change Checker" GH_AW_TRACKER_ID: "breaking-change-checker" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ⚠️ *Compatibility report by [{workflow_name}]({run_url})*\",\"runStarted\":\"🔬 Breaking Change Checker online! [{workflow_name}]({run_url}) is analyzing API compatibility on this {event_type}...\",\"runSuccess\":\"✅ Analysis complete! [{workflow_name}]({run_url}) has reviewed all changes. Compatibility verdict delivered! 📋\",\"runFailure\":\"🔬 Analysis interrupted! [{workflow_name}]({run_url}) {status}. Compatibility status unknown...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -5459,17 +5462,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5508,17 +5501,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5553,7 +5558,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index c9bec482cff..7831e17993a 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -84,6 +84,7 @@ # agent --> detection # agent --> push_to_pull_request_branch # agent --> update_pull_request +# detection --> conclusion # detection --> push_to_pull_request_branch # detection --> update_pull_request # pre_activation --> activation @@ -832,17 +833,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -881,6 +872,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -5560,6 +5559,7 @@ jobs: needs: - activation - agent + - detection - push_to_pull_request_branch - update_pull_request if: (always()) && (needs.agent.result != 'skipped') @@ -5821,6 +5821,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Changeset Generator" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ steps.app-token.outputs.token }} script: | @@ -5873,17 +5874,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5922,17 +5913,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5967,7 +5970,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 625567166ef..ea44ece4521 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -89,6 +89,7 @@ # create_issue --> add_comment # create_issue --> conclusion # detection --> add_comment +# detection --> conclusion # detection --> create_issue # pre_activation --> activation # ``` @@ -494,17 +495,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5853,6 +5844,7 @@ jobs: - add_comment - agent - create_issue + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6104,6 +6096,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "CI Failure Doctor" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🩺 *Diagnosis provided by [{workflow_name}]({run_url})*\",\"runStarted\":\"🏥 CI Doctor reporting for duty! [{workflow_name}]({run_url}) is examining the patient on this {event_type}...\",\"runSuccess\":\"🩺 Examination complete! [{workflow_name}]({run_url}) has delivered the diagnosis. Prescription issued! 💊\",\"runFailure\":\"🏥 Medical emergency! [{workflow_name}]({run_url}) {status}. Doctor needs assistance...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6157,17 +6150,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6206,17 +6189,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6251,7 +6246,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index fed66553682..48520d15e26 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -62,6 +62,7 @@ # agent --> create_issue # agent --> detection # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # ``` # @@ -5155,6 +5156,7 @@ jobs: - activation - agent - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5402,6 +5404,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "CLI Consistency Checker" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5454,17 +5457,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5503,17 +5496,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5548,7 +5553,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 6f0944f936f..6b83ab63600 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -68,6 +68,7 @@ # agent --> create_issue # agent --> detection # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # ``` # @@ -4916,6 +4917,7 @@ jobs: - activation - agent - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5163,6 +5165,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "CLI Version Checker" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5215,17 +5218,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5264,17 +5257,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5309,7 +5314,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index f9d360cd698..42c0b2c40d3 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -87,6 +87,7 @@ # create_pull_request --> add_comment # create_pull_request --> conclusion # detection --> add_comment +# detection --> conclusion # detection --> create_pull_request # pre_activation --> activation # ``` @@ -890,17 +891,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -939,6 +930,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1370,17 +1369,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6387,6 +6376,7 @@ jobs: - add_comment - agent - create_pull_request + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6634,6 +6624,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "/cloclo" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🎤 *Magnifique! Performance by [{workflow_name}]({run_url})*\",\"runStarted\":\"🎵 Comme d'habitude! [{workflow_name}]({run_url}) takes the stage on this {event_type}...\",\"runSuccess\":\"🎤 Bravo! [{workflow_name}]({run_url}) has delivered a stunning performance! Standing ovation! 🌟\",\"runFailure\":\"🎵 Intermission... [{workflow_name}]({run_url}) {status}. The show must go on... eventually!\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6687,17 +6678,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6736,17 +6717,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6781,7 +6774,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/close-old-discussions.lock.yml b/.github/workflows/close-old-discussions.lock.yml index 99ce9e2c744..006ef0202b5 100644 --- a/.github/workflows/close-old-discussions.lock.yml +++ b/.github/workflows/close-old-discussions.lock.yml @@ -183,6 +183,7 @@ # agent --> detection # close_discussion --> conclusion # detection --> close_discussion +# detection --> conclusion # ``` # # Original Prompt: @@ -5196,6 +5197,7 @@ jobs: - activation - agent - close_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5443,6 +5445,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Close Outdated Discussions" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5495,17 +5498,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5544,17 +5537,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5589,7 +5594,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index 86326b01851..6c6c179a5d8 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -71,6 +71,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -4847,6 +4848,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5094,6 +5096,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Commit Changes Analyzer" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5146,17 +5149,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5195,17 +5188,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5240,7 +5245,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5407,17 +5417,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index 8b9f0e1100a..1a7ad4ddba2 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -95,6 +95,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5529,6 +5530,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5776,6 +5778,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Copilot Agent PR Analysis" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5828,17 +5831,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5877,17 +5870,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5922,7 +5927,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6091,17 +6101,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 24ccdbc788c..0623aeee8b5 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -90,6 +90,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -6421,6 +6422,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -6668,6 +6670,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Daily Copilot PR Merged Report" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6720,17 +6723,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6769,17 +6762,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6814,7 +6819,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6983,17 +6993,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 9cb6117ad62..c530f69679b 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -130,6 +130,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -6634,6 +6635,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -6882,6 +6884,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Copilot PR Conversation NLP Analysis" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6934,17 +6937,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6983,17 +6976,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7028,7 +7033,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -7197,17 +7207,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 05a446080d8..e63615b5293 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -87,6 +87,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5716,6 +5717,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5963,6 +5965,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Copilot PR Prompt Pattern Analysis" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6015,17 +6018,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6064,17 +6057,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6109,7 +6114,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6278,17 +6288,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 9c14c79cc82..6e2b298dcea 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -99,6 +99,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -6938,6 +6939,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -7186,6 +7188,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Copilot Session Insights" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -7238,17 +7241,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7287,17 +7280,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7332,7 +7337,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -7501,17 +7511,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index a28c5866b8d..0d377ac75d3 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -74,6 +74,7 @@ # agent --> detection # agent --> push_to_pull_request_branch # detection --> add_comment +# detection --> conclusion # detection --> push_to_pull_request_branch # pre_activation --> activation # push_to_pull_request_branch --> conclusion @@ -846,17 +847,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -895,6 +886,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1323,17 +1322,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6728,6 +6717,7 @@ jobs: - activation - add_comment - agent + - detection - push_to_pull_request_branch if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim @@ -6976,6 +6966,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Workflow Craft Agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ⚒️ *Crafted with care by [{workflow_name}]({run_url})*\",\"runStarted\":\"🛠️ Master Crafter at work! [{workflow_name}]({run_url}) is forging a new workflow on this {event_type}...