fix(ingest): Scope git operations and add curl timeouts in open-pr.sh

This commit is contained in:
Matteo Cherubini 2026-06-05 09:59:18 +02:00
parent 00fb74c76a
commit 3272450ec5

View file

@ -39,11 +39,13 @@ repo="$(basename -s .git "$(git config --get remote.origin.url)")"
# 1. Branch + commit + push (AGENTS.md rule 5: never commit to main)
git switch -c "$branch" 2>/dev/null || git switch "$branch"
git add wiki/
if git diff --cached --quiet; then
# Scope BOTH the emptiness check and the commit to wiki/ — never commit anything that
# happened to be staged outside wiki/ (a stray hook, an aborted prior run, etc.).
if git diff --cached --quiet -- wiki/; then
echo "open-pr: nothing staged under wiki/ — aborting" >&2
exit 1
fi
git commit -m "$title"
git commit -m "$title" -- wiki/
git push -u origin "$branch"
# DRY_RUN: local git work done; skip the Forgejo API (offline tests).
@ -53,19 +55,23 @@ if [[ -n "${DRY_RUN:-}" ]]; then
fi
# 2. Open the PR via Forgejo API (jq builds the JSON safely)
# TODO: Forgejo-only. When registry.sh/globals.env sets PROVIDER=github, branch on
# $PROVIDER here and delegate to providers/github.sh (same token + http_code contract).
body="$(cat "$body_file")"
payload="$(jq -n --arg head "$branch" --arg base "$base" \
--arg title "$title" --arg body "$body" \
'{head:$head, base:$base, title:$title, body:$body}')"
resp="$(curl -s -w '\n%{http_code}' \
resp="$(curl --max-time 30 -s -w '\n%{http_code}' \
-H "Authorization: token ${FORGEJO_TOKEN}" \
-H "Content-Type: application/json" \
-X POST "${FORGEJO_URL}/api/v1/repos/${FORGEJO_USER}/${repo}/pulls" \
-d "$payload")"
code="$(printf '%s' "$resp" | tail -n1)"
json="$(printf '%s' "$resp" | sed '$d')"
# curl -w appends '\n<code>' AFTER the body, so the code is always the final line and the
# body is everything before it. Parameter expansion (no subshells), robust to multi-line JSON.
code="${resp##*$'\n'}"
json="${resp%$'\n'*}"
case "$code" in
201)
@ -89,11 +95,11 @@ esac
# 3. Optional label (e.g. CONFLICT). Best-effort; non-fatal.
if [[ -n "$label" && -n "${number:-}" ]]; then
label_id="$(curl -s -H "Authorization: token ${FORGEJO_TOKEN}" \
label_id="$(curl --max-time 15 -s -H "Authorization: token ${FORGEJO_TOKEN}" \
"${FORGEJO_URL}/api/v1/repos/${FORGEJO_USER}/${repo}/labels" \
| jq -r --arg n "$label" '.[] | select(.name==$n) | .id' | head -n1)"
if [[ -n "$label_id" && "$label_id" != "null" ]]; then
curl -s -o /dev/null \
curl --max-time 15 -s -o /dev/null \
-H "Authorization: token ${FORGEJO_TOKEN}" -H "Content-Type: application/json" \
-X POST "${FORGEJO_URL}/api/v1/repos/${FORGEJO_USER}/${repo}/issues/${number}/labels" \
-d "{\"labels\":[${label_id}]}" \