fix(setup-js): wrap all sync fs calls in try/catch (eslint-monster remediation)#46102
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
🤖 PR Triage
Score breakdown: Impact 12 + Urgency 8 + Quality 15 Rationale: Wraps 120 unguarded sync
|
This comment has been minimized.
This comment has been minimized.
1 similar comment
|
Hey One thing that would help reviewers gain confidence:
If you'd like a hand, you can assign this prompt to your coding agent:
|
|
@copilot resolve the merge conflicts on this branch. |
There was a problem hiding this comment.
Pull request overview
This PR hardens the JavaScript “setup” action helpers under actions/setup/js/ by wrapping synchronous filesystem operations in try/catch blocks to satisfy the gh-aw-custom/require-fs-sync-try-catch / require-mkdirsync-try-catch ESLint rules and to avoid crashing the action on I/O failures.
Changes:
- Wrapped many
fs.*Synccalls (mkdir/read/write/append) intry/catch, generally rethrowing with more descriptive errors and{ cause: err }. - Adjusted some “best effort” file appends (outputs/logging paths) to fail soft rather than terminate the action.
- Updated the generated
release.lock.ymlmanifest/comment metadata consistent with a recompile.
Show a summary per file
| File | Description |
|---|---|
| actions/setup/js/write_large_content_to_file.cjs | Guard temp dir creation + file write with descriptive errors |
| actions/setup/js/upload_artifact.cjs | Guard staging directory creation (mkdir) for artifact staging |
| actions/setup/js/unified_timeline.cjs | Guard timeline/audit/event log reads with descriptive errors |
| actions/setup/js/start_mcp_gateway.cjs | Guard MCP log/config dir creation + stdin/config reads + output appends |
| actions/setup/js/setup_threat_detection.cjs | Guard template read and prompt dir/file creation |
| actions/setup/js/setup_comment_memory_files.cjs | Guard comment-memory dir creation + prompt reads/writes |
| actions/setup/js/sanitize_output.cjs | Guard output file reads prior to sanitization |
| actions/setup/js/sanitize_content_core.cjs | Guard redaction log directory creation + log writes |
| actions/setup/js/safe_outputs_tools_loader.cjs | Guard JSONL appends to safe-outputs output file |
| actions/setup/js/safe_outputs_handlers.cjs | Guard assets dir creation, file reads, and staging dir creation |
| actions/setup/js/safe_outputs_config.cjs | Guard output directory creation for safe-outputs config |
| actions/setup/js/runtime_import.cjs | Guard cache dir creation, cache reads/writes, and runtime import reads |
| actions/setup/js/run_evals.cjs | Guard evals dir creation, input reads, and prompt/result writes |
| actions/setup/js/redact_evals_results.cjs | Guard eval results reads before redaction verification |
| actions/setup/js/push_to_pull_request_branch.cjs | Guard patch file reads used for validation/stats |
| actions/setup/js/push_repo_memory.cjs | Guard JSON file reads before parsing |
| actions/setup/js/pick_experiment.cjs | Guard state dir creation and state/assignment writes |
| actions/setup/js/patch_awf_chroot_config.cjs | Guard chroot config writes |
| actions/setup/js/parse_token_usage.cjs | Make step-summary append best-effort |
| actions/setup/js/parse_mcp_gateway_log.cjs | Guard token-usage JSONL reads |
| actions/setup/js/mount_mcp_as_cli.cjs | Guard MCP CLI directory creation |
| actions/setup/js/messages_core.cjs | Guard template file reads |
| actions/setup/js/merge_remote_agent_github_folder.cjs | Guard file reads and directory creation during merge |
| actions/setup/js/merge_frontmatter_models.cjs | Guard merged models.json write |
| actions/setup/js/mcp_scripts_config_loader.cjs | Guard MCP scripts config reads |
| actions/setup/js/mcp_handler_shell.cjs | Guard output file initialization writes |
| actions/setup/js/load_experiment_state_from_repo.cjs | Guard state dir creation and state file writes |
| actions/setup/js/install_frontmatter_skills.cjs | Guard skills destination directory creation |
| actions/setup/js/handle_noop_message.cjs | Guard template reads for issue body generation |
| actions/setup/js/handle_detection_runs.cjs | Guard template reads for issue body generation |
| actions/setup/js/handle_agent_failure.cjs | Guard template reads for failure-context rendering |
| actions/setup/js/github_rate_limit_logger.cjs | Guard log directory creation for rate-limit JSONL |
| actions/setup/js/generate_usage_activity_summary.cjs | Guard summary JSON write |
| actions/setup/js/generate_safe_outputs_tools.cjs | Guard env-json writes and tools output JSON write |
| actions/setup/js/generate_observability_summary.cjs | Guard blocked-request file reads |
| actions/setup/js/generate_git_patch.cjs | Guard patch dir creation and patch reads for stats |
| actions/setup/js/generate_git_bundle.cjs | Guard bundle dir creation |
| actions/setup/js/generate_aw_info.cjs | Guard tmp dir creation and aw_info.json write |
| actions/setup/js/gateway_difc_filtered.cjs | Guard remediation text reads |
| actions/setup/js/frontmatter_hash_pure.cjs | Guard default file reader reads |
| actions/setup/js/extract_inline_sub_agents.cjs | Guard inline sub-agent dir creation and writes |