\",\"runSuccess\":\"⚒️ Masterpiece complete! [{workflow_name}]({run_url}) has crafted your workflow. May it serve you well! 🎖️\",\"runFailure\":\"🛠️ Forge cooling down! [{workflow_name}]({run_url}) {status}. The anvil awaits another attempt...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -7029,17 +7020,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7078,17 +7059,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7123,7 +7116,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index dd9be65b082..f3569027331 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -60,6 +60,7 @@ # assign_to_user --> conclusion # detection --> add_comment # detection --> assign_to_user +# detection --> conclusion # ``` # # Original Prompt: @@ -304,17 +305,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5990,6 +5981,7 @@ jobs: - add_comment - agent - assign_to_user + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6237,6 +6229,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Auto-Assign Issue" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6289,17 +6282,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6338,17 +6321,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6383,7 +6378,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index 0f7d282f05b..4c0ad7ae19d 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -69,6 +69,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5979,6 +5980,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -6229,6 +6231,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily Code Metrics and Trend Tracking Agent" GH_AW_TRACKER_ID: "daily-code-metrics" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6281,17 +6284,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6330,17 +6323,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6375,7 +6380,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6544,17 +6554,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index fb93f914f45..8ef14bc749a 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -89,6 +89,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -6802,6 +6803,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -7053,6 +7055,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily Copilot Token Consumption Report" GH_AW_TRACKER_ID: "daily-copilot-token-report" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -7105,17 +7108,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7154,17 +7147,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7199,7 +7204,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -7368,17 +7378,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index f772e9ff188..b023ff1550a 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -81,6 +81,7 @@ # agent --> create_pull_request # agent --> detection # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_pull_request # ``` # @@ -4648,6 +4649,7 @@ jobs: - activation - agent - create_pull_request + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -4898,6 +4900,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily Documentation Updater" GH_AW_TRACKER_ID: "daily-doc-updater" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -4950,17 +4953,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -4999,17 +4992,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5044,7 +5049,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 4b0b44320e6..4940b1de34f 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -75,6 +75,7 @@ # agent --> conclusion # agent --> detection # detection --> add_comment +# detection --> conclusion # ``` # # Original Prompt: @@ -368,17 +369,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -4966,6 +4957,7 @@ jobs: - activation - add_comment - agent + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -5216,6 +5208,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily Fact About gh-aw" GH_AW_TRACKER_ID: "daily-fact-thread" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🪶 *Penned with care by [{workflow_name}]({run_url})*\",\"runStarted\":\"📜 Hark! The muse awakens — [{workflow_name}]({run_url}) begins its verse upon this {event_type}...\",\"runSuccess\":\"✨ Lo! [{workflow_name}]({run_url}) hath woven its tale to completion, like a sonnet finding its final rhyme. 🌟\",\"runFailure\":\"🌧️ Alas! [{workflow_name}]({run_url}) {status}, its quill fallen mid-verse. The poem remains unfinished...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -5269,17 +5262,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5318,17 +5301,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5363,7 +5358,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index b39872c5e69..df17cc94b93 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -85,6 +85,7 @@ # agent --> create_issue # agent --> detection # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # pre_activation --> activation # ``` @@ -4907,6 +4908,7 @@ jobs: - activation - agent - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5169,6 +5171,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily File Diet" GH_AW_TRACKER_ID: "daily-file-diet" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ steps.app-token.outputs.token }} script: | @@ -5221,17 +5224,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5270,17 +5263,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5315,7 +5320,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index ff055a25742..d99d8785a0a 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -86,6 +86,7 @@ # agent --> push_repo_memory # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> push_repo_memory # detection --> upload_assets @@ -6223,6 +6224,7 @@ jobs: - activation - agent - create_discussion + - detection - push_repo_memory - upload_assets if: (always()) && (needs.agent.result != 'skipped') @@ -6475,6 +6477,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily Firewall Logs Collector and Reporter" GH_AW_TRACKER_ID: "daily-firewall-report" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6527,17 +6530,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6576,17 +6569,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6621,7 +6626,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6790,17 +6800,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 016036b6f28..51f9376f749 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -85,6 +85,7 @@ # close_discussion --> conclusion # create_discussion --> conclusion # detection --> close_discussion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -6802,6 +6803,7 @@ jobs: - agent - close_discussion - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -7053,6 +7055,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily Issues Report Generator" GH_AW_TRACKER_ID: "daily-issues-report" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -7105,17 +7108,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7154,17 +7147,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7199,7 +7204,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -7369,17 +7379,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index a8581a6cbae..09b2f6e5394 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -5693,17 +5693,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5742,17 +5732,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5787,7 +5789,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 23d4fc60453..26012c1cdb9 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -85,6 +85,7 @@ # agent --> detection # agent --> upload_assets # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # detection --> upload_assets # upload_assets --> conclusion @@ -4554,6 +4555,7 @@ jobs: - activation - agent - create_issue + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -4805,6 +4807,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Multi-Device Docs Tester" GH_AW_TRACKER_ID: "daily-multi-device-docs-tester" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -4857,17 +4860,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -4906,17 +4899,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -4951,7 +4956,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index b6e90bb28b3..333acc34ea4 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -270,6 +270,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -6691,6 +6692,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -6942,6 +6944,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily News" GH_AW_TRACKER_ID: "daily-news-weekday" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6994,17 +6997,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7043,17 +7036,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7088,7 +7093,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -7257,17 +7267,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 1764759b5a5..0c0532a6be2 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -81,6 +81,7 @@ # close_discussion --> conclusion # create_discussion --> conclusion # detection --> close_discussion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -7696,6 +7697,7 @@ jobs: - agent - close_discussion - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -7947,6 +7949,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily Project Performance Summary Generator (Using Safe Inputs)" GH_AW_TRACKER_ID: "daily-performance-summary" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -7999,17 +8002,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -8048,17 +8041,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -8093,7 +8098,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -8263,17 +8273,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index e658845f358..915eb7f63d5 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -83,6 +83,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -6235,6 +6236,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -6486,6 +6488,7 @@ jobs: GH_AW_WORKFLOW_NAME: "The Daily Repository Chronicle" GH_AW_TRACKER_ID: "daily-repo-chronicle" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6538,17 +6541,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6587,17 +6580,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6632,7 +6637,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6801,17 +6811,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 51fc753bf31..4f474a8b0e3 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -80,6 +80,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # pre_activation --> activation # ``` @@ -4983,6 +4984,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5237,6 +5239,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily Team Status" GH_AW_TRACKER_ID: "daily-team-status" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5289,17 +5292,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5338,17 +5331,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5383,7 +5388,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5555,17 +5565,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index eb64b670abe..66e339424b4 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -80,6 +80,7 @@ # agent --> create_pull_request # agent --> detection # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_pull_request # ``` # @@ -5154,6 +5155,7 @@ jobs: - activation - agent - create_pull_request + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5404,6 +5406,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Daily Workflow Updater" GH_AW_TRACKER_ID: "daily-workflow-updater" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5456,17 +5459,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5505,17 +5498,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5550,7 +5555,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 53cb9415d60..4ac8e187a85 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -101,6 +101,7 @@ # agent --> push_repo_memory # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> push_repo_memory # detection --> upload_assets @@ -5451,6 +5452,7 @@ jobs: - activation - agent - create_discussion + - detection - push_repo_memory - upload_assets if: (always()) && (needs.agent.result != 'skipped') @@ -5703,6 +5705,7 @@ jobs: GH_AW_WORKFLOW_NAME: "DeepReport - Intelligence Gathering Agent" GH_AW_TRACKER_ID: "deep-report-intel-agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5755,17 +5758,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5804,17 +5797,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5849,7 +5854,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6018,17 +6028,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 774f8811e40..1aa8e348cd9 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -76,6 +76,7 @@ # close_issue --> conclusion # create_issue --> conclusion # detection --> close_issue +# detection --> conclusion # detection --> create_issue # ``` # @@ -5770,6 +5771,7 @@ jobs: - agent - close_issue - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -6017,6 +6019,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Dependabot Dependency Checker" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6069,17 +6072,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6118,17 +6111,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6163,7 +6168,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 4791ba22f44..926ec7c0caa 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -71,6 +71,7 @@ # agent --> conclusion # agent --> detection # detection --> add_comment +# detection --> conclusion # pre_activation --> activation # ``` # @@ -419,17 +420,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5619,6 +5610,7 @@ jobs: - activation - add_comment - agent + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -5866,6 +5858,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Dev Hawk" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🦅 *Observed from above by [{workflow_name}]({run_url})*\",\"runStarted\":\"🦅 Dev Hawk circles the sky! [{workflow_name}]({run_url}) is monitoring this {event_type} from above...\",\"runSuccess\":\"🦅 Hawk eyes report! [{workflow_name}]({run_url}) has completed reconnaissance. Intel delivered! 🎯\",\"runFailure\":\"🦅 Hawk down! [{workflow_name}]({run_url}) {status}. The skies grow quiet...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -5919,17 +5912,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5968,17 +5951,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6013,7 +6008,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 8a500830aa1..1e2c6849aeb 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -97,6 +97,7 @@ # agent --> detection # create_discussion --> conclusion # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> create_pull_request # ``` @@ -5735,6 +5736,7 @@ jobs: - agent - create_discussion - create_pull_request + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5982,6 +5984,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Developer Documentation Consolidator" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6034,17 +6037,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6083,17 +6076,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6128,7 +6133,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6296,17 +6306,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index d67c7f1c14d..28f309b57b2 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -76,6 +76,7 @@ # agent --> create_pull_request # agent --> detection # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_pull_request # ``` # @@ -5102,6 +5103,7 @@ jobs: - activation - agent - create_pull_request + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5349,6 +5351,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Dictation Prompt Generator" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5401,17 +5404,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5450,17 +5443,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5495,7 +5500,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 252001d928d..2f1d6e350d0 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -70,6 +70,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -5173,6 +5174,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -5421,6 +5423,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Documentation Noob Tester" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5473,17 +5476,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5522,17 +5515,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5567,7 +5572,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5735,17 +5745,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 425b30ee1cf..2c49ddbdaec 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -59,6 +59,7 @@ # agent --> create_issue # agent --> detection # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # ``` # @@ -4738,6 +4739,7 @@ jobs: - activation - agent - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -4985,6 +4987,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Duplicate Code Detector" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5037,17 +5040,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5086,17 +5079,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5131,7 +5136,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index dcae3065970..98b892dc77f 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -65,6 +65,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -4423,6 +4424,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -4670,6 +4672,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Weekly Workflow Analysis" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -4722,17 +4725,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -4771,17 +4764,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -4816,7 +4821,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -4985,17 +4995,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index db379f028bc..4cb4a6899a3 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -77,6 +77,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -5661,6 +5662,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -5909,6 +5911,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "GitHub MCP Structural Analysis" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5961,17 +5964,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6010,17 +6003,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6055,7 +6060,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6224,17 +6234,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index ceb7dd0b60e..8feae9b80a5 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -79,6 +79,7 @@ # agent --> detection # create_discussion --> conclusion # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> create_pull_request # ``` @@ -5442,6 +5443,7 @@ jobs: - agent - create_discussion - create_pull_request + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5689,6 +5691,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "GitHub MCP Remote Server Tools Report Generator" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5741,17 +5744,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5790,17 +5783,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5835,7 +5840,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6003,17 +6013,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index 85c254b7c47..656f8186653 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -90,6 +90,7 @@ # agent --> create_pull_request # agent --> detection # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_pull_request # ``` # @@ -6129,6 +6130,7 @@ jobs: - activation - agent - create_pull_request + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -6376,6 +6378,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Glossary Maintainer" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6428,17 +6431,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6477,17 +6470,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6522,7 +6527,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index d736a3ea4da..a6548a4eb54 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -92,6 +92,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5036,6 +5037,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5286,6 +5288,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Go Fan" GH_AW_TRACKER_ID: "go-fan-daily" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5338,17 +5341,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5387,17 +5380,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5432,7 +5437,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5602,17 +5612,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index c14c7834bb9..0c3529a7bc4 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -92,6 +92,7 @@ # agent --> create_pull_request # agent --> detection # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_pull_request # ``` # @@ -4877,6 +4878,7 @@ jobs: - activation - agent - create_pull_request + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5124,6 +5126,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Go Logger Enhancement" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5176,17 +5179,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5225,17 +5218,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5270,7 +5275,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index 42ffed6e1d2..6c1319502d5 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -104,6 +104,7 @@ # agent --> detection # ast_grep --> agent # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # ``` # @@ -4587,6 +4588,7 @@ jobs: - activation - agent - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -4834,6 +4836,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Go Pattern Detector" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -4886,17 +4889,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -4935,17 +4928,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -4980,7 +4985,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index ea8799fe823..657ca2060a4 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -68,6 +68,7 @@ # agent --> detection # create_pr_review_comment --> conclusion # detection --> add_comment +# detection --> conclusion # detection --> create_pr_review_comment # pre_activation --> activation # ``` @@ -721,17 +722,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -770,6 +761,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1198,17 +1197,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6526,6 +6515,7 @@ jobs: - add_comment - agent - create_pr_review_comment + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6773,6 +6763,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Grumpy Code Reviewer 🔥" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 😤 *Reluctantly reviewed by [{workflow_name}]({run_url})*\",\"runStarted\":\"😤 *sigh* [{workflow_name}]({run_url}) is begrudgingly looking at this {event_type}... This better be worth my time.\",\"runSuccess\":\"😤 Fine. [{workflow_name}]({run_url}) finished the review. It wasn't completely terrible. I guess. 🙄\",\"runFailure\":\"😤 Great. [{workflow_name}]({run_url}) {status}. As if my day couldn't get any worse...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6826,17 +6817,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6875,17 +6856,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6920,7 +6913,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index 179b334a8ca..9a568cdd598 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -79,6 +79,7 @@ # agent --> create_pull_request # agent --> detection # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_pull_request # ``` # @@ -4642,6 +4643,7 @@ jobs: - activation - agent - create_pull_request + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -4889,6 +4891,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Instructions Janitor" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -4941,17 +4944,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -4990,17 +4983,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5035,7 +5040,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index c67d2c88a7f..e39e71af114 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -106,6 +106,7 @@ # agent --> detection # agent --> link_sub_issue # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> link_sub_issue # link_sub_issue --> conclusion @@ -4753,6 +4754,7 @@ jobs: - activation - agent - create_discussion + - detection - link_sub_issue if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -5001,6 +5003,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Issue Arborist" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5053,17 +5056,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5102,17 +5095,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5147,7 +5152,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5316,17 +5326,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/issue-classifier.lock.yml b/.github/workflows/issue-classifier.lock.yml index 3245ce124c6..da6fddb6849 100644 --- a/.github/workflows/issue-classifier.lock.yml +++ b/.github/workflows/issue-classifier.lock.yml @@ -62,6 +62,7 @@ # agent --> conclusion # agent --> detection # detection --> add_labels +# detection --> conclusion # pre_activation --> activation # ``` # @@ -614,17 +615,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -663,6 +654,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -4285,6 +4284,7 @@ jobs: - activation - add_labels - agent + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -4532,6 +4532,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Issue Classifier" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -4584,17 +4585,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -4633,17 +4624,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -4678,7 +4681,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 87507043389..f6c3d8244db 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -148,6 +148,7 @@ # assign_to_agent --> conclusion # detection --> add_comment # detection --> assign_to_agent +# detection --> conclusion # pre_activation --> activation # pre_activation --> search_issues # search_issues --> activation @@ -543,17 +544,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6368,6 +6359,7 @@ jobs: - add_comment - agent - assign_to_agent + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6615,6 +6607,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Issue Monster" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🍪 *Om nom nom by [{workflow_name}]({run_url})*\",\"runStarted\":\"🍪 ISSUE! ISSUE! [{workflow_name}]({run_url}) hungry for issues on this {event_type}! Om nom nom...\",\"runSuccess\":\"🍪 YUMMY! [{workflow_name}]({run_url}) ate the issues! That was DELICIOUS! Me want MORE! 😋\",\"runFailure\":\"🍪 Aww... [{workflow_name}]({run_url}) {status}. No cookie for monster today... 😢\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6668,17 +6661,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6717,17 +6700,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6762,7 +6757,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index eb0521ddd88..8ddf47a705f 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -51,6 +51,7 @@ # agent --> conclusion # agent --> detection # detection --> add_labels +# detection --> conclusion # ``` # # Original Prompt: @@ -5262,6 +5263,7 @@ jobs: - activation - add_labels - agent + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5509,6 +5511,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Issue Triage Agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5561,17 +5564,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5610,17 +5603,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5655,7 +5660,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index 62e9f290c47..a02673cba1c 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -64,6 +64,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5082,6 +5083,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5329,6 +5331,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Lockfile Statistics Analysis Agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5381,17 +5384,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5430,17 +5423,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5475,7 +5480,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5643,17 +5653,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index ac4836d31b6..36db9c9d0b7 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -111,6 +111,7 @@ # agent --> notion_add_comment # agent --> post_to_slack_channel # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> notion_add_comment # detection --> post_to_slack_channel @@ -5762,6 +5763,7 @@ jobs: - activation - agent - create_discussion + - detection - notion_add_comment - post_to_slack_channel if: (always()) && (needs.agent.result != 'skipped') @@ -6011,6 +6013,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "MCP Inspector Agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6063,17 +6066,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6112,17 +6105,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6157,7 +6162,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6325,17 +6335,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 4cd87232e2c..2b41223fdb7 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -91,6 +91,7 @@ # agent --> conclusion # agent --> detection # agent --> push_to_pull_request_branch +# detection --> conclusion # detection --> push_to_pull_request_branch # pre_activation --> activation # push_to_pull_request_branch --> conclusion @@ -543,17 +544,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -592,6 +583,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -5867,6 +5866,7 @@ jobs: needs: - activation - agent + - detection - push_to_pull_request_branch if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -6115,6 +6115,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Mergefest" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6167,17 +6168,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6216,17 +6207,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6261,7 +6264,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index 92faa7301b9..01abe7fc6d4 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -59,6 +59,7 @@ # agent --> conclusion # agent --> detection # agent --> notion_add_comment +# detection --> conclusion # detection --> notion_add_comment # notion_add_comment --> conclusion # ``` @@ -4764,6 +4765,7 @@ jobs: needs: - activation - agent + - detection - notion_add_comment if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -5012,6 +5014,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Issue Summary to Notion" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5064,17 +5067,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5113,17 +5106,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5158,7 +5163,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index ad7ef1ef3f2..34564994833 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -84,6 +84,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -6630,6 +6631,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -6878,6 +6880,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Organization Health Report" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6930,17 +6933,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6979,17 +6972,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7024,7 +7029,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -7192,17 +7202,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index 8e8f1a86317..b71137e2d1e 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -88,6 +88,7 @@ # agent --> conclusion # agent --> detection # detection --> add_comment +# detection --> conclusion # pre_activation --> activation # ``` # @@ -773,17 +774,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -822,6 +813,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1250,17 +1249,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6544,6 +6533,7 @@ jobs: - activation - add_comment - agent + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6791,6 +6781,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Resource Summarizer Agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 📄 *Summary compiled by [{workflow_name}]({run_url})*\",\"runStarted\":\"📖 Page by page! [{workflow_name}]({run_url}) is reading through this {event_type}...