Add Data, Container, and Processor classes for data management #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Copilot PII Review | |
| on: | |
| pull_request: | |
| types: [opened, reopened, ready_for_review, synchronize] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| copilot_pii_review: | |
| name: Copilot PII Review | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| - name: Compute diff and changed files | |
| id: diff | |
| run: | | |
| BASE_SHA="${{ github.event.pull_request.base.sha }}" | |
| HEAD_SHA="${{ github.event.pull_request.head.sha }}" | |
| git diff --name-only "$BASE_SHA" "$HEAD_SHA" > changed_files.txt | |
| git diff --unified=3 "$BASE_SHA" "$HEAD_SHA" > diff.patch | |
| if [ ! -s changed_files.txt ]; then | |
| echo "no_changes=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "no_changes=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Install Copilot CLI | |
| if: steps.diff.outputs.no_changes == 'false' | |
| run: | | |
| npm install -g @github/copilot | |
| copilot --version | |
| - name: Run Copilot PII review | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.COPILOT_CLI_PAT }} | |
| if: steps.diff.outputs.no_changes == 'false' | |
| run: | | |
| if [ -z "$GITHUB_TOKEN" ]; then | |
| echo "GITHUB_TOKEN secret is not configured." >&2 | |
| exit 1 | |
| fi | |
| printf 'GITHUB_TOKEN is set: ${{secrets.COPILOT_CLI_PAT}}' | |
| HEADER="You are a professional security expert specializing in PII (Personally Identifiable Information) detection. The current working directory is a Git repository undergoing a Pull Request code review." | |
| REVIEW_REQUIREMENTS="**Review Task**: | |
| Analyze the provided code diff for potential PII exposure and privacy concerns. | |
| **Changed Files**: $(cat changed_files.txt | tr '\n' ', ' | sed 's/,$//') | |
| **Review Requirements**: | |
| Please focus on the following PII-related aspects and provide a detailed security review: | |
| 1. Direct PII exposure (names, emails, phone numbers, addresses, SSN, credit card numbers, etc.) | |
| 2. Indirect PII that could identify individuals when combined | |
| 3. Hardcoded credentials, API keys, or tokens | |
| 4. Logging or printing of sensitive user data | |
| 5. Insufficient data masking or anonymization | |
| 6. PII stored in comments, test data, or configuration files | |
| 7. Potential GDPR, CCPA, or other privacy regulation violations" | |
| RULES="**Output Format Requirements**: | |
| - Output ONLY a GitHub-flavored Markdown table with exactly these columns: File | Concern | Recommendation | Severity | |
| - Every row must reference a real file path from the Changed files list | |
| - Severity must be one of: info, minor, major, critical | |
| - If no PII issues are found, return a single table row with 'All files' in the File column and 'No PII issues found' in the Concern column | |
| - Cite line numbers from the diff using the format L<line> | |
| - Do not wrap the table in backticks or add any prose before or after the table | |
| - Focus on actionable PII-related feedback specific to the diff | |
| **Mandatory Requirements**: | |
| 1. Base your review on the actual diff content provided below | |
| 2. Provide comprehensive PII analysis with specific examples where applicable | |
| 3. Prioritize critical privacy concerns that could lead to data breaches" | |
| DIFF_SECTION="**Unified diff**:\n$(cat diff.patch)" | |
| export COPILOT_PROMPT="$HEADER\n\n$REVIEW_REQUIREMENTS\n\n$RULES\n\n$DIFF_SECTION" | |
| printf '%s\n' "$COPILOT_PROMPT" | |
| copilot -p "$COPILOT_PROMPT" | tee copilot_raw.txt >/dev/null | |
| printf '\n\nRaw Copilot Output:\n%s\n' "$(cat copilot_raw.txt)" | |
| sed -E 's/\x1B\[[0-9;]*[A-Za-z]//g' copilot_raw.txt | tr -d '\r' > raw_review.md | |
| if ! grep -q '|' raw_review.md; then | |
| printf '%s\n' "$REVIEW_TABLE_FALLBACK" > raw_review.md | |
| fi | |
| - name: Format review output | |
| run: | | |
| PR_NUMBER="${{ github.event.pull_request.number }}" | |
| cat > review_result.md <<EOF | |
| 🔒 **GitHub Copilot Automated PII Review** | |
| --- | |
| ### 📋 Summary | |
| This is an automated PII (Personally Identifiable Information) security review generated by GitHub Copilot CLI for pull request #${PR_NUMBER}. | |
| ### 🔍 Review Feedback | |
| $(cat raw_review.md) | |
| --- | |
| This is an automated PII security review. Please use human judgment when evaluating suggestions. | |
| EOF | |
| - name: Post review as PR comment | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh pr comment ${{ github.event.pull_request.number }} --body-file review_result.md | |
| - name: Upload Copilot raw output | |
| if: steps.diff.outputs.no_changes == 'false' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: copilot-review-logs | |
| path: | | |
| copilot_raw.txt | |
| raw_review.md | |
| review_result.md | |
| diff.patch | |
| changed_files.txt |