ci(slash-commands): Fix unauthenticated API call causing null repo/ref (#70997)

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2025-12-19 10:00:34 -05:00 · 2025-12-19 00:04:32 -08:00
parent 3bac06d7e8
commit e800536d85
1 changed files with 30 additions and 8 deletions
--- a/.github/workflows/slash-commands.yml
+++ b/.github/workflows/slash-commands.yml
@@ -8,14 +8,6 @@ jobs:
    if: startsWith(github.event.comment.body, '/')
    runs-on: ubuntu-24.04
    steps:
-      - name: Get PR repo and ref
-        if: ${{ github.event.issue.pull_request }}
-        id: getref
-        run: |
-          pr_info="$(curl ${{ github.event.issue.pull_request.url }})"
-          echo ref="$(echo $pr_info | jq -r '.head.ref')" >> $GITHUB_OUTPUT
-          echo repo="$(echo $pr_info | jq -r '.head.repo.full_name')" >> $GITHUB_OUTPUT
-
      - name: Authenticate as GitHub App
        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        id: get-app-token
@@ -25,6 +17,36 @@ jobs:
          app-id: ${{ secrets.OCTAVIA_BOT_APP_ID }}
          private-key: ${{ secrets.OCTAVIA_BOT_PRIVATE_KEY }}

+      - name: Get PR repo and ref
+        if: ${{ github.event.issue.pull_request }}
+        id: getref
+        env:
+          GH_TOKEN: ${{ steps.get-app-token.outputs.token }}
+          PR_URL: ${{ github.event.issue.pull_request.url }}
+        run: |
+          set -euo pipefail
+          # Fetch PR info with authentication to avoid rate limiting
+          HTTP_CODE=$(curl -sS -w "%{http_code}" -o /tmp/pr_info.json \
+            -H "Authorization: Bearer $GH_TOKEN" \
+            -H "Accept: application/vnd.github+json" \
+            "$PR_URL")
+
+          if [[ "$HTTP_CODE" != "200" ]]; then
+            echo "::error::Failed to fetch PR info: HTTP $HTTP_CODE"
+            cat /tmp/pr_info.json
+            exit 1
+          fi
+
+          # Extract fields with validation (jq -e fails if field is null)
+          REF=$(jq -er '.head.ref' /tmp/pr_info.json)
+          REPO=$(jq -er '.head.repo.full_name' /tmp/pr_info.json)
+
+          # Log parsed values for debugging
+          echo "::notice::Parsed PR metadata - repo: '$REPO', ref: '$REF'"
+
+          echo "ref=$REF" >> $GITHUB_OUTPUT
+          echo "repo=$REPO" >> $GITHUB_OUTPUT
+
      - name: Slash Command Dispatch (Workflow)
        id: scd
        uses: peter-evans/slash-command-dispatch@f996d7b7aae9059759ac55e978cff76d91853301 # v3.0.2