\",\"runSuccess\":\"📚 TL;DR ready! [{workflow_name}]({run_url}) has distilled the essence. Knowledge condensed! ✨\",\"runFailure\":\"📖 Reading interrupted! [{workflow_name}]({run_url}) {status}. The document remains unsummarized...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6844,17 +6835,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6893,17 +6874,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6938,7 +6931,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 5df49d5196c..7d7fc73f9a8 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -66,6 +66,7 @@ # close_discussion --> conclusion # create_issue --> conclusion # detection --> close_discussion +# detection --> conclusion # detection --> create_issue # pre_activation --> activation # ``` @@ -705,17 +706,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -754,6 +745,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -6247,6 +6246,7 @@ jobs: - agent - close_discussion - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -6494,6 +6494,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Plan Command" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6546,17 +6547,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6595,17 +6586,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6640,7 +6643,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index cdb37e6cf9f..a5c75f3a7c9 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -216,6 +216,7 @@ # detection --> add_comment # detection --> add_labels # detection --> close_pull_request +# detection --> conclusion # detection --> create_agent_task # detection --> create_discussion # detection --> create_issue @@ -801,17 +802,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -850,6 +841,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1290,17 +1289,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7706,6 +7695,7 @@ jobs: - create_issue - create_pr_review_comment - create_pull_request + - detection - link_sub_issue - push_to_pull_request_branch - update_issue @@ -7957,6 +7947,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Poem Bot - A Creative Agentic Workflow" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🪶 *Verses penned by [{workflow_name}]({run_url})*\",\"runStarted\":\"🎭 Hear ye! The muse stirs! [{workflow_name}]({run_url}) takes quill in hand for this {event_type}...\",\"runSuccess\":\"🪶 The poem is writ! [{workflow_name}]({run_url}) has composed verses most fair. Applause! 👏\",\"runFailure\":\"🎭 Alas! [{workflow_name}]({run_url}) {status}. The muse has fled, leaving verses unsung...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -8010,17 +8001,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -8059,17 +8040,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -8104,7 +8097,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -8463,17 +8461,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index ce9c757b356..a17c8a0bc81 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -81,6 +81,7 @@ # create_discussion --> conclusion # create_pr_review_comment --> conclusion # detection --> add_comment +# detection --> conclusion # detection --> create_discussion # detection --> create_pr_review_comment # pre_activation --> activation @@ -701,17 +702,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -750,6 +741,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1181,17 +1180,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6870,6 +6859,7 @@ jobs: - agent - create_discussion - create_pr_review_comment + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -7117,6 +7107,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "PR Nitpick Reviewer 🔍" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🔍 *Meticulously inspected by [{workflow_name}]({run_url})*\",\"runStarted\":\"🔬 Adjusting monocle... [{workflow_name}]({run_url}) is scrutinizing every pixel of this {event_type}...\",\"runSuccess\":\"🔍 Nitpicks catalogued! [{workflow_name}]({run_url}) has documented all the tiny details. Perfection awaits! ✅\",\"runFailure\":\"🔬 Lens cracked! [{workflow_name}]({run_url}) {status}. Some nitpicks remain undetected...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -7170,17 +7161,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7219,17 +7200,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7264,7 +7257,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -7433,17 +7431,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index fecc583c26e..ec8811c3737 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -153,6 +153,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -6291,6 +6292,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -6538,6 +6540,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Copilot Agent Prompt Clustering Analysis" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6590,17 +6593,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6639,17 +6632,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6684,7 +6689,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6853,17 +6863,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 1b1f3a85209..b2d2a22329b 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -66,6 +66,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -6864,6 +6865,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -7112,6 +7114,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Python Data Visualization Generator" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -7164,17 +7167,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7213,17 +7206,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7258,7 +7263,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -7425,17 +7435,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index e08cc7cd6d5..6a7abe19237 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -91,6 +91,7 @@ # create_pull_request --> add_comment # create_pull_request --> conclusion # detection --> add_comment +# detection --> conclusion # detection --> create_pull_request # pre_activation --> activation # ``` @@ -1011,17 +1012,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -1060,6 +1051,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1491,17 +1490,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7132,6 +7121,7 @@ jobs: - add_comment - agent - create_pull_request + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -7379,6 +7369,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Q" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🎩 *Equipped by [{workflow_name}]({run_url})*\",\"runStarted\":\"🔧 Pay attention, 007! [{workflow_name}]({run_url}) is preparing your gadgets for this {event_type}...\",\"runSuccess\":\"🎩 Mission equipment ready! [{workflow_name}]({run_url}) has optimized your workflow. Use wisely, 007! 🔫\",\"runFailure\":\"🔧 Technical difficulties! [{workflow_name}]({run_url}) {status}. Even Q Branch has bad days...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -7432,17 +7423,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7481,17 +7462,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7526,7 +7519,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 05d649c82b8..2b64b5cb8f3 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -221,6 +221,7 @@ # agent --> conclusion # agent --> detection # agent --> update_release +# detection --> conclusion # detection --> update_release # generate-sbom --> agent # pre_activation --> activation @@ -5220,6 +5221,7 @@ jobs: needs: - activation - agent + - detection - update_release if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -5468,6 +5470,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Release" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5520,17 +5523,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5569,17 +5562,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5614,7 +5619,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index d1d4e7fffd2..ccb62e50b4e 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -69,6 +69,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5168,6 +5169,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5415,6 +5417,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Repository Tree Map Generator" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5467,17 +5470,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5516,17 +5509,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5561,7 +5566,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5729,17 +5739,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 8ac7b74cf8c..c39b553cfd2 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -73,6 +73,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -6075,6 +6076,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -6322,6 +6324,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Repository Quality Improvement Agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6374,17 +6377,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6423,17 +6416,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6468,7 +6473,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6636,17 +6646,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index 2aa79ae2b4e..14b1d566f51 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -76,6 +76,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5014,6 +5015,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5261,6 +5263,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Basic Research Agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5313,17 +5316,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5362,17 +5355,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5407,7 +5412,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5574,17 +5584,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 84ce26dca40..0209318a769 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -74,6 +74,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5314,6 +5315,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5561,6 +5563,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Safe Output Health Monitor" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5613,17 +5616,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5662,17 +5655,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5707,7 +5712,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5875,17 +5885,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index f38e0d25e23..4b8eec12c46 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -70,6 +70,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5092,6 +5093,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5339,6 +5341,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Schema Consistency Checker" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5391,17 +5394,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5440,17 +5433,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5485,7 +5490,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5654,17 +5664,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index ec51d044815..c1d64219106 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -89,6 +89,7 @@ # agent --> conclusion # agent --> detection # detection --> add_comment +# detection --> conclusion # pre_activation --> activation # ``` # @@ -972,17 +973,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -1021,6 +1012,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1449,17 +1448,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6437,6 +6426,7 @@ jobs: - activation - add_comment - agent + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6684,6 +6674,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Scout" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🔭 *Intelligence gathered by [{workflow_name}]({run_url})*\",\"runStarted\":\"🏕️ Scout on patrol! [{workflow_name}]({run_url}) is blazing trails through this {event_type}...