Bump the actions group with 2 updates #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # On-Demand AI Assistant for Issues and PRs (Secure) | |
| # Triggered by @gemini-cli mentions in comments | |
| name: Gemini AI Assistant (Secure) | |
| on: | |
| issue_comment: | |
| types: [created] | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| ai-assistant: | |
| name: AI Assistant Response | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.issue.state == 'open' && | |
| contains(github.event.comment.body, '@gemini-cli') | |
| steps: | |
| - name: Checkout code (Safe - base branch only) | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| # SECURITY: Never checkout PR head for comment-triggered workflows | |
| - name: Extract AI Command (Secure) | |
| id: extract-command | |
| env: | |
| # SECURITY: Use environment variable to prevent code injection | |
| COMMENT_BODY: ${{ github.event.comment.body }} | |
| run: | | |
| # SECURITY: Use environment variable instead of direct interpolation | |
| # Extract everything after @gemini-cli safely | |
| COMMAND=$(echo "$COMMENT_BODY" | sed -n 's/.*@gemini-cli \(.*\)/\1/p' | head -1) | |
| # Sanitize the command to prevent injection | |
| # Remove potentially dangerous characters | |
| CLEAN_COMMAND=$(echo "$COMMAND" | tr -cd '[:alnum:][:space:]._-' | head -c 200) | |
| echo "command=$CLEAN_COMMAND" >> $GITHUB_OUTPUT | |
| echo "Extracted command: $CLEAN_COMMAND" | |
| - name: Get PR context safely (if applicable) | |
| id: pr-context | |
| if: github.event.issue.pull_request | |
| env: | |
| # SECURITY: Use environment variable for safe access | |
| PR_NUMBER: ${{ github.event.issue.number }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # SECURITY: Use GitHub API to get PR info without checkout | |
| # Validate PR number is numeric only | |
| if [[ ! "$PR_NUMBER" =~ ^[0-9]+$ ]]; then | |
| echo "Invalid PR number format" | |
| exit 1 | |
| fi | |
| # Get PR information safely via API | |
| curl -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER" \ | |
| > pr_info.json | |
| # Extract safe metadata | |
| BASE_SHA=$(jq -r '.base.sha' pr_info.json) | |
| HEAD_SHA=$(jq -r '.head.sha' pr_info.json) | |
| # Validate SHA format (40 character hex) | |
| if [[ ! "$BASE_SHA" =~ ^[a-f0-9]{40}$ ]] || [[ ! "$HEAD_SHA" =~ ^[a-f0-9]{40}$ ]]; then | |
| echo "Invalid SHA format" | |
| exit 1 | |
| fi | |
| # Get diff via API (no checkout needed) | |
| curl -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3.diff" \ | |
| "https://api.github.com/repos/${{ github.repository }}/compare/$BASE_SHA..$HEAD_SHA" \ | |
| > pr_diff.txt | |
| echo "pr-available=true" >> $GITHUB_OUTPUT | |
| - name: Run Gemini AI Assistant | |
| env: | |
| # SECURITY: Use environment variables for safe handling | |
| GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} | |
| USER_COMMAND: ${{ steps.extract-command.outputs.command }} | |
| ISSUE_TITLE: ${{ github.event.issue.title }} | |
| ISSUE_NUMBER: ${{ github.event.issue.number }} | |
| ISSUE_AUTHOR: ${{ github.event.issue.user.login }} | |
| IS_PR: ${{ github.event.issue.pull_request && 'Pull Request' || 'Issue' }} | |
| run: | | |
| npx @google/gemini-cli@latest --prompt " | |
| You are an expert WordPress plugin development assistant for the \"Simple WP Optimizer\" plugin. | |
| CONTEXT: | |
| - Repository: WordPress performance optimization plugin | |
| - Removes unnecessary WordPress features and scripts to improve performance | |
| - WordPress 6.5+, PHP 7.4+ | |
| - Features include emoji removal, jQuery migrate removal, header cleanup, DNS prefetch optimization | |
| USER REQUEST: \"$USER_COMMAND\" | |
| ISSUE/PR CONTEXT: | |
| - Type: $IS_PR | |
| - Title: \"$ISSUE_TITLE\" | |
| - Number: #$ISSUE_NUMBER | |
| - Author: @$ISSUE_AUTHOR | |
| RESPONSE GUIDELINES: | |
| 📋 For Code Analysis Requests: | |
| - Review code for WordPress standards compliance | |
