Skip to content

Commit 249b139

Browse files
Merge pull request #48 from DeDuckProject/claude/validate-api-keys-early-npoc3
2 parents 81361f3 + 7e95b08 commit 249b139

File tree

8 files changed

+127
-9
lines changed

8 files changed

+127
-9
lines changed

packages/action/dist/check.js

Lines changed: 26 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19706,11 +19706,11 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
1970619706
(0, command_1.issue)("echo", enabled ? "on" : "off");
1970719707
}
1970819708
exports2.setCommandEcho = setCommandEcho;
19709-
function setFailed(message) {
19709+
function setFailed2(message) {
1971019710
process.exitCode = ExitCode.Failure;
1971119711
error(message);
1971219712
}
19713-
exports2.setFailed = setFailed;
19713+
exports2.setFailed = setFailed2;
1971419714
function isDebug() {
1971519715
return process.env["RUNNER_DEBUG"] === "1";
1971619716
}
@@ -53620,6 +53620,22 @@ function evaluateTrigger(opts) {
5362053620
};
5362153621
}
5362253622

53623+
// src/api-key-check.ts
53624+
var REMEDIATION = "Add it to your workflow: env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}";
53625+
function checkApiKey(apiKey, shouldRun) {
53626+
if (apiKey) return { action: "ok" };
53627+
if (shouldRun) {
53628+
return {
53629+
action: "fail",
53630+
message: `ANTHROPIC_API_KEY is required but not set. ${REMEDIATION}`
53631+
};
53632+
}
53633+
return {
53634+
action: "warn",
53635+
message: `ANTHROPIC_API_KEY is not set. The pipeline will fail if it runs. ${REMEDIATION}`
53636+
};
53637+
}
53638+
5362353639
// src/check.ts
5362453640
function streamCommand(cmd, args) {
5362553641
return new Promise((resolve2, reject) => {
@@ -53722,6 +53738,14 @@ async function check() {
5372253738
command
5372353739
});
5372453740
core.info(`Trigger decision: ${decision.shouldRun ? "RUN" : "SKIP"} \u2014 ${decision.reason}`);
53741+
const apiKeyCheck = checkApiKey(process.env["ANTHROPIC_API_KEY"], decision.shouldRun);
53742+
if (apiKeyCheck.action === "fail") {
53743+
core.setFailed(apiKeyCheck.message);
53744+
return;
53745+
}
53746+
if (apiKeyCheck.action === "warn") {
53747+
core.warning(apiKeyCheck.message);
53748+
}
5372553749
core.setOutput("should-run", String(decision.shouldRun));
5372653750
}
5372753751
check().catch((err) => {

packages/action/dist/check.js.map

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/action/dist/index.js

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70345,6 +70345,22 @@ function resolveBaseUrl(config, previewUrlOverride) {
7034570345
return { url: "http://localhost:3000" };
7034670346
}
7034770347

70348+
// src/api-key-check.ts
70349+
var REMEDIATION = "Add it to your workflow: env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}";
70350+
function checkApiKey(apiKey, shouldRun) {
70351+
if (apiKey) return { action: "ok" };
70352+
if (shouldRun) {
70353+
return {
70354+
action: "fail",
70355+
message: `ANTHROPIC_API_KEY is required but not set. ${REMEDIATION}`
70356+
};
70357+
}
70358+
return {
70359+
action: "warn",
70360+
message: `ANTHROPIC_API_KEY is not set. The pipeline will fail if it runs. ${REMEDIATION}`
70361+
};
70362+
}
70363+
7034870364
// src/index.ts
7034970365
function streamCommand(cmd, args) {
7035070366
return new Promise((resolve2, reject) => {
@@ -70366,6 +70382,11 @@ async function run() {
7036670382
core.setFailed("GITHUB_TOKEN is required");
7036770383
return;
7036870384
}
70385+
const apiKeyCheck = checkApiKey(process.env["ANTHROPIC_API_KEY"], true);
70386+
if (apiKeyCheck.action === "fail") {
70387+
core.setFailed(apiKeyCheck.message);
70388+
return;
70389+
}
7036970390
const eventName = context2.eventName;
7037070391
if (eventName !== "pull_request" && eventName !== "issue_comment") {
7037170392
core.info(`git-glimpse does not handle '${eventName}' events. Skipping.`);