| actions/setup/js/extract_inline_skills.cjs | Guard inline skill dir creation and writes |
| actions/setup/js/evaluate_outcomes.cjs | Guard tmp JSON writes (atomic write helper) |
| actions/setup/js/detect_agent_errors.cjs | Make output writes best-effort; guard log reads |
| actions/setup/js/daily_aic_workflow_helpers.cjs | Guard usage JSONL reads |
| actions/setup/js/create_pull_request.cjs | Guard patch reads/writes used in PR creation flows |
| actions/setup/js/create_code_scanning_alert.cjs | Guard SARIF writes |
| actions/setup/js/copilot_harness.cjs | Make output writes best-effort |
| actions/setup/js/convert_gateway_config_shared.cjs | Guard secure output dir creation and writes |
| actions/setup/js/check_workflow_recompile_needed.cjs | Guard working-tree file reads for comparison |
| actions/setup/js/build_checkout_manifest.cjs | Guard manifest dir creation and manifest writes |
| actions/setup/js/artifact_client.cjs | Guard destination directory creation for artifact downloads |
| actions/setup/js/apply_samples.cjs | Guard temp patch writes; make synthetic log append best-effort |
| actions/setup/js/apply_safe_outputs_replay.cjs | Guard artifact download dir creation and agent output reads |
| actions/setup/js/action_setup_otlp.cjs | Make env/output writes best-effort |
| .github/workflows/release.lock.yml | Regenerated workflow lockfile metadata/comments |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 56/56 changed files
- Comments generated: 7
- Review effort level: Low
Resolve conflict in .github/workflows/release.lock.yml: - Keep v7.0.0 version tag for actions/setup-go from our branch - Incorporate main's format change (manifest header on single line) - Pick up mai-code-1-flash-picker model addition and other main changes Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…rkflows Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
|
✅ Smoke Copilot MAI completed successfully! |
|
📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing... |
|
✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready. |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ |
|
✅ Smoke OTEL completed successfully! |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
✅ Smoke Copilot Small completed successfully! |
|
📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing... |
|
Smoke test summary:
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment.
|
Smoke Test Results
Overall Status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
Caution agentic threat detected DetailsThe threat detection engine failed to produce results. Review the workflow run logs for details. Pull request created: #46217
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment.
|
💥 Smoke Test: Claude — Run 29576560304Core #1-12: ✅ all passed Overall: PARTIAL (all executed tests passed; 3 skipped) Warning Firewall blocked 4 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 4 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comclients2.google.comcontentautofill.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · 107.1 AIC · ⌖ 33.8 AIC · ⊞ 8.4K
Comment /smoke-claude to run again
| const destination = options.path || process.env.GITHUB_WORKSPACE || process.cwd(); | ||
| fs.mkdirSync(destination, { recursive: true }); | ||
| try { | ||
| fs.mkdirSync(destination, { recursive: true }); |
There was a problem hiding this comment.
Good defensive handling — wrapping mkdirSync in try/catch gives a clearer failure message. Consider reusing a shared helper for this pattern across the codebase.
| try { | ||
| fs.mkdirSync(destination, { recursive: true }); | ||
| } catch (err) { | ||
| throw new Error(`Failed to create directory ${destination}: ${String(err)}`, { cause: err }); |
There was a problem hiding this comment.
Nice use of the error cause option to preserve the original stack. The String(err) coercion is fine here for the message text.
|
fix(setup-js): wrap all sync fs calls in try/catch (eslint-monster remediation)
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment.
|
There was a problem hiding this comment.
Smoke review: helper guards noted.
📰 BREAKING: Report filed by Smoke Copilot · 79 AIC · ⌖ 5.41 AIC · ⊞ 19K
Comment /smoke-copilot to run again
Add label smoke to run again
120 ESLint warnings for
gh-aw-custom/require-fs-sync-try-catchandgh-aw-custom/require-mkdirsync-try-catchacross 55 files inactions/setup/js/— all unguarded synchronous filesystem operations that would crash the action on I/O errors.Changes
Critical paths (
readFileSync,writeFileSync,mkdirSyncfor required action state) — rethrow with descriptive message and{ cause: err }:Non-critical log appends (
appendFileSyncto GitHub Actions output/log files) — silent catch to avoid crashing the action over a logging failure:Inline usages — extracted to an intermediate variable before wrapping, e.g.
JSON.parse(fs.readFileSync(...))split into a guarded read + separate parse.Covers all files listed in the issue plus all other files surfaced by the lint run.
✨ PR Review Safe Output Test - Run 29576560304
Warning
Firewall blocked 4 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comclients2.google.comcontentautofill.googleapis.comwww.google.comSee Network Configuration for more information.