| - Check for security vulnerabilities | |
| - Suggest performance improvements | |
| - Provide specific, actionable recommendations | |
| 🔧 For Implementation Help: | |
| - Provide WordPress-specific solutions | |
| - Include proper error handling | |
| - Follow plugin coding standards | |
| - Reference WordPress Codex when helpful | |
| 🐛 For Bug Investigation: | |
| - Analyze potential root causes | |
| - Suggest debugging approaches | |
| - Recommend testing strategies | |
| - Consider WordPress environment factors | |
| ✨ For Feature Requests: | |
| - Evaluate WordPress compatibility | |
| - Consider performance implications | |
| - Suggest implementation approaches | |
| - Identify potential conflicts | |
| 📚 For Documentation: | |
| - Provide clear, actionable information | |
| - Include relevant code examples | |
| - Reference WordPress documentation | |
| - Consider user experience impact | |
| SECURITY NOTICE: This analysis is performed safely without accessing untrusted code. | |
| Always be helpful, specific, and focus on WordPress best practices. | |
| If you need more information to provide a complete answer, ask clarifying questions. | |
| " > assistant-response.txt | |
| - name: Post AI Assistant Response | |
| uses: actions/github-script@v7 | |
| env: | |
| # SECURITY: Use environment variables for safe handling | |
| COMMENT_USER: ${{ github.event.comment.user.login }} | |
| USER_COMMAND: ${{ steps.extract-command.outputs.command }} | |
| ISSUE_NUMBER: ${{ github.event.issue.number }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const fs = require('fs'); | |
| const commentUser = process.env.COMMENT_USER; | |
| const userCommand = process.env.USER_COMMAND; | |
| const issueNumber = process.env.ISSUE_NUMBER; | |
| // SECURITY: Validate inputs | |
| if (!commentUser || !userCommand) { | |
| throw new Error('Missing required environment variables'); | |
| } | |
| let assistantResponse = 'No response generated.'; | |
| try { | |
| if (fs.existsSync('assistant-response.txt')) { | |
| assistantResponse = fs.readFileSync('assistant-response.txt', 'utf8'); | |
| } | |
| } catch (error) { | |
| console.log('Error reading assistant response file:', error); | |
| assistantResponse = 'Error reading AI assistant response.'; | |
| } | |
| const aiResponse = ` | |
| ## 🤖 AI WordPress Assistant Response | |
| Hi @${commentUser}! I've analyzed your request: **"${userCommand}"** | |
| ### 📝 Expert Analysis & Recommendations | |
| ${assistantResponse} | |
| --- | |
| ### 🔗 Helpful Resources | |
| - [WordPress Plugin Developer Handbook](https://developer.wordpress.org/plugins/) | |
| - [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/) | |
| - [Plugin Security Guidelines](https://developer.wordpress.org/plugins/security/) | |
| - [WordPress Performance Optimization](https://developer.wordpress.org/apis/handbook/performance/) | |
| [WooCommerce Developer Documentation](https://woocommerce.com/document/create-a-plugin/) | |
| ### 💡 Available Commands | |
| Try these commands with @gemini-cli: | |
| - \`@gemini-cli review this code\` - Code review and analysis | |
| - \`@gemini-cli suggest improvements\` - Performance and structure suggestions | |
| - \`@gemini-cli check security\` - Security vulnerability analysis | |
| - \`@gemini-cli explain this function\` - Code explanation and documentation | |
| - \`@gemini-cli write tests for X\` - Test implementation guidance | |
| - \`@gemini-cli debug this issue\` - Bug investigation and resolution | |
| > 🔄 **Note:** This is an AI-generated response for Simple WP Optimizer. Please review suggestions carefully and test thoroughly. | |
| **Analysis Date:** ${new Date().toISOString()} | |
| `; | |
| await github.rest.issues.createComment({ | |
| issue_number: issueNumber, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: aiResponse | |
| }); |