Add base action

whoisarpit · whoisarpit · commit 28a5e0305794 · 2024-12-04T14:39:31.000+08:00
diff --git a/README.md b/README.md
@@ -0,0 +1,94 @@
+# Patchwork AutoFix Action
+
+This GitHub Action uses [patchwork-cli](https://docs.patched.codes/patchwork/quickstart) to automatically fix code vulnerabilities in your repository using LLMs.
+
+## Features
+
+- Automatically detects vulnerabilities using Semgrep
+- Generates fixes using LLMs (OpenAI, local models, or custom endpoints)
+- Creates pull requests with the fixes
+- Configurable severity and compatibility thresholds
+- Supports custom branch naming and PR behavior
+
+## Usage
+
+```yaml
+name: Security AutoFix
+on:
+  schedule:
+    - cron: "0 0 * * *" # Run daily
+  workflow_dispatch: # Allow manual triggers
+
+jobs:
+  autofix:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: your-username/patchwork-autofix@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+```
+
+## Inputs
+
+### Required
+
+One of the following is required:
+
+- `patched_api_key`: Patched API key for using Patched services ([Get an API key](https://app.patched.codes/api-keys))
+- `openai_api_key`: OpenAI API key for the LLM ([Get an API key](https://platform.openai.com/account/api-keys))
+
+### Optional
+
+- `github_token`: GitHub token for creating pull requests (default: [Automatically set by GitHub](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication))
+- `model`: LLM model to use (default: gpt-3.5-turbo)
+- `client_base_url`: Base URL for the LLM API (default: https://api.openai.com/v1)
+- `vulnerability_limit`: Maximum number of vulnerabilities to fix (default: 10, -1 for no limit)
+- `severity`: Minimum severity level (unknown/note/info/warning/low/medium/error/high/critical)
+- `compatibility`: Minimum compatibility threshold (unknown/low/medium/high)
+- `branch_prefix`: Prefix for the created branch
+- `disable_branch`: Disable creating new branches
+- `disable_pr`: Disable creating pull requests
+- `force_pr_creation`: Force push commits to existing PR
+
+## Examples
+
+### Basic Usage
+
+```yaml
+- uses: your-username/patchwork-autofix@v1
+  with:
+    github_token: ${{ secrets.GITHUB_TOKEN }}
+    openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+```
+
+### Using Custom Model
+
+```yaml
+- uses: your-username/patchwork-autofix@v1
+  with:
+    github_token: ${{ secrets.GITHUB_TOKEN }}
+    openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+    model: "gpt-4"
+    client_base_url: "https://api.openai.com/v1"
+```
+
+### High Severity Only
+
+```yaml
+- uses: your-username/patchwork-autofix@v1
+  with:
+    github_token: ${{ secrets.GITHUB_TOKEN }}
+    openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+    severity: "high"
+    vulnerability_limit: 5
+```
+
+## License
+
+MIT
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
diff --git a/action.yml b/action.yml
@@ -0,0 +1,90 @@
+name: 'Patchwork AutoFix'
+description: 'Run Autofix patchflow using patchwork-cli to automatically fix code vulnerabilities'
+branding:
+  icon: 'shield'
+  color: 'green'
+author: '@patched-codes'
+
+inputs:
+  github_token:
+    description: 'GitHub token for creating pull requests'
+    required: false
+    default: '${{ secrets.GITHUB_TOKEN }}'
+  openai_api_key:
+    description: 'OpenAI API key for the LLM'
+    required: false
+  patched_api_key:
+    description: 'Patched API key for using Patched services'
+    required: false
+  model:
+    description: 'LLM model to use (default: gpt-3.5-turbo)'
+    required: false
+    default: 'gpt-3.5-turbo'
+  client_base_url:
+    description: 'Base URL for the LLM API (default: https://api.openai.com/v1)'
+    required: false
+    default: 'https://api.openai.com/v1'
+  vulnerability_limit:
+    description: 'Maximum number of vulnerabilities to fix (default: 10, -1 for no limit)'
+    required: false
+    default: '10'
+  severity:
+    description: 'Minimum severity level of vulnerabilities to fix (unknown/note/info/warning/low/medium/error/high/critical)'
+    required: false
+    default: 'medium'
+  compatibility:
+    description: 'Minimum compatibility threshold for fixes (unknown/low/medium/high)'
+    required: false
+    default: 'medium'
+  branch_prefix:
+    description: 'Prefix for the created branch'
+    required: false
+    default: 'autofix'
+  disable_branch:
+    description: 'Disable creating new branches'
+    required: false
+    default: 'false'
+  disable_pr:
+    description: 'Disable creating pull requests'
+    required: false
+    default: 'false'
+  force_pr_creation:
+    description: 'Force push commits to existing PR'
+    required: false
+    default: 'false'
+
+outputs:
+  pr_url:
+    description: 'URL of the created pull request'
+    value: '${{ steps.autofix.outputs.pr_url }}'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.x'
+
+    - name: Install dependencies
+      shell: bash
+      run: |
+        python -m pip install --upgrade pip
+        pip install 'patchwork-cli[security]'
+
+    - name: Run Autofix
+      shell: bash
+      run: |
+        patchwork AutoFix \
+          github_api_key=${{ inputs.github_token }} \
+          ${inputs.openai_api_key:+"openai_api_key=${{ inputs.openai_api_key }}"} \
+          ${inputs.patched_api_key:+"patched_api_key=${{ inputs.patched_api_key }}"} \
+          model=${{ inputs.model }} \
+          client_base_url=${{ inputs.client_base_url }} \
+          vulnerability_limit=${{ inputs.vulnerability_limit }} \
+          severity=${{ inputs.severity }} \
+          compatibility=${{ inputs.compatibility }} \
+          branch_prefix=${{ inputs.branch_prefix }} \
+          disable_branch=${{ inputs.disable_branch }} \
+          disable_pr=${{ inputs.disable_pr }} \
+          force_pr_creation=${{ inputs.force_pr_creation }}
