Reverts the following commits:
- f669191 fix: use unique local branch names for PR checkout to avoid conflicts (#931)
- 21e3fe0 Fix PR checkout to support fork PRs (#851)
Simplifies PR branch checkout back to using headRefName directly instead
of the pr-{number} local branch naming scheme introduced in #931 and the
GitHub pull ref fetch approach introduced in #851.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The previous implementation used the PR's original branch name when
fetching, which could conflict with existing local or remote branches
of the same name. This caused checkout failures for PRs with common
branch names like 'main' or 'feature/xyz'.
Changes:
- Use 'pr-{number}' format for local branch names (e.g., pr-385)
- Preserve original branch name for logging purposes
- Add detailed logging showing original -> local branch mapping
This ensures uniqueness since PR numbers are unique per repository,
while maintaining support for both same-repo and fork PRs via
GitHub's pull/{number}/head refs.
Fixes the issue introduced in #851 where fork PR support was added.
Co-authored-by: Yi-Cheng Wang <yicheng.wang@heph-ai.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Use GitHub's PR refs (pull/NUMBER/head) instead of fetching branch
by name. This works for both same-repo and fork PRs because GitHub
automatically creates these refs in the base repository for all PRs.
The branch name doesn't exist on origin for fork PRs, causing:
fatal: couldn't find remote ref <branch-name>
Using pull/${entityNumber}/head:${branchName} fetches the PR head
and creates a local branch with the correct name.
Fixes issues with tag mode failing on fork PRs.
* refactor: unify action into single composite step with run.ts entrypoint
Consolidate the prepare and base-action phases into a single composite
step that runs src/entrypoints/run.ts. This simplifies the action.yml
from multiple steps to one execution step, while keeping the same
behavior.
Key changes:
- Add src/entrypoints/run.ts as unified entrypoint
- Simplify action.yml to single 'Run Claude Code Action' step
- Pass all inputs via environment variables
- Update base-action to accept inputs via env vars
- Support agent mode auto-detection from prompt input
* refactor: keep SSH signing cleanup and token revocation as separate action steps
Move SSH signing key cleanup and app token revocation back to separate
composite action steps in action.yml with always() conditions, rather
than handling them inside run.ts. This keeps these cleanup concerns
as independently visible steps in the workflow.
* fix: address PR review feedback
- Use path.dirname() instead of manual string slicing for executable path
- Differentiate prepare vs execution errors in catch block so tracking
comment accurately reflects which phase failed
- Update CLAUDE.md architecture docs to reflect unified run.ts entrypoint
and four-phase design
* fix: address PR review feedback
- Use path.dirname() instead of manual string slicing for executable path
- Differentiate prepare vs execution errors in catch block so tracking
comment accurately reflects which phase failed
- Rewrite CLAUDE.md to focus on mental model, key concepts, and gotchas
instead of exhaustive file listings
* Add branch-name-template config option
* Logging
* Use branch name template
* Add label to template variables
* Add description template variable
* More concise description for branch_name_template
* Remove more granular time template variables
* Only fetch first label
* Add check for empty template-generated name
* Clean up comments, docstrings
* Merge createBranchTemplateVariables into generateBranchName
* Still replace undefined values
* Fall back to default on duplicate branch
* Parameterize description wordcount
* Remove some over-explanatory comments
* NUM_DESCRIPTION_WORDS: 3 -> 5
* fix: Prevent command injection in branch operations
Replace Bun shell template literals with Node.js execFileSync to prevent
command injection attacks via malicious branch names. Branch names from
PR data (headRefName) are now validated against a strict whitelist pattern
before use in git commands.
Changes:
- Add validateBranchName() function with strict character whitelist
- Replace $`git ...` shell templates with execGit() using execFileSync
- Validate all branch names before use in git operations
* fix: Address review comments for branch validation security
- Enhanced execGit JSDoc to explain security benefits of execFileSync
- Added comprehensive branch name validation:
- Leading dash check (prevents option injection)
- Control characters and special git characters (~^:?*[\])
- Leading/trailing period checks
- Trailing slash and consecutive slash checks
- Added -- separator to git checkout commands
- Added 30 unit tests for validateBranchName covering:
- Valid branch names
- Command injection attempts
- Option injection attempts
- Path traversal attempts
- Git-specific invalid patterns
- Control characters and edge cases
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Fix bug where base_branch parameter was not being respected
- Add git fetch and checkout of source branch before creating new branch
- Ensures new branches are created from specified base_branch instead of current HEAD
- Fixes issue #268🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* refactor: update branch naming convention for Kubernetes compatibility
- Changed timestamp format in branch names to a shorter, Kubernetes-compatible style (lowercase, hyphens only).
- Updated related tests to reflect new branch name format.
- Ensured branch names are limited to a maximum of 50 characters to comply with Kubernetes naming requirements.
* refactor: clean up timestamp formatting in branch naming logic
- Removed unnecessary whitespace and standardized string formatting for the Kubernetes-compatible timestamp in branch names.
- Ensured consistency in the use of double quotes for string literals.
* feat: defer remote branch creation until first commit
- For commit signing: branches are created remotely by github-file-ops-server on first commit
- For non-signing: branches are created locally with 'git checkout -b' and pushed when needed
- Consolidated duplicate branch creation logic in github-file-ops-server into a shared helper function
- Claude is unaware of these implementation details and simply sees it's on the correct branch
- No branch links are shown in initial comments since branches don't exist remotely yet
* fix: prevent broken branch links in final comment update
- Check if branch exists remotely before adding branch link
- Only add branch links for branches that actually exist on GitHub
- Add test coverage for non-existent remote branches
- Fixes issue where users would see broken branch links for local-only branches
* fix: don't show branch name in comment header when branch doesn't exist remotely
- Only pass branchName to updateCommentBody when branchLink exists
- Prevents showing branch names for branches that only exist locally
- Add test to verify branch name is not shown when branch doesn't exist
* tmp
* feat: add base_branch input to specify source branch for new Claude branches
- Add base_branch input parameter to action.yml allowing users to specify which branch to use as source
- Update setupBranch function to accept and use the base branch parameter
- Defaults to repository default branch if no base branch is specified
- Addresses issue #62 for better branch control
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
* perf: optimize setupBranch to avoid unnecessary default branch fetch
Only fetch repository default branch when actually needed:
- Skip initial fetch when baseBranch is provided
- Fetch default branch at end only for return value and GitHub Actions output
- Eliminates unnecessary API call when users specify base branch
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
* fix: properly handle base branch throughout the action workflow
- Fix TypeScript error where defaultBranch was used before being assigned
- Replace DEFAULT_BRANCH with BASE_BRANCH in subsequent workflow steps
- Update PR creation and branch comparison to use the actual base branch
- Ensure custom base_branch input is respected in all operations
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: move BASE_BRANCH env reading into parseGitHubContext
- Move BASE_BRANCH environment variable reading into parseGitHubContext for consistency
- Update setupBranch to use context.inputs.baseBranch instead of process.env
- Fix test descriptions to correctly reference BASE_BRANCH instead of DEFAULT_BRANCH
- Update test environment setup to use BASE_BRANCH
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
* Add shallow fetch to improve performance for large repositories
This change adds `--depth=1` to git fetch operations to perform shallow
fetches instead of full history downloads. This significantly reduces
checkout time for large repositories as reported in issue #52.
Changes:
- Line 55: Added --depth=1 to PR branch fetch
- Line 102: Added --depth=1 to new branch fetch
Fixes#52
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
* fetch 50 commits for PRs
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