\",\"runSuccess\":\"🔭 Recon complete! [{workflow_name}]({run_url}) has charted the territory. Map ready! 🗺️\",\"runFailure\":\"🏕️ Lost in the wilderness! [{workflow_name}]({run_url}) {status}. Sending search party...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6737,17 +6728,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6786,17 +6767,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6831,7 +6824,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/security-fix-pr.lock.yml b/.github/workflows/security-fix-pr.lock.yml index 8bd5da45d41..40ad17d5a96 100644 --- a/.github/workflows/security-fix-pr.lock.yml +++ b/.github/workflows/security-fix-pr.lock.yml @@ -69,6 +69,7 @@ # agent --> create_pull_request # agent --> detection # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_pull_request # pre_activation --> activation # ``` @@ -4580,6 +4581,7 @@ jobs: - activation - agent - create_pull_request + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -4827,6 +4829,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Security Fix PR" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -4879,17 +4882,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -4928,17 +4921,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -4973,7 +4978,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index 3649912bb7d..0b47507ad2a 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -89,6 +89,7 @@ # close_issue --> conclusion # create_issue --> conclusion # detection --> close_issue +# detection --> conclusion # detection --> create_issue # ``` # @@ -5427,6 +5428,7 @@ jobs: - agent - close_issue - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5674,6 +5676,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Semantic Function Refactoring" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5726,17 +5729,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5775,17 +5768,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5820,7 +5825,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 2115614cea4..7d59722f5b0 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -99,6 +99,7 @@ # create_issue --> conclusion # detection --> add_comment # detection --> add_labels +# detection --> conclusion # detection --> create_issue # pre_activation --> activation # ``` @@ -398,17 +399,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -447,6 +438,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -879,17 +878,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6270,6 +6259,7 @@ jobs: - add_labels - agent - create_issue + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6517,6 +6507,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Smoke Claude" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 💥 *[THE END] — Illustrated by [{workflow_name}]({run_url})*\",\"runStarted\":\"💥 **WHOOSH!** [{workflow_name}]({run_url}) springs into action on this {event_type}! *[Panel 1 begins...]*\",\"runSuccess\":\"🎬 **THE END** — [{workflow_name}]({run_url}) **MISSION: ACCOMPLISHED!** The hero saves the day! ✨\",\"runFailure\":\"💫 **TO BE CONTINUED...** [{workflow_name}]({run_url}) {status}! Our hero faces unexpected challenges...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6570,17 +6561,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6619,17 +6600,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6664,7 +6657,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index c304d711cb5..5ca3eb8a9fd 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -89,6 +89,7 @@ # create_issue --> conclusion # detection --> add_comment # detection --> add_labels +# detection --> conclusion # detection --> create_issue # pre_activation --> activation # ``` @@ -277,17 +278,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -326,6 +317,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -758,17 +757,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6056,6 +6045,7 @@ jobs: - add_labels - agent - create_issue + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6303,6 +6293,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Smoke Codex" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🔮 *The oracle has spoken through [{workflow_name}]({run_url})*\",\"runStarted\":\"🔮 The ancient spirits stir... [{workflow_name}]({run_url}) awakens to divine this {event_type}...\",\"runSuccess\":\"✨ The prophecy is fulfilled... [{workflow_name}]({run_url}) has completed its mystical journey. The stars align. 🌟\",\"runFailure\":\"🌑 The shadows whisper... [{workflow_name}]({run_url}) {status}. The oracle requires further meditation...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6356,17 +6347,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6405,17 +6386,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6450,7 +6443,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/smoke-copilot-no-firewall.lock.yml b/.github/workflows/smoke-copilot-no-firewall.lock.yml index 55d321df3ea..72e069a9808 100644 --- a/.github/workflows/smoke-copilot-no-firewall.lock.yml +++ b/.github/workflows/smoke-copilot-no-firewall.lock.yml @@ -94,6 +94,7 @@ # create_issue --> conclusion # detection --> add_comment # detection --> add_labels +# detection --> conclusion # detection --> create_issue # detection --> update_pull_request # pre_activation --> activation @@ -289,17 +290,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -338,6 +329,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -770,17 +769,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6337,6 +6326,7 @@ jobs: - add_labels - agent - create_issue + - detection - update_pull_request if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim @@ -6585,6 +6575,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Smoke Copilot No Firewall" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🤖 *DIAGNOSTIC REPORT GENERATED BY [{workflow_name}]({run_url})*\",\"runStarted\":\"🤖 SYSTEM_INIT: [{workflow_name}]({run_url}) ACTIVATED. PROCESSING {event_type}. ALL SUBSYSTEMS ONLINE.\",\"runSuccess\":\"🤖 DIAGNOSTIC COMPLETE: [{workflow_name}]({run_url}) STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.\",\"runFailure\":\"🤖 ALERT: [{workflow_name}]({run_url}) {status}. ANOMALY_DETECTED. REPAIR_REQUIRED.\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6638,17 +6629,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6687,17 +6668,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6732,7 +6725,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/smoke-copilot-playwright.lock.yml b/.github/workflows/smoke-copilot-playwright.lock.yml index 93f9d5eba86..fc2b4a63653 100644 --- a/.github/workflows/smoke-copilot-playwright.lock.yml +++ b/.github/workflows/smoke-copilot-playwright.lock.yml @@ -153,6 +153,7 @@ # create_issue --> conclusion # detection --> add_comment # detection --> add_labels +# detection --> conclusion # detection --> create_issue # pre_activation --> activation # ``` @@ -337,17 +338,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -386,6 +377,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -818,17 +817,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6632,6 +6621,7 @@ jobs: - add_labels - agent - create_issue + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6879,6 +6869,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Smoke Copilot Playwright" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 📰 *BREAKING: Report filed by [{workflow_name}]({run_url})*\",\"runStarted\":\"📰 BREAKING: [{workflow_name}]({run_url}) is now investigating this {event_type}. Sources say the story is developing...\",\"runSuccess\":\"📰 VERDICT: [{workflow_name}]({run_url}) has concluded. All systems operational. This is a developing story. 🎤\",\"runFailure\":\"📰 DEVELOPING STORY: [{workflow_name}]({run_url}) reports {status}. Our correspondents are investigating the incident...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6932,17 +6923,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6981,17 +6962,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7026,7 +7019,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 2d789570539..d6c03542744 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -87,6 +87,7 @@ # create_issue --> conclusion # detection --> add_comment # detection --> add_labels +# detection --> conclusion # detection --> create_issue # pre_activation --> activation # ``` @@ -268,17 +269,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -317,6 +308,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -749,17 +748,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6518,6 +6507,7 @@ jobs: - add_labels - agent - create_issue + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6765,6 +6755,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Smoke Copilot" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 📰 *BREAKING: Report filed by [{workflow_name}]({run_url})*\",\"runStarted\":\"📰 BREAKING: [{workflow_name}]({run_url}) is now investigating this {event_type}. Sources say the story is developing...\",\"runSuccess\":\"📰 VERDICT: [{workflow_name}]({run_url}) has concluded. All systems operational. This is a developing story. 🎤\",\"runFailure\":\"📰 DEVELOPING STORY: [{workflow_name}]({run_url}) reports {status}. Our correspondents are investigating the incident...