blackroad-os/br-os
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix workflow: use secrets check, jq for safe JSON, and proper URL

Browse Source 
Co-authored-by: blackboxprogramming <118287761+blackboxprogramming@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-11-24 23:20:59 +00:00
parent 56b3aa6369
commit 3a88659435
1 changed files with 26 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
.github/workflows/spawn-runner.yml vendored
View File

@@ -51,25 +51,32 @@ jobs:
echo "Awaiting approval from: @${{ inputs.awaiting_approval }}" echo "Awaiting approval from: @${{ inputs.awaiting_approval }}"
- name: 📢 Notify Discord/Slack - name: 📢 Notify Discord/Slack
if: ${{ env.LUCIDIA_WEBHOOK != '' }} if: ${{ secrets.LUCIDIA_WEBHOOK != '' }}
env: env:
LUCIDIA_WEBHOOK: ${{ secrets.LUCIDIA_WEBHOOK }} LUCIDIA_WEBHOOK: ${{ secrets.LUCIDIA_WEBHOOK }}
PR_URL: ${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.number }}
AGENT_NAME: ${{ inputs.agent_name }}
PURPOSE: ${{ inputs.purpose }}
SUMMARY: ${{ inputs.summary }}
TTL: ${{ inputs.ttl }}
AWAITING_APPROVAL: ${{ inputs.awaiting_approval }}
run: | run: |
if [ -n "$LUCIDIA_WEBHOOK" ]; then # Build JSON payload safely using jq to prevent shell injection
MESSAGE="🚀 Lucidia has opened a new auto-generated PR:\n🔗 ${PR_URL}\n🧬 Agent: ${AGENT_NAME}\n📦 Purpose: ${PURPOSE}\n💬 Summary: ${SUMMARY}\n⏱ TTL: ${TTL}\n👁 Awaiting approval from @${AWAITING_APPROVAL}" REPO_URL="${{ github.server_url }}/${{ github.repository }}"
RUN_URL="${REPO_URL}/actions/runs/${{ github.run_id }}"
MESSAGE=$(cat <<EOF
🚀 Lucidia has spawned a new agent!
🔗 Run: ${RUN_URL}
🧬 Agent: ${{ inputs.agent_name }}
📦 Purpose: ${{ inputs.purpose }}
💬 Summary: ${{ inputs.summary }}
⏱️ TTL: ${{ inputs.ttl }}
👁️ Awaiting approval from @${{ inputs.awaiting_approval }}
EOF
)
# Use jq to safely construct JSON payload
PAYLOAD=$(jq -n --arg content "$MESSAGE" --arg text "$MESSAGE" \
'{content: $content, text: $text}')
curl -X POST \ curl -X POST \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d "{\"content\": \"${MESSAGE}\", \"text\": \"${MESSAGE}\"}" \ -d "$PAYLOAD" \
"$LUCIDIA_WEBHOOK" "$LUCIDIA_WEBHOOK"
echo "✅ Notification sent to webhook" echo "✅ Notification sent to webhook"
else
echo "⚠️ LUCIDIA_WEBHOOK secret not configured - skipping notification"
fi