packages/action/dist/index.js.map

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
const REMEDIATION = 'Add it to your workflow: env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}';
2+
3+
export type ApiKeyCheckResult =
4+
| { action: 'ok' }
5+
| { action: 'fail'; message: string }
6+
| { action: 'warn'; message: string };
7+
8+
/**
9+
* Checks whether ANTHROPIC_API_KEY is present and returns what the caller
10+
* should do.
11+
*
12+
* @param shouldRun - whether the pipeline is about to run
13+
* - true → missing key is a hard failure (fail fast before expensive work)
14+
* - false → missing key is a warning only (pipeline won't run this time)
15+
*/
16+
export function checkApiKey(
17+
apiKey: string | undefined,
18+
shouldRun: boolean
19+
): ApiKeyCheckResult {
20+
if (apiKey) return { action: 'ok' };
21+
22+
if (shouldRun) {
23+
return {
24+
action: 'fail',
25+
message: `ANTHROPIC_API_KEY is required but not set. ${REMEDIATION}`,
26+
};
27+
}
28+
29+
return {
30+
action: 'warn',
31+
message: `ANTHROPIC_API_KEY is not set. The pipeline will fail if it runs. ${REMEDIATION}`,
32+
};
33+
}

packages/action/src/check.ts

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ import {
1717
parseGlimpseCommand,
1818
DEFAULT_TRIGGER,
1919
} from '@git-glimpse/core';
20+
import { checkApiKey } from './api-key-check.js';
2021

2122
function streamCommand(cmd: string, args: string[]): Promise<string> {
2223
return new Promise((resolve, reject) => {
@@ -138,6 +139,16 @@ async function check(): Promise<void> {
138139
});
139140

140141
core.info(`Trigger decision: ${decision.shouldRun ? 'RUN' : 'SKIP'}${decision.reason}`);
142+
143+
const apiKeyCheck = checkApiKey(process.env['ANTHROPIC_API_KEY'], decision.shouldRun);
144+
if (apiKeyCheck.action === 'fail') {
145+
core.setFailed(apiKeyCheck.message);
146+
return;
147+
}
148+
if (apiKeyCheck.action === 'warn') {
149+
core.warning(apiKeyCheck.message);
150+
}
151+
141152
core.setOutput('should-run', String(decision.shouldRun));
142153
}
143154

packages/action/src/index.ts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ import {
1414
type GitGlimpseConfig,
1515
} from '@git-glimpse/core';
1616
import { resolveBaseUrl } from './resolve-base-url.js';
17+
import { checkApiKey } from './api-key-check.js';
1718

1819
function streamCommand(cmd: string, args: string[]): Promise<string> {
1920
return new Promise((resolve, reject) => {
@@ -38,6 +39,12 @@ async function run(): Promise<void> {
3839
return;
3940
}
4041

42+
const apiKeyCheck = checkApiKey(process.env['ANTHROPIC_API_KEY'], true);
43+
if (apiKeyCheck.action === 'fail') {
44+
core.setFailed(apiKeyCheck.message);
45+
return;
46+
}
47+
4148
const eventName = context.eventName;
4249
if (eventName !== 'pull_request' && eventName !== 'issue_comment') {
4350
core.info(`git-glimpse does not handle '${eventName}' events. Skipping.`);

tests/unit/api-key-check.test.ts

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
import { describe, it, expect } from 'vitest';
2+
import { checkApiKey } from '../../packages/action/src/api-key-check.js';
3+
4+
describe('checkApiKey', () => {
5+
it('returns ok when key is present', () => {
6+
expect(checkApiKey('sk-ant-123', true)).toEqual({ action: 'ok' });
7+
expect(checkApiKey('sk-ant-123', false)).toEqual({ action: 'ok' });
8+
});
9+
10+
it('returns fail when key is missing and pipeline will run', () => {
11+
const result = checkApiKey(undefined, true);
12+
expect(result.action).toBe('fail');
13+
expect((result as { action: 'fail'; message: string }).message).toMatch(/ANTHROPIC_API_KEY/);
14+
expect((result as { action: 'fail'; message: string }).message).toMatch(/secrets\.ANTHROPIC_API_KEY/);
15+
});
16+
17+
it('returns warn when key is missing but pipeline will not run', () => {
18+
const result = checkApiKey(undefined, false);
19+
expect(result.action).toBe('warn');
20+
expect((result as { action: 'warn'; message: string }).message).toMatch(/ANTHROPIC_API_KEY/);
21+
});
22+
});

0 commit comments

Comments
 (0)