Skip to content

feat: harden GitHub Action execution#7

Merged
brandonwise merged 1 commit into
mainfrom
auto/pm-presence-20260515
May 16, 2026
Merged

feat: harden GitHub Action execution#7
brandonwise merged 1 commit into
mainfrom
auto/pm-presence-20260515

Conversation

@brandonwise
Copy link
Copy Markdown
Owner

@brandonwise brandonwise commented May 16, 2026

Summary

  • harden the composite GitHub Action by moving install/scan logic into tested Bash scripts that use arrays instead of string-concatenated args
  • add install-mode: source so the action can build the checked-out repo for PR/self-test workflows
  • add an action-smoke CI job plus a local smoke test that proves paths and output files with spaces work end to end
  • document the composite action path and the new source install mode in the README

Why

The old action built a single shell string (agentwise $ARGS), which breaks on paths with spaces and is a bad pattern in a security-focused repo. This change makes the action safer, reproducible, and self-testable before release.

Validation

  • cargo fmt --all -- --check β€” PASS
  • cargo clippy --all-targets -- -D warnings β€” PASS
  • cargo test --all-targets β€” PASS (217 unit + 38 integration)
  • cargo build --release β€” PASS
  • bash tests/action_smoke.sh β€” PASS
  • bash -n scripts/action-install.sh scripts/action-scan.sh tests/action_smoke.sh β€” PASS
  • node /Users/bwise/.openclaw/workspace/projects/humanizer/src/cli.js score README.md β€” PASS (36/100)

@brandonwise brandonwise merged commit 39d2b4d into main May 16, 2026
9 checks passed
@brandonwise brandonwise deleted the auto/pm-presence-20260515 branch May 16, 2026 01:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brandonwise