fix(app): copy buttons silently fail over plain HTTP #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deep Review Resolver | |
| # Triggered by a collaborator commenting `/just-fix-it` on a PR. Reads the | |
| # latest <!-- deep-review --> sticky comment posted by deep-review.yml, | |
| # hands the findings to Claude with edit + git tools, and pushes a single | |
| # fix commit to the PR head branch. | |
| # | |
| # Limitations: | |
| # - Same-repo PRs only. Fork PRs cannot be pushed to from CI with the | |
| # default GITHUB_TOKEN; the workflow exits early on forks. | |
| # - Collaborator-gated. The job `if` requires OWNER/MEMBER/COLLABORATOR | |
| # association on the triggering comment to prevent random drive-by use. | |
| # - Single-shot. Re-trigger by commenting `/just-fix-it` again after the | |
| # follow-up deep-review run posts an updated finding list. | |
| on: | |
| issue_comment: | |
| types: [created] | |
| concurrency: | |
| group: deep-resolve-${{ github.event.issue.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| resolve: | |
| if: | | |
| github.event.issue.pull_request != null && | |
| startsWith(github.event.comment.body, '/just-fix-it') && | |
| (github.event.comment.author_association == 'OWNER' || | |
| github.event.comment.author_association == 'MEMBER' || | |
| github.event.comment.author_association == 'COLLABORATOR') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| id-token: write | |
| actions: read | |
| steps: | |
| - name: Acknowledge trigger | |
| uses: actions/github-script@v9 | |
| with: | |
| script: | | |
| await github.rest.reactions.createForIssueComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: context.payload.comment.id, | |
| content: 'eyes', | |
| }); | |
| - name: Resolve PR metadata | |
| id: pr | |
| uses: actions/github-script@v9 | |
| with: | |
| script: | | |
| const { data: pr } = await github.rest.pulls.get({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: context.payload.issue.number, | |
| }); | |
| const isFork = pr.head.repo.full_name !== pr.base.repo.full_name; | |
| core.setOutput('number', String(pr.number)); | |
| core.setOutput('head_repo', pr.head.repo.full_name); | |
| core.setOutput('head_ref', pr.head.ref); | |
| core.setOutput('is_fork', String(isFork)); | |
| - name: Reject fork PRs | |
| if: steps.pr.outputs.is_fork == 'true' | |
| uses: actions/github-script@v9 | |
| with: | |
| script: | | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.issue.number, | |
| body: '<!-- deep-resolve -->\n⚠️ `/just-fix-it` is not supported on fork PRs — CI cannot push to a fork branch with the default token. Apply the review findings locally and push.', | |
| }); | |
| core.setFailed('Fork PR — auto-fix unavailable'); | |
| - name: Fetch latest deep review comment | |
| id: review | |
| uses: actions/github-script@v9 | |
| with: | |
| script: | | |
| const comments = await github.paginate( | |
| github.rest.issues.listComments, | |
| { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.issue.number, | |
| per_page: 100, | |
| } | |
| ); | |
| const review = [...comments].reverse().find(c => | |
| c.body && c.body.includes('<!-- deep-review -->')); | |
| if (!review) { | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.issue.number, | |
| body: '<!-- deep-resolve -->\n⚠️ No deep review comment found on this PR. Wait for the review to post, then re-trigger with `/just-fix-it`.', | |
| }); | |
| core.setFailed('No deep review comment found'); | |
| return; | |
| } | |
| core.setOutput('body', review.body); | |
| - name: Checkout PR head | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ steps.pr.outputs.head_repo }} | |
| ref: ${{ steps.pr.outputs.head_ref }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 | |
| - name: Set git author | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: Enable corepack | |
| run: corepack enable | |
| - name: Run Claude to apply fixes | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| prompt: | | |
| REPO: ${{ github.repository }} | |
| PR NUMBER: ${{ steps.pr.outputs.number }} | |
| BRANCH: ${{ steps.pr.outputs.head_ref }} | |
| The deep multi-agent review posted findings on this PR. Apply | |
| fixes per the rules below. The PR head is already checked out | |
| with push credentials configured. | |
| Review findings (verbatim): | |
| --- | |
| ${{ steps.review.outputs.body }} | |
| --- | |
| Rules: | |
| 1. Apply ALL P0 and P1 findings. | |
| 2. Apply P2 findings only if the fix is mechanical (rename, | |
| missing await, obvious typo, dead import). Skip ambiguous P2. | |
| 3. Skip P3 entirely. | |
| 4. If a finding is wrong (false positive) or out of scope for | |
| the PR, skip it and note why in your summary. | |
| 5. Make the smallest change that addresses each finding. Do not | |
| refactor surrounding code, rename unrelated identifiers, or | |
| touch files not cited by a finding. | |
| After edits: | |
| 6. Run `yarn lint:fix` to auto-fix formatting. If it errors on | |
| files you didn't touch, leave those alone. | |
| 7. Stage and commit in a single commit: | |
| git add -A | |
| git commit -m "fix: address deep review findings" | |
| Use that exact message. No Co-Authored-By trailers | |
| (project convention; see AGENTS.md). | |
| 8. Push: `git push origin HEAD` | |
| 9. Post a summary comment on PR ${{ steps.pr.outputs.number }} | |
| via `gh pr comment`. The comment body MUST start with | |
| `<!-- deep-resolve -->` on its own line so future runs | |
| can locate it. Then a brief markdown list: | |
| - **Fixed:** one line per finding addressed (file:line - what) | |
| - **Skipped:** one line per finding deliberately not fixed, | |
| with reason | |
| Keep the whole comment under 30 lines. | |
| If you make no edits at all (every finding skipped), do not | |
| create an empty commit and do not push. Still post the summary | |
| comment so the author sees why. | |
| claude_args: | | |
| --setting-sources user | |
| --allowedTools "Bash(git:*),Bash(gh pr view:*),Bash(gh pr diff:*),Bash(gh pr comment:*),Bash(yarn lint:fix),Bash(yarn:*),Edit,Write,MultiEdit,Read,Grep,Glob" | |
| - name: React on failure | |
| if: failure() | |
| uses: actions/github-script@v9 | |
| with: | |
| script: | | |
| await github.rest.reactions.createForIssueComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: context.payload.comment.id, | |
| content: 'confused', | |
| }); |