Merge pull request #48 from DeDuckProject/claude/validate-api-keys-early-npoc3

Author: DeDuckProject

packages/action/dist/check.js

@@ -19706,11 +19706,11 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
       (0, command_1.issue)("echo", enabled ? "on" : "off");
     }
     exports2.setCommandEcho = setCommandEcho;
-    function setFailed(message) {
+    function setFailed2(message) {
       process.exitCode = ExitCode.Failure;
       error(message);
     }
-    exports2.setFailed = setFailed;
+    exports2.setFailed = setFailed2;
     function isDebug() {
       return process.env["RUNNER_DEBUG"] === "1";
     }
@@ -53620,6 +53620,22 @@ function evaluateTrigger(opts) {
   };
 }
 
+// src/api-key-check.ts
+var REMEDIATION = "Add it to your workflow: env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}";
+function checkApiKey(apiKey, shouldRun) {
+  if (apiKey) return { action: "ok" };
+  if (shouldRun) {
+    return {
+      action: "fail",
+      message: `ANTHROPIC_API_KEY is required but not set. ${REMEDIATION}`
+    };
+  }
+  return {
+    action: "warn",
+    message: `ANTHROPIC_API_KEY is not set. The pipeline will fail if it runs. ${REMEDIATION}`
+  };
+}
+
 // src/check.ts
 function streamCommand(cmd, args) {
   return new Promise((resolve2, reject) => {
@@ -53722,6 +53738,14 @@ async function check() {
     command
   });
   core.info(`Trigger decision: ${decision.shouldRun ? "RUN" : "SKIP"} \u2014 ${decision.reason}`);
+  const apiKeyCheck = checkApiKey(process.env["ANTHROPIC_API_KEY"], decision.shouldRun);
+  if (apiKeyCheck.action === "fail") {
+    core.setFailed(apiKeyCheck.message);
+    return;
+  }
+  if (apiKeyCheck.action === "warn") {
+    core.warning(apiKeyCheck.message);
+  }
   core.setOutput("should-run", String(decision.shouldRun));
 }
 check().catch((err) => {

packages/action/dist/check.js.map

@@ -70345,6 +70345,22 @@ function resolveBaseUrl(config, previewUrlOverride) {
   return { url: "http://localhost:3000" };
 }
 
+// src/api-key-check.ts
+var REMEDIATION = "Add it to your workflow: env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}";
+function checkApiKey(apiKey, shouldRun) {
+  if (apiKey) return { action: "ok" };
+  if (shouldRun) {
+    return {
+      action: "fail",
+      message: `ANTHROPIC_API_KEY is required but not set. ${REMEDIATION}`
+    };
+  }
+  return {
+    action: "warn",
+    message: `ANTHROPIC_API_KEY is not set. The pipeline will fail if it runs. ${REMEDIATION}`
+  };
+}
+
 // src/index.ts
 function streamCommand(cmd, args) {
   return new Promise((resolve2, reject) => {
@@ -70366,6 +70382,11 @@ async function run() {
     core.setFailed("GITHUB_TOKEN is required");
     return;
   }
+  const apiKeyCheck = checkApiKey(process.env["ANTHROPIC_API_KEY"], true);
+  if (apiKeyCheck.action === "fail") {
+    core.setFailed(apiKeyCheck.message);
+    return;
+  }
   const eventName = context2.eventName;
   if (eventName !== "pull_request" && eventName !== "issue_comment") {
     core.info(`git-glimpse does not handle '${eventName}' events. Skipping.`);

