Bump the actions group with 2 updates #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # On-Demand AI Assistant for Issues and PRs (Secure) | |
| # Triggered by @gemini-cli mentions in comments | |
| name: Gemini AI Assistant (Secure) | |
| on: | |
| issue_comment: | |
| types: [created] | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| ai-assistant: | |
| name: AI Assistant Response | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.issue.state == 'open' && | |
| contains(github.event.comment.body, '@gemini-cli') | |
| steps: | |
| - name: Checkout code (Safe - base branch only) | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| # SECURITY: Never checkout PR head for comment-triggered workflows | |
| - name: Extract AI Command (Secure) | |
| id: extract-command | |
| env: | |
| # SECURITY: Use environment variable to prevent code injection | |
| COMMENT_BODY: ${{ github.event.comment.body }} | |
| run: | | |
| # SECURITY: Use environment variable instead of direct interpolation | |
| # Extract everything after @gemini-cli safely | |
| COMMAND=$(echo "$COMMENT_BODY" | sed -n 's/.*@gemini-cli \(.*\)/\1/p' | head -1) | |
| # Sanitize the command to prevent injection | |
| # Remove potentially dangerous characters | |
| CLEAN_COMMAND=$(echo "$COMMAND" | tr -cd '[:alnum:][:space:]._-' | head -c 200) | |
| echo "command=$CLEAN_COMMAND" >> $GITHUB_OUTPUT | |
| echo "Extracted command: $CLEAN_COMMAND" | |
| - name: Get PR context safely (if applicable) | |
| id: pr-context | |
| if: github.event.issue.pull_request | |
| env: | |
| # SECURITY: Use environment variable for safe access | |
| PR_NUMBER: ${{ github.event.issue.number }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # SECURITY: Use GitHub API to get PR info without checkout | |
| # Validate PR number is numeric only | |
| if [[ ! "$PR_NUMBER" =~ ^[0-9]+$ ]]; then | |
| echo "Invalid PR number format" | |
| exit 1 | |
| fi | |
| # Get PR information safely via API | |
| curl -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER" \ | |
| > pr_info.json | |
| # Extract safe metadata | |
| BASE_SHA=$(jq -r '.base.sha' pr_info.json) | |
| HEAD_SHA=$(jq -r '.head.sha' pr_info.json) | |
| # Validate SHA format (40 character hex) | |
| if [[ ! "$BASE_SHA" =~ ^[a-f0-9]{40}$ ]] || [[ ! "$HEAD_SHA" =~ ^[a-f0-9]{40}$ ]]; then | |
| echo "Invalid SHA format" | |
| exit 1 | |
| fi | |
| # Get diff via API (no checkout needed) | |
| curl -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3.diff" \ | |
| "https://api.github.com/repos/${{ github.repository }}/compare/$BASE_SHA..$HEAD_SHA" \ | |
| > pr_diff.txt | |
| echo "pr-available=true" >> $GITHUB_OUTPUT | |
| - name: Run Gemini AI Assistant | |
| env: | |
| # SECURITY: Use environment variables for safe handling | |
| GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} | |
| USER_COMMAND: ${{ steps.extract-command.outputs.command }} | |
| ISSUE_TITLE: ${{ github.event.issue.title }} | |
| ISSUE_NUMBER: ${{ github.event.issue.number }} | |
| ISSUE_AUTHOR: ${{ github.event.issue.user.login }} | |
| IS_PR: ${{ github.event.issue.pull_request && 'Pull Request' || 'Issue' }} | |
| run: | | |
| npx @google/gemini-cli@latest --prompt " | |
| You are an expert WordPress plugin development assistant for the \"Simple WP Site Exporter\" plugin. | |
| CONTEXT: | |
| - Repository: WordPress site export plugin for complete site backups | |
| - WordPress 6.5+, PHP 7.4+ | |
| - Exports files and database as secure ZIP archives | |
| - Features automatic cleanup and secure file handling | |
| USER REQUEST: \"$USER_COMMAND\" | |
| ISSUE/PR CONTEXT: | |
| - Type: $IS_PR | |
| - Title: \"$ISSUE_TITLE\" | |
| - Number: #$ISSUE_NUMBER | |
| - Author: @$ISSUE_AUTHOR | |
| RESPONSE GUIDELINES: | |
| 📋 For Code Analysis Requests: | |
| - Review code for WordPress standards compliance | |
| - Check for security vulnerabilities (especially file security) | |
| - Suggest performance improvements for export operations | |
| - Provide specific, actionable recommendations | |
| 🔧 For Implementation Help: | |
| - Provide WordPress-specific solutions | |
| - Include proper error handling | |
| - Follow plugin coding standards | |
| - Reference WordPress Codex when helpful | |
| - Focus on secure file operations | |
| 🐛 For Bug Investigation: | |
| - Analyze potential root causes | |
| - Suggest debugging approaches for export issues | |
| - Recommend testing strategies | |
| - Consider WordPress environment factors | |
| - Check file permission and security aspects | |
| ✨ For Feature Requests: | |
| - Evaluate WordPress compatibility | |
| - Consider performance implications for file operations | |
| - Suggest implementation approaches | |
| - Identify potential security concerns | |
| 📚 For Documentation: | |
| - Provide clear, actionable information | |
| - Include relevant code examples | |
| - Reference WordPress documentation | |
| - Consider user experience impact | |
| - Include security best practices | |
| SECURITY NOTICE: This analysis is performed safely without accessing untrusted code. | |
| Always be helpful, specific, and focus on WordPress best practices. | |
| If you need more information to provide a complete answer, ask clarifying questions. | |
| " > assistant-response.txt | |
| - name: Post AI Assistant Response | |
| uses: actions/github-script@v7 | |
| env: | |
| # SECURITY: Use environment variables for safe handling | |
| COMMENT_USER: ${{ github.event.comment.user.login }} | |
| USER_COMMAND: ${{ steps.extract-command.outputs.command }} | |
| ISSUE_NUMBER: ${{ github.event.issue.number }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const fs = require('fs'); | |
| const commentUser = process.env.COMMENT_USER; | |
| const userCommand = process.env.USER_COMMAND; | |
| const issueNumber = process.env.ISSUE_NUMBER; | |
| // SECURITY: Validate inputs | |
| if (!commentUser || !userCommand) { | |
| throw new Error('Missing required environment variables'); | |
| } | |
| let assistantResponse = 'No response generated.'; | |
| try { | |
| if (fs.existsSync('assistant-response.txt')) { | |
| assistantResponse = fs.readFileSync('assistant-response.txt', 'utf8'); | |
| } | |
| } catch (error) { | |
| console.log('Error reading assistant response file:', error); | |
| assistantResponse = 'Error reading AI assistant response.'; | |
| } | |
| const aiResponse = ` | |
| ## 🤖 AI WordPress Assistant Response | |
| Hi @${commentUser}! I've analyzed your request: **"${userCommand}"** | |
| ### 📝 Expert Analysis & Recommendations | |
| ${assistantResponse} | |
| --- | |
| ### 🔗 Helpful Resources | |
| - [WordPress Plugin Developer Handbook](https://developer.wordpress.org/plugins/) | |
| - [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/) | |
| - [Plugin Security Guidelines](https://developer.wordpress.org/plugins/security/) | |
| - [WooCommerce Developer Documentation](https://woocommerce.com/document/create-a-plugin/) | |
| - [WordPress File Security](https://developer.wordpress.org/plugins/security/securing-file-operations/) | |
| - [WordPress Export Best Practices](https://developer.wordpress.org/plugins/cron/) | |
| ### 💡 Available Commands | |
| Try these commands with @gemini-cli: | |
| - \`@gemini-cli review this code\` - Code review and analysis | |
| - \`@gemini-cli suggest improvements\` - Performance and structure suggestions | |
| - \`@gemini-cli check security\` - Security vulnerability analysis | |
| - \`@gemini-cli explain this function\` - Code explanation and documentation | |
| - \`@gemini-cli write tests for X\` - Test implementation guidance | |
| - \`@gemini-cli debug this issue\` - Bug investigation and resolution | |
| - \`@gemini-cli optimize exports\` - Export performance optimization | |
| - \`@gemini-cli secure file handling\` - File security best practices | |
| > 🔄 **Note:** This is an AI-generated response for Simple WP Site Exporter (latest version) Please review suggestions carefully and test thoroughly. | |
| **Analysis Date:** ${new Date().toISOString()} | |
| `; | |
| await github.rest.issues.createComment({ | |
| issue_number: issueNumber, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: aiResponse | |
| }); |