Add robust unzip-to-repo GitHub Actions workflow#11
Conversation
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
Reviewer's GuideAdds a reusable, manually-triggered GitHub Actions workflow that downloads a ZIP archive from a URL, extracts and validates its contents, then creates a new repository via the GitHub API, initializes git locally, pushes the extracted files to main, and reports/cleans up with robust validation, logging, and failure handling. Sequence diagram for unzip-to-repo GitHub Actions workflow runsequenceDiagram
actor Operator
participant GitHub_Actions as GitHub_Actions_Workflow
participant Zip_Host as ZIP_Host_Server
participant GitHub_API as GitHub_REST_API
participant Local_Git as Git_CLI_in_Workflow
Operator->>GitHub_Actions: Trigger workflow_dispatch
GitHub_Actions->>GitHub_Actions: Validate inputs
GitHub_Actions->>GitHub_Actions: Check REPO_CREATE_TOKEN secret
GitHub_Actions->>Zip_Host: curl zip_url (download archive.zip)
Zip_Host-->>GitHub_Actions: ZIP file contents
GitHub_Actions->>GitHub_Actions: Verify archive.zip non-empty
GitHub_Actions->>GitHub_Actions: unzip archive.zip to extracted_content/
GitHub_Actions->>GitHub_Actions: Count files and check >0
GitHub_Actions->>GitHub_Actions: Scan for files >99MB
GitHub_Actions->>GitHub_API: Create repository via createForAuthenticatedUser
GitHub_API-->>GitHub_Actions: New repo metadata (clone_url)
GitHub_Actions->>Local_Git: Configure user, email, branch, safe.directory
Local_Git->>Local_Git: Remove existing .git if present
Local_Git->>Local_Git: git init -b main
Local_Git->>Local_Git: Create .gitattributes
Local_Git->>Local_Git: git add .
Local_Git->>Local_Git: git commit with metadata (zip_url, timestamp, workflow)
GitHub_Actions->>Local_Git: Sanitize clone_url and inject token
Local_Git->>GitHub_API: git push origin main
GitHub_API-->>Local_Git: Push result
alt Success
GitHub_Actions->>GitHub_Actions: Generate run summary (repo details, source)
else Failure
GitHub_Actions->>GitHub_API: Check if repo exists for cleanup guidance
GitHub_API-->>GitHub_Actions: Repo exists or 404
GitHub_Actions->>Operator: Logs with failure and manual cleanup instructions
end
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- In the
Initialize git and push contentstep, prefer setting git config locally (e.g.,git config user.name ...without--global) to avoid modifying the global config in the runner environment, which can have unintended side effects in composite or reused workflows. - The
REPO_URLused in the summary step (${REPO_URL%.git}) may still contain surrounding quotes from thegithub-scriptresult; consider reusing the same sanitization you apply beforegit remote addor returninghtml_urlinstead ofclone_urlfrom the API call to guarantee a clean, clickable link.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- In the `Initialize git and push content` step, prefer setting git config locally (e.g., `git config user.name ...` without `--global`) to avoid modifying the global config in the runner environment, which can have unintended side effects in composite or reused workflows.
- The `REPO_URL` used in the summary step (`${REPO_URL%.git}`) may still contain surrounding quotes from the `github-script` result; consider reusing the same sanitization you apply before `git remote add` or returning `html_url` instead of `clone_url` from the API call to guarantee a clean, clickable link.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
There was a problem hiding this comment.
1 issue found across 1 file
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name=".github/workflows/unzip-to-repo.yml">
<violation number="1" location=".github/workflows/unzip-to-repo.yml:183">
P1: Security: `git remote -v` will expose the access token in workflow logs. The remote URL contains the embedded `GITHUB_TOKEN`, and printing it will leak the secret. Remove this line or mask the output.</violation>
</file>
Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR
| REPO_URL_SANITIZED=$(echo "$REPO_URL" | sed 's/^"\(.*\)"$/\1/') | ||
| REPO_URL_WITH_TOKEN=$(echo "$REPO_URL_SANITIZED" | sed "s|https://|https://x-access-token:${GITHUB_TOKEN}@|") | ||
| git remote add origin "$REPO_URL_WITH_TOKEN" | ||
| git remote -v |
There was a problem hiding this comment.
P1: Security: git remote -v will expose the access token in workflow logs. The remote URL contains the embedded GITHUB_TOKEN, and printing it will leak the secret. Remove this line or mask the output.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/unzip-to-repo.yml, line 183:
<comment>Security: `git remote -v` will expose the access token in workflow logs. The remote URL contains the embedded `GITHUB_TOKEN`, and printing it will leak the secret. Remove this line or mask the output.</comment>
<file context>
@@ -0,0 +1,226 @@
+ REPO_URL_SANITIZED=$(echo "$REPO_URL" | sed 's/^"\(.*\)"$/\1/')
+ REPO_URL_WITH_TOKEN=$(echo "$REPO_URL_SANITIZED" | sed "s|https://|https://x-access-token:${GITHUB_TOKEN}@|")
+ git remote add origin "$REPO_URL_WITH_TOKEN"
+ git remote -v
+
+ echo "⬆️ Pushing to remote..."
</file context>
✅ Addressed in 7d95e4a
|
@gemini-code-assist Please address the comments from this code review: ## Overall Comments - In the /gemini-code-assist Please address the comments from this code review: ## Overall Comments - In the @gemini Please address the comments from this code review: ## Overall Comments - In the /gemini Please address the comments from this code review: ## Overall Comments - In the |
|
Note Gemini is unable to generate a issue-comment-reply for this pull request due to the file types involved not being currently supported. |
Summary
Testing
Codex Task
Summary by Sourcery
Add a GitHub Actions workflow that bootstraps a new repository from a remote ZIP archive via the GitHub API, handling validation, extraction, git initialization, and push.
New Features:
Enhancements:
Summary by cubic
Adds a GitHub Actions workflow to download a ZIP, extract it, create a new repository, and push the contents to main. This makes bootstrapping a repo from an archive a single, guided run.
New Features
Migration
Written for commit 78ffc3e. Summary will update automatically on new commits.