Skip to content

fix(setup-js): wrap all sync fs calls in try/catch (eslint-monster remediation)#46102

Open
pelikhan with Copilot wants to merge 11 commits into
mainfrom
copilot/eslint-monster-wrap-fs-calls
Open

fix(setup-js): wrap all sync fs calls in try/catch (eslint-monster remediation)#46102
pelikhan with Copilot wants to merge 11 commits into
mainfrom
copilot/eslint-monster-wrap-fs-calls

Conversation

Copilot AI commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

120 ESLint warnings for gh-aw-custom/require-fs-sync-try-catch and gh-aw-custom/require-mkdirsync-try-catch across 55 files in actions/setup/js/ — all unguarded synchronous filesystem operations that would crash the action on I/O errors.

Changes

  • Critical paths (readFileSync, writeFileSync, mkdirSync for required action state) — rethrow with descriptive message and { cause: err }:

    try {
      fs.mkdirSync(manifestDir, { recursive: true });
      fs.writeFileSync(manifestPath, JSON.stringify(manifest));
    } catch (err) {
      throw new Error(`Failed to write manifest to ${manifestPath}: ${err.message}`, { cause: err });
    }
  • Non-critical log appends (appendFileSync to GitHub Actions output/log files) — silent catch to avoid crashing the action over a logging failure:

    try {
      fs.appendFileSync(githubOutput, content);
    } catch { /* ignore */ }
  • Inline usages — extracted to an intermediate variable before wrapping, e.g. JSON.parse(fs.readFileSync(...)) split into a guarded read + separate parse.

Covers all files listed in the issue plus all other files surfaced by the lint run.



✨ PR Review Safe Output Test - Run 29576560304

Warning

Firewall blocked 4 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 107.1 AIC · ⌖ 33.8 AIC · ⊞ 8.4K ·
Comment /smoke-claude to run again

Copilot AI and others added 2 commits July 17, 2026 00:11
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Wrap synchronous fs and mkdirSync calls in try/catch fix(setup-js): wrap all sync fs calls in try/catch (eslint-monster remediation) Jul 17, 2026
Copilot AI requested a review from pelikhan July 17, 2026 00:52
@github-actions

Copy link
Copy Markdown
Contributor

🤖 PR Triage

Field Value
Category chore (ESLint batch 1/3)
Risk 🟡 Medium
Score 35/100
Action defer
Batch pr-batch:eslint-setup-js

Score breakdown: Impact 12 + Urgency 8 + Quality 15

Rationale: Wraps 120 unguarded sync fs calls in actions/setup/js/ with try/catch (eslint-monster). DRAFT — no CI yet. Part of a 3-PR ESLint remediation batch (#46102, #46101, #46100). Coordinate batch review together.

Run §29545908133

Generated by 🔧 PR Triage Agent · 181.7 AIC · ⌖ 5.04 AIC · ⊞ 5.6K ·

@github-actions

This comment has been minimized.

1 similar comment
@github-actions

Copy link
Copy Markdown
Contributor

Hey @app/copilot-swe-agent 👋 — great work wrapping all those unguarded readFileSync/writeFileSync/mkdirSync calls across 55 files in actions/setup/js/! This is solid defensive programming that prevents crashes on I/O errors.

One thing that would help reviewers gain confidence:

  • Consider tests — this PR touches critical paths like create_pull_request.cjs and start_mcp_gateway.cjs. Even smoke-level tests verifying that the error-throw and silent-catch paths behave as expected would go a long way.

If you'd like a hand, you can assign this prompt to your coding agent:

Add tests for the try/catch wrappers introduced in actions/setup/js/ for the most critical files:
- create_pull_request.cjs: verify that a writeFileSync failure throws with a descriptive message and { cause: err }
- start_mcp_gateway.cjs: verify that an mkdirSync failure is surfaced correctly
Follow the existing test patterns in the actions/setup/js/ test directory.

Generated by ✅ Contribution Check