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6818,17 +6809,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6867,17 +6848,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6912,7 +6905,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/smoke-detector.lock.yml b/.github/workflows/smoke-detector.lock.yml index 65cedd9931d..364877e5738 100644 --- a/.github/workflows/smoke-detector.lock.yml +++ b/.github/workflows/smoke-detector.lock.yml @@ -105,6 +105,7 @@ # create_issue --> add_comment # create_issue --> conclusion # detection --> add_comment +# detection --> conclusion # detection --> create_issue # pre_activation --> activation # ``` @@ -609,17 +610,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -658,6 +649,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1090,17 +1089,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6058,6 +6047,7 @@ jobs: - add_comment - agent - create_issue + - detection if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim permissions: @@ -6305,6 +6295,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Smoke Detector - Smoke Test Failure Investigator" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🚨 *Alert generated by [{workflow_name}]({run_url})*\",\"runStarted\":\"🔥 BEEP BEEP! [{workflow_name}]({run_url}) detected smoke on this {event_type}! Investigating...\",\"runSuccess\":\"🚨 All clear! [{workflow_name}]({run_url}) has completed the investigation. Fire report filed! 📋\",\"runFailure\":\"🔥 Alarm malfunction! [{workflow_name}]({run_url}) {status}. Manual inspection required...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6358,17 +6349,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6407,17 +6388,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6452,7 +6445,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/smoke-srt.lock.yml b/.github/workflows/smoke-srt.lock.yml index 29e5ae1d90f..93bf0800fad 100644 --- a/.github/workflows/smoke-srt.lock.yml +++ b/.github/workflows/smoke-srt.lock.yml @@ -79,6 +79,7 @@ # activation --> conclusion # agent --> conclusion # agent --> detection +# detection --> conclusion # pre_activation --> activation # ``` # @@ -4673,6 +4674,7 @@ jobs: needs: - activation - agent + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -4920,6 +4922,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Smoke SRT" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ⚓ *Logged in the captain's journal by [{workflow_name}]({run_url})*\",\"runStarted\":\"⚓ Ahoy! [{workflow_name}]({run_url}) sets sail on this {event_type}! All hands on deck, me hearties! 🏴\u200d☠️\",\"runSuccess\":\"🏴\u200d☠️ Yo ho ho! [{workflow_name}]({run_url}) has claimed the treasure! The voyage be a SUCCESS! ⚓\",\"runFailure\":\"🏴\u200d☠️ Blimey! [{workflow_name}]({run_url}) {status}! We've hit rough waters, mateys...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -4973,17 +4976,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5022,17 +5015,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5067,7 +5072,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index be8481cea35..1e5d4aef815 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -128,6 +128,7 @@ # agent --> detection # agent --> upload_assets # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # detection --> upload_assets # upload_assets --> conclusion @@ -6728,6 +6729,7 @@ jobs: - activation - agent - create_issue + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -6976,6 +6978,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Stale Repository Identifier" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🔍 *Analysis by [{workflow_name}]({run_url})*\",\"runStarted\":\"🔍 Stale Repository Identifier starting! [{workflow_name}]({run_url}) is analyzing repository activity...\",\"runSuccess\":\"✅ Analysis complete! [{workflow_name}]({run_url}) has finished analyzing stale repositories.\",\"runFailure\":\"⚠️ Analysis interrupted! [{workflow_name}]({run_url}) {status}.\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -7029,17 +7032,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -7078,17 +7071,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -7123,7 +7128,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 184f7b7d3d3..c0e3df1d55c 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -71,6 +71,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5118,6 +5119,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5365,6 +5367,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Static Analysis Report" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5417,17 +5420,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5466,17 +5459,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5511,7 +5516,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5679,17 +5689,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index e9fdd1bf2ab..049aa237509 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -122,6 +122,7 @@ # agent --> create_issue # agent --> detection # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # super_linter --> agent # ``` @@ -5312,6 +5313,7 @@ jobs: - activation - agent - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5559,6 +5561,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Super Linter Report" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5611,17 +5614,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5660,17 +5653,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5705,7 +5710,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 7d0bba16f82..a38fd19f01e 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -120,6 +120,7 @@ # create_pull_request --> add_comment # create_pull_request --> conclusion # detection --> add_comment +# detection --> conclusion # detection --> create_pull_request # detection --> upload_assets # upload_assets --> conclusion @@ -754,17 +755,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6400,6 +6391,7 @@ jobs: - add_comment - agent - create_pull_request + - detection - upload_assets if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim @@ -6648,6 +6640,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Technical Doc Writer" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 📝 *Documentation by [{workflow_name}]({run_url})*\",\"runStarted\":\"✍️ The Technical Writer begins! [{workflow_name}]({run_url}) is documenting this {event_type}...\",\"runSuccess\":\"📝 Documentation complete! [{workflow_name}]({run_url}) has written the docs. Clear as crystal! ✨\",\"runFailure\":\"✍️ Writer's block! [{workflow_name}]({run_url}) {status}. The page remains blank...\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6701,17 +6694,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6750,17 +6733,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6795,7 +6790,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/test-python-safe-input.lock.yml b/.github/workflows/test-python-safe-input.lock.yml index 7dd0f3e8bc8..82015004af0 100644 --- a/.github/workflows/test-python-safe-input.lock.yml +++ b/.github/workflows/test-python-safe-input.lock.yml @@ -112,6 +112,7 @@ # agent --> create_issue # agent --> detection # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # ``` # @@ -6051,6 +6052,7 @@ jobs: - activation - agent - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -6298,6 +6300,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Python Safe-Input Test Workflow" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6350,17 +6353,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6399,17 +6392,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6444,7 +6449,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index cb2efc7468f..7f8f3c10585 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -101,6 +101,7 @@ # agent --> detection # agent --> push_to_pull_request_branch # create_pull_request --> conclusion +# detection --> conclusion # detection --> create_pull_request # detection --> push_to_pull_request_branch # pre_activation --> activation @@ -349,17 +350,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -398,6 +389,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -5510,6 +5509,7 @@ jobs: - activation - agent - create_pull_request + - detection - push_to_pull_request_branch if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -5758,6 +5758,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Tidy" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5810,17 +5811,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5859,17 +5850,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5904,7 +5907,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index e8d85f38a1d..20ac51779ac 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -82,6 +82,7 @@ # agent --> create_discussion # agent --> detection # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # ``` # @@ -5378,6 +5379,7 @@ jobs: - activation - agent - create_discussion + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5625,6 +5627,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Typist - Go Type Analysis" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5677,17 +5680,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5726,17 +5719,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5771,7 +5776,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5939,17 +5949,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index b6095f795fc..46263df7c6c 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -155,6 +155,7 @@ # create_pull_request --> add_comment # create_pull_request --> conclusion # detection --> add_comment +# detection --> conclusion # detection --> create_pull_request # detection --> upload_assets # pre_activation --> activation @@ -634,17 +635,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -683,6 +674,14 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const reaction = process.env.GH_AW_REACTION || "eyes"; const command = process.env.GH_AW_COMMAND; @@ -1114,17 +1113,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6202,6 +6191,7 @@ jobs: - add_comment - agent - create_pull_request + - detection - upload_assets if: ((always()) && (needs.agent.result != 'skipped')) && (!(needs.add_comment.outputs.comment_id)) runs-on: ubuntu-slim @@ -6450,6 +6440,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Documentation Unbloat" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🗜️ *Compressed by [{workflow_name}]({run_url})*\",\"runStarted\":\"📦 Time to slim down! [{workflow_name}]({run_url}) is trimming the excess from this {event_type}...\",\"runSuccess\":\"🗜️ Docs on a diet! [{workflow_name}]({run_url}) has removed the bloat. Lean and mean! 💪\",\"runFailure\":\"📦 Unbloating paused! [{workflow_name}]({run_url}) {status}. The docs remain... fluffy.