packages/action/dist/index.js

@@ -0,0 +1,33 @@
+const REMEDIATION = 'Add it to your workflow: env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}';
+
+export type ApiKeyCheckResult =
+  | { action: 'ok' }
+  | { action: 'fail'; message: string }
+  | { action: 'warn'; message: string };
+
+/**
+ * Checks whether ANTHROPIC_API_KEY is present and returns what the caller
+ * should do.
+ *
+ * @param shouldRun - whether the pipeline is about to run
+ *   - true  → missing key is a hard failure (fail fast before expensive work)
+ *   - false → missing key is a warning only (pipeline won't run this time)
+ */
+export function checkApiKey(
+  apiKey: string | undefined,
+  shouldRun: boolean
+): ApiKeyCheckResult {
+  if (apiKey) return { action: 'ok' };
+
+  if (shouldRun) {
+    return {
+      action: 'fail',
+      message: `ANTHROPIC_API_KEY is required but not set. ${REMEDIATION}`,
+    };
+  }
+
+  return {
+    action: 'warn',
+    message: `ANTHROPIC_API_KEY is not set. The pipeline will fail if it runs. ${REMEDIATION}`,
+  };
+}

packages/action/dist/index.js.map

@@ -17,6 +17,7 @@ import {
   parseGlimpseCommand,
   DEFAULT_TRIGGER,
 } from '@git-glimpse/core';
+import { checkApiKey } from './api-key-check.js';
 
 function streamCommand(cmd: string, args: string[]): Promise<string> {
   return new Promise((resolve, reject) => {
@@ -138,6 +139,16 @@ async function check(): Promise<void> {
   });
 
   core.info(`Trigger decision: ${decision.shouldRun ? 'RUN' : 'SKIP'} — ${decision.reason}`);
+
+  const apiKeyCheck = checkApiKey(process.env['ANTHROPIC_API_KEY'], decision.shouldRun);
+  if (apiKeyCheck.action === 'fail') {
+    core.setFailed(apiKeyCheck.message);
+    return;
+  }
+  if (apiKeyCheck.action === 'warn') {
+    core.warning(apiKeyCheck.message);
+  }
+
   core.setOutput('should-run', String(decision.shouldRun));
 }
 

packages/action/src/api-key-check.ts

@@ -14,6 +14,7 @@ import {
   type GitGlimpseConfig,
 } from '@git-glimpse/core';
 import { resolveBaseUrl } from './resolve-base-url.js';
+import { checkApiKey } from './api-key-check.js';
 
 function streamCommand(cmd: string, args: string[]): Promise<string> {
   return new Promise((resolve, reject) => {
@@ -38,6 +39,12 @@ async function run(): Promise<void> {
     return;
   }
 
+  const apiKeyCheck = checkApiKey(process.env['ANTHROPIC_API_KEY'], true);
+  if (apiKeyCheck.action === 'fail') {
+    core.setFailed(apiKeyCheck.message);
+    return;
+  }
+
   const eventName = context.eventName;
   if (eventName !== 'pull_request' && eventName !== 'issue_comment') {
     core.info(`git-glimpse does not handle '${eventName}' events. Skipping.`);

packages/action/src/check.ts

@@ -0,0 +1,22 @@
+import { describe, it, expect } from 'vitest';
+import { checkApiKey } from '../../packages/action/src/api-key-check.js';
+
+describe('checkApiKey', () => {
+  it('returns ok when key is present', () => {
+    expect(checkApiKey('sk-ant-123', true)).toEqual({ action: 'ok' });
+    expect(checkApiKey('sk-ant-123', false)).toEqual({ action: 'ok' });
+  });
+
+  it('returns fail when key is missing and pipeline will run', () => {
+    const result = checkApiKey(undefined, true);
+    expect(result.action).toBe('fail');
+    expect((result as { action: 'fail'; message: string }).message).toMatch(/ANTHROPIC_API_KEY/);
+    expect((result as { action: 'fail'; message: string }).message).toMatch(/secrets\.ANTHROPIC_API_KEY/);
+  });
+
+  it('returns warn when key is missing but pipeline will not run', () => {
+    const result = checkApiKey(undefined, false);
+    expect(result.action).toBe('warn');
+    expect((result as { action: 'warn'; message: string }).message).toMatch(/ANTHROPIC_API_KEY/);
+  });
+});