gitea-mirror/PEASS-ng
1
0
Fork 0
mirror of https://github.com/peass-ng/PEASS-ng.git synced 2026-03-12 21:23:13 -07:00
Code Issues Packages Projects Releases Wiki Activity

workflow: push chack local commits in master-failure fixer

Browse Source
This commit is contained in:
Carlos Polop
2026-02-14 01:11:41 +01:00
parent 381bf74ebd
commit 45990c68c2
1 changed files with 51 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
.github/workflows/ci-master-failure-chack-agent-pr.yml vendored
View File

@@ -126,37 +126,68 @@ jobs:
- name: Commit and push fix branch if changed
id: push_fix
env:
ORIGINAL_HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
run: |
if git diff --quiet; then
echo "No changes to commit."
rm -f chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
pushed=false
if ! git diff --quiet; then
git add -A
# Avoid workflow-file pushes with token scopes that cannot write workflows.
git reset -- .github/workflows || true
git checkout -- .github/workflows || true
git clean -fdx -- .github/workflows || true
git reset -- chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
echo "Workflow-file changes are still staged; skipping push without workflows permission."
echo "pushed=false" >> "$GITHUB_OUTPUT"
exit 0
fi
if ! git diff --cached --quiet; then
git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
fi
fi
after_head="$(git rev-parse HEAD)"
if [ "$after_head" = "$ORIGINAL_HEAD_SHA" ]; then
echo "No commit produced by Chack Agent."
echo "pushed=false" >> "$GITHUB_OUTPUT"
exit 0
fi
rm -f chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
git add -A
# Avoid workflow-file pushes with token scopes that cannot write workflows.
git reset -- .github/workflows || true
git checkout -- .github/workflows || true
git clean -fdx -- .github/workflows || true
git reset -- chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
echo "Workflow-file changes are still staged; skipping push without workflows permission."
echo "pushed=false" >> "$GITHUB_OUTPUT"
exit 0
changed_in_range="$(git diff --name-only "$ORIGINAL_HEAD_SHA"..HEAD)"
if echo "$changed_in_range" | grep -q '^.github/workflows/'; then
echo "Detected workflow changes in Chack commit range; sanitizing commit before push."
git diff --binary "$ORIGINAL_HEAD_SHA"..HEAD -- . ':(exclude).github/workflows/**' > /tmp/chack_nonworkflow.patch
if [ ! -s /tmp/chack_nonworkflow.patch ]; then
echo "Only workflow-file changes were produced; skipping push."
echo "pushed=false" >> "$GITHUB_OUTPUT"
exit 0
fi
git reset --hard "$ORIGINAL_HEAD_SHA"
git apply --index /tmp/chack_nonworkflow.patch
if git diff --cached --quiet; then
echo "No non-workflow changes left after sanitizing."
echo "pushed=false" >> "$GITHUB_OUTPUT"
exit 0
fi
git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
fi
if git diff --cached --quiet; then
echo "No committable changes left after filtering."
echo "pushed=false" >> "$GITHUB_OUTPUT"
exit 0
fi
git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
if ! git push origin HEAD:"$FIX_BRANCH"; then
echo "Push failed (likely token workflow permission limits); skipping PR creation."
echo "pushed=false" >> "$GITHUB_OUTPUT"
exit 0
fi
echo "pushed=true" >> "$GITHUB_OUTPUT"
pushed=true
if [ "$pushed" = "true" ]; then
echo "pushed=true" >> "$GITHUB_OUTPUT"
else
echo "pushed=false" >> "$GITHUB_OUTPUT"
fi
- name: Create PR to master
if: ${{ steps.push_fix.outputs.pushed == 'true' }}