From 342147f2283821b3d1c95307e3cd17192a62a87c Mon Sep 17 00:00:00 2001 From: "ana.alves" Date: Tue, 3 Feb 2026 16:34:02 -0300 Subject: [PATCH 1/3] fix: corrige erro 128 no codenarc action por falta de credenciais git --- entrypoint.sh | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 4abe118..a0b4b68 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -90,11 +90,15 @@ run_reviewdog() { generate_git_diff() { if [ -n "$GITHUB_BASE_SHA" ] && [ -n "$GITHUB_HEAD_SHA" ]; then - git fetch origin "$GITHUB_BASE_SHA" --depth=1 >/dev/null 2>&1 || true - git fetch origin "$GITHUB_HEAD_SHA" --depth=1 >/dev/null 2>&1 || true - git diff -U0 "$GITHUB_BASE_SHA" "$GITHUB_HEAD_SHA" -- '*.groovy' + if git cat-file -e "$GITHUB_BASE_SHA" 2>/dev/null && git cat-file -e "$GITHUB_HEAD_SHA" 2>/dev/null; then + git diff -U0 "$GITHUB_BASE_SHA" "$GITHUB_HEAD_SHA" -- '*.groovy' 2>&1 + else + git fetch origin "$GITHUB_BASE_SHA" --depth=1 2>&1 || true + git fetch origin "$GITHUB_HEAD_SHA" --depth=1 2>&1 || true + git diff -U0 "$GITHUB_BASE_SHA" "$GITHUB_HEAD_SHA" -- '*.groovy' 2>&1 + fi else - git diff -U0 HEAD~1 -- '*.groovy' + git diff -U0 HEAD~1 -- '*.groovy' 2>&1 fi } @@ -102,8 +106,8 @@ build_changed_lines_cache() { true > "$CHANGED_FILES_CACHE" true > "$CHANGED_LINES_CACHE" - generate_git_diff > "$ALL_DIFF" 2>/dev/null || return - [ ! -s "$ALL_DIFF" ] && return + generate_git_diff > "$ALL_DIFF" 2>&1 + [ ! -s "$ALL_DIFF" ] && return 1 awk ' BEGIN { file = ""; line_num = 0 } @@ -185,12 +189,9 @@ check_blocking_rules() { echo "" echo "⚠️ Analisando se as P1s estão em linhas alteradas..." - build_changed_lines_cache - - if [ ! -s "$ALL_DIFF" ]; then - echo "" - echo "⚠️ Diff vazio: Sem informações de linhas alteradas. Todas as P1s são consideradas bloqueantes." - echo "💡 Corrija as violações ou use um bypass autorizado." + + if ! build_changed_lines_cache || [ ! -s "$ALL_DIFF" ]; then + echo "❌ Não foi possível gerar diff. Todas as P1s serão consideradas bloqueantes." exit 1 fi From d60758f6e9da90c7b1524ed926bb2427fd08771e Mon Sep 17 00:00:00 2001 From: "ana.alves" Date: Tue, 3 Feb 2026 16:55:39 -0300 Subject: [PATCH 2/3] fix: configura autenticacao git no codenarc action para evitar erro 128 --- entrypoint.sh | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index a0b4b68..62cb206 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -90,15 +90,11 @@ run_reviewdog() { generate_git_diff() { if [ -n "$GITHUB_BASE_SHA" ] && [ -n "$GITHUB_HEAD_SHA" ]; then - if git cat-file -e "$GITHUB_BASE_SHA" 2>/dev/null && git cat-file -e "$GITHUB_HEAD_SHA" 2>/dev/null; then - git diff -U0 "$GITHUB_BASE_SHA" "$GITHUB_HEAD_SHA" -- '*.groovy' 2>&1 - else - git fetch origin "$GITHUB_BASE_SHA" --depth=1 2>&1 || true - git fetch origin "$GITHUB_HEAD_SHA" --depth=1 2>&1 || true - git diff -U0 "$GITHUB_BASE_SHA" "$GITHUB_HEAD_SHA" -- '*.groovy' 2>&1 - fi + git fetch origin "$GITHUB_BASE_SHA" --depth=1 >/dev/null 2>&1 || true + git fetch origin "$GITHUB_HEAD_SHA" --depth=1 >/dev/null 2>&1 || true + git diff -U0 "$GITHUB_BASE_SHA" "$GITHUB_HEAD_SHA" -- '*.groovy' else - git diff -U0 HEAD~1 -- '*.groovy' 2>&1 + git diff -U0 HEAD~1 -- '*.groovy' fi } @@ -106,8 +102,8 @@ build_changed_lines_cache() { true > "$CHANGED_FILES_CACHE" true > "$CHANGED_LINES_CACHE" - generate_git_diff > "$ALL_DIFF" 2>&1 - [ ! -s "$ALL_DIFF" ] && return 1 + generate_git_diff > "$ALL_DIFF" 2>/dev/null || return + [ ! -s "$ALL_DIFF" ] && return awk ' BEGIN { file = ""; line_num = 0 } @@ -189,9 +185,12 @@ check_blocking_rules() { echo "" echo "⚠️ Analisando se as P1s estão em linhas alteradas..." - - if ! build_changed_lines_cache || [ ! -s "$ALL_DIFF" ]; then - echo "❌ Não foi possível gerar diff. Todas as P1s serão consideradas bloqueantes." + build_changed_lines_cache + + if [ ! -s "$ALL_DIFF" ]; then + echo "" + echo "⚠️ Diff vazio: Sem informações de linhas alteradas. Todas as P1s são consideradas bloqueantes." + echo "💡 Corrija as violações ou use um bypass autorizado." exit 1 fi @@ -228,6 +227,10 @@ if [ -n "${GITHUB_WORKSPACE}" ]; then git config --global --add safe.directory "$GITHUB_WORKSPACE" fi +if [ -n "${INPUT_GITHUB_TOKEN}" ]; then + git config --global url."https://x-access-token:${INPUT_GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" +fi + export REVIEWDOG_GITHUB_API_TOKEN="${INPUT_GITHUB_TOKEN}" run_codenarc From d8da8edc68a9968394deb669285350ed4e2c9a5f Mon Sep 17 00:00:00 2001 From: "ana.alves" Date: Tue, 3 Feb 2026 17:09:43 -0300 Subject: [PATCH 3/3] security: usa credential helper para evitar exposicao do token em logs --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 62cb206..a142411 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -228,7 +228,7 @@ if [ -n "${GITHUB_WORKSPACE}" ]; then fi if [ -n "${INPUT_GITHUB_TOKEN}" ]; then - git config --global url."https://x-access-token:${INPUT_GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" + git config --global credential.helper '!f() { echo "username=x-access-token"; echo "password=${INPUT_GITHUB_TOKEN}"; }; f' fi export REVIEWDOG_GITHUB_API_TOKEN="${INPUT_GITHUB_TOKEN}"