\"}" with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -6503,17 +6494,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6552,17 +6533,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6597,7 +6590,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 49124206cef..6d5837634e6 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -72,6 +72,7 @@ # agent --> create_issue # agent --> detection # create_issue --> conclusion +# detection --> conclusion # detection --> create_issue # ``` # @@ -5356,6 +5357,7 @@ jobs: - activation - agent - create_issue + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -5603,6 +5605,7 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Video Analysis Agent" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -5655,17 +5658,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -5704,17 +5697,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5749,7 +5754,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 0728c38e895..2a2db792692 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -79,6 +79,7 @@ # agent --> detection # agent --> upload_assets # create_discussion --> conclusion +# detection --> conclusion # detection --> create_discussion # detection --> upload_assets # upload_assets --> conclusion @@ -6093,6 +6094,7 @@ jobs: - activation - agent - create_discussion + - detection - upload_assets if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim @@ -6344,6 +6346,7 @@ jobs: GH_AW_WORKFLOW_NAME: "Weekly Issue Summary" GH_AW_TRACKER_ID: "weekly-issue-summary" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -6396,17 +6399,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -6445,17 +6438,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -6490,7 +6495,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -6660,17 +6670,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json index 4caa7e64b2e..e66c2b339db 100644 --- a/pkg/parser/schemas/main_workflow_schema.json +++ b/pkg/parser/schemas/main_workflow_schema.json @@ -4364,6 +4364,14 @@ "❌ Agentic [{workflow_name}]({run_url}) {status} and wasn't able to produce a result.", "❌ [{workflow_name}]({run_url}) {status}." ] + }, + "detection-failure": { + "type": "string", + "description": "Custom message template for detection job failure. Available placeholders: {workflow_name}, {run_url}. Default: '⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details.'", + "examples": [ + "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details.", + "⚠️ Detection job failed in [{workflow_name}]({run_url})." + ] } }, "additionalProperties": false diff --git a/pkg/workflow/compiler_types.go b/pkg/workflow/compiler_types.go index 69a5c3a58b3..d5bc36cda88 100644 --- a/pkg/workflow/compiler_types.go +++ b/pkg/workflow/compiler_types.go @@ -278,6 +278,7 @@ type SafeOutputMessagesConfig struct { RunStarted string `yaml:"run-started,omitempty" json:"runStarted,omitempty"` // Custom workflow activation message template RunSuccess string `yaml:"run-success,omitempty" json:"runSuccess,omitempty"` // Custom workflow success message template RunFailure string `yaml:"run-failure,omitempty" json:"runFailure,omitempty"` // Custom workflow failure message template + DetectionFailure string `yaml:"detection-failure,omitempty" json:"detectionFailure,omitempty"` // Custom detection job failure message template } // SecretMaskingConfig holds configuration for secret redaction behavior diff --git a/pkg/workflow/js/messages_core.cjs b/pkg/workflow/js/messages_core.cjs index 0c0e7e26b92..ce38d3afed9 100644 --- a/pkg/workflow/js/messages_core.cjs +++ b/pkg/workflow/js/messages_core.cjs @@ -29,6 +29,7 @@ * @property {string} [runStarted] - Custom workflow activation message template * @property {string} [runSuccess] - Custom workflow success message template * @property {string} [runFailure] - Custom workflow failure message template + * @property {string} [detectionFailure] - Custom detection job failure message template * @property {string} [closeOlderDiscussion] - Custom message for closing older discussions as outdated */ @@ -44,19 +45,7 @@ function getMessages() { try { // Parse JSON with camelCase keys from Go struct (using json struct tags) - const rawMessages = JSON.parse(messagesEnv); - - // Use camelCase keys directly from Go struct JSON serialization - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; diff --git a/pkg/workflow/js/messages_run_status.cjs b/pkg/workflow/js/messages_run_status.cjs index e87d86de31d..47bc622e9ab 100644 --- a/pkg/workflow/js/messages_run_status.cjs +++ b/pkg/workflow/js/messages_run_status.cjs @@ -84,8 +84,35 @@ function getRunFailureMessage(ctx) { return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } +/** + * @typedef {Object} DetectionFailureContext + * @property {string} workflowName - Name of the workflow + * @property {string} runUrl - URL of the workflow run + */ + +/** + * Get the detection-failure message, using custom template if configured. + * @param {DetectionFailureContext} ctx - Context for detection-failure message generation + * @returns {string} Detection-failure message + */ +function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + + // Create context with both camelCase and snake_case keys + const templateContext = toSnakeCase(ctx); + + // Default detection-failure template + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + + // Use custom message if configured + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); +} + module.exports = { getRunStartedMessage, getRunSuccessMessage, getRunFailureMessage, + getDetectionFailureMessage, }; diff --git a/pkg/workflow/js/notify_comment_error.cjs b/pkg/workflow/js/notify_comment_error.cjs index 568575c4e08..f5b5d367c05 100644 --- a/pkg/workflow/js/notify_comment_error.cjs +++ b/pkg/workflow/js/notify_comment_error.cjs @@ -6,7 +6,7 @@ // It also processes noop messages and adds them to the activation comment. const { loadAgentOutput } = require("./load_agent_output.cjs"); -const { getRunSuccessMessage, getRunFailureMessage } = require("./messages_run_status.cjs"); +const { getRunSuccessMessage, getRunFailureMessage, getDetectionFailureMessage } = require("./messages_run_status.cjs"); async function main() { const commentId = process.env.GH_AW_COMMENT_ID; @@ -14,12 +14,16 @@ async function main() { const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } // Load agent output to check for noop messages let noopMessages = []; @@ -70,7 +74,14 @@ async function main() { // Determine the message based on agent conclusion using custom messages if configured let message; - if (agentConclusion === "success") { + // Check if detection job failed (if detection job exists) + if (detectionConclusion && detectionConclusion === "failure") { + // Detection job failed - report this prominently + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, diff --git a/pkg/workflow/js/notify_comment_error.test.cjs b/pkg/workflow/js/notify_comment_error.test.cjs index bc0e38614e0..b7231617db5 100644 --- a/pkg/workflow/js/notify_comment_error.test.cjs +++ b/pkg/workflow/js/notify_comment_error.test.cjs @@ -91,6 +91,7 @@ describe("notify_comment_error.cjs", () => { GH_AW_RUN_URL: process.env.GH_AW_RUN_URL, GH_AW_WORKFLOW_NAME: process.env.GH_AW_WORKFLOW_NAME, GH_AW_AGENT_CONCLUSION: process.env.GH_AW_AGENT_CONCLUSION, + GH_AW_DETECTION_CONCLUSION: process.env.GH_AW_DETECTION_CONCLUSION, }; // Read the script content @@ -255,6 +256,64 @@ describe("notify_comment_error.cjs", () => { }) ); }); + + it("should prioritize detection failure message when detection job fails", async () => { + process.env.GH_AW_COMMENT_ID = "123456"; + process.env.GH_AW_RUN_URL = "https://github.com/owner/repo/actions/runs/123"; + process.env.GH_AW_WORKFLOW_NAME = "test-workflow"; + process.env.GH_AW_AGENT_CONCLUSION = "success"; + process.env.GH_AW_DETECTION_CONCLUSION = "failure"; + + await eval(`(async () => { ${notifyCommentScript} })()`); + + expect(mockGithub.request).toHaveBeenCalledWith( + "PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}", + expect.objectContaining({ + owner: "testowner", + repo: "testrepo", + comment_id: 123456, + // Default: "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details." + body: expect.stringContaining("Security scanning failed"), + }) + ); + expect(mockCore.info).toHaveBeenCalledWith("Successfully updated comment"); + }); + + it("should report detection failure even when agent fails", async () => { + process.env.GH_AW_COMMENT_ID = "123456"; + process.env.GH_AW_RUN_URL = "https://github.com/owner/repo/actions/runs/123"; + process.env.GH_AW_WORKFLOW_NAME = "test-workflow"; + process.env.GH_AW_AGENT_CONCLUSION = "failure"; + process.env.GH_AW_DETECTION_CONCLUSION = "failure"; + + await eval(`(async () => { ${notifyCommentScript} })()`); + + expect(mockGithub.request).toHaveBeenCalledWith( + "PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}", + expect.objectContaining({ + // Detection failure should be shown instead of agent failure + body: expect.stringContaining("Security scanning failed"), + }) + ); + }); + + it("should show agent success when detection succeeds", async () => { + process.env.GH_AW_COMMENT_ID = "123456"; + process.env.GH_AW_RUN_URL = "https://github.com/owner/repo/actions/runs/123"; + process.env.GH_AW_WORKFLOW_NAME = "test-workflow"; + process.env.GH_AW_AGENT_CONCLUSION = "success"; + process.env.GH_AW_DETECTION_CONCLUSION = "success"; + + await eval(`(async () => { ${notifyCommentScript} })()`); + + expect(mockGithub.request).toHaveBeenCalledWith( + "PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}", + expect.objectContaining({ + // Agent success message should be shown + body: expect.stringContaining("found the treasure and completed successfully"), + }) + ); + }); }); describe("when updating a discussion comment", () => { diff --git a/pkg/workflow/notify_comment.go b/pkg/workflow/notify_comment.go index 1758071eff4..a8560cf927d 100644 --- a/pkg/workflow/notify_comment.go +++ b/pkg/workflow/notify_comment.go @@ -125,6 +125,12 @@ func (c *Compiler) buildConclusionJob(data *WorkflowData, mainJobName string, sa } customEnvVars = append(customEnvVars, fmt.Sprintf(" GH_AW_AGENT_CONCLUSION: ${{ needs.%s.result }}\n", mainJobName)) + // Pass detection conclusion if threat detection is enabled + if data.SafeOutputs.ThreatDetection != nil { + customEnvVars = append(customEnvVars, " GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }}\n") + notifyCommentLog.Print("Added detection conclusion environment variable to conclusion job") + } + // Pass custom messages config if present if data.SafeOutputs != nil && data.SafeOutputs.Messages != nil { messagesJSON, err := serializeMessagesConfig(data.SafeOutputs.Messages) @@ -204,6 +210,12 @@ func (c *Compiler) buildConclusionJob(data *WorkflowData, mainJobName string, sa needs := []string{mainJobName, constants.ActivationJobName} needs = append(needs, safeOutputJobNames...) + // Add detection job to dependencies if threat detection is enabled + if data.SafeOutputs.ThreatDetection != nil { + needs = append(needs, "detection") + notifyCommentLog.Print("Added detection job to conclusion dependencies") + } + notifyCommentLog.Printf("Job built successfully: dependencies_count=%d", len(needs)) // Create outputs for the job (include noop and missing_tool outputs if configured)