space/gitea-codex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[fix]. Harden fork PR fetch + config marker
All checks were successful
ci / test (pull_request) Successful in 33s
Details
ci / publish (pull_request) Has been skipped
Details

Browse Source
This commit is contained in:
Space-Banane
2026-05-23 13:57:51 +02:00
parent c3925f37e1
commit 01e10abc71
5 changed files with 54 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/gitea_codex_bot/services/gitea.py
View File

@@ -21,6 +21,8 @@ class PullRequestContext:
clone_url: str
html_url: str
is_fork: bool
base_clone_url: str | None = None
head_clone_url: str | None = None
class GiteaClient:
@@ -56,6 +58,8 @@ class GiteaClient:
encoded_owner = quote(owner, safe="")
encoded_name = quote(name, safe="")
payload = self._request("GET", f"/api/v1/repos/{encoded_owner}/{encoded_name}/pulls/{pr_number}")
base_clone_url = payload["base"]["repo"]["clone_url"]
head_clone_url = payload["head"]["repo"]["clone_url"]
return PullRequestContext(
repo=repo,
pr_number=pr_number,
@@ -63,7 +67,9 @@ class GiteaClient:
base_sha=payload["base"]["sha"],
head_ref=payload["head"]["ref"],
head_sha=payload["head"]["sha"],
clone_url=payload["head"]["repo"]["clone_url"],
clone_url=head_clone_url,
base_clone_url=base_clone_url,
head_clone_url=head_clone_url,
html_url=payload["html_url"],
is_fork=bool(payload["head"]["repo"]["full_name"] != payload["base"]["repo"]["full_name"]),
)

2
src/gitea_codex_bot/services/review_format.py
View File

@@ -41,6 +41,8 @@ def format_result_comment(head_sha: str, result: dict, *, repo_configured: bool
body = markdown_comment.strip()
if usage_note:
body = f"{body}\n\n{usage_note}"
if missing_config_note:
body = f"{body}\n\n{missing_config_note}"
return _inject_head_sha_marker(head_sha, body)
verdict = result.get("verdict", "has_issues")

12
src/gitea_codex_bot/workers/container_runner.py
View File

@@ -152,7 +152,17 @@ def _build_install_and_run_command(
'auth_b64="$(printf "%s" "${GITEA_GIT_USERNAME}:${GITEA_TOKEN}" | base64 | tr -d \'\\n\')"',
f'git -c http.extraHeader="Authorization: Basic $auth_b64" clone --no-tags --depth 80 {shlex.quote(pr.clone_url)} /work/repo',
"cd /work/repo",
f'git -c http.extraHeader="Authorization: Basic $auth_b64" fetch --no-tags origin {shlex.quote(pr.base_ref)} {shlex.quote(pr.head_ref)}',
"fetch_required() { "
"remote=\"$1\"; ref=\"$2\"; sha=\"$3\"; label=\"$4\"; "
"if git -c http.extraHeader=\"Authorization: Basic $auth_b64\" fetch --no-tags \"$remote\" \"$ref\"; then return 0; fi; "
"if git -c http.extraHeader=\"Authorization: Basic $auth_b64\" fetch --no-tags \"$remote\" \"$sha\"; then return 0; fi; "
"echo \"Failed to fetch $label from remote '$remote' using ref '$ref' or sha '$sha'\" >&2; "
"return 7; "
"}",
f"base_remote={'upstream' if pr.base_clone_url and pr.base_clone_url != pr.clone_url else 'origin'}",
f"if [ \"$base_remote\" = \"upstream\" ]; then git remote add upstream {shlex.quote(pr.base_clone_url or '')}; fi",
f"fetch_required origin {shlex.quote(pr.head_ref)} {shlex.quote(pr.head_sha)} head",
f"fetch_required \"$base_remote\" {shlex.quote(pr.base_ref)} {shlex.quote(pr.base_sha)} base",
f"git checkout --detach {shlex.quote(pr.head_sha)}",
'resolved_head="$(git rev-parse HEAD)"',
f'if [ "$resolved_head" != {shlex.quote(pr.head_sha)} ]; then echo "Checked out SHA mismatch: expected {pr.head_sha}, got $resolved_head" >&2; exit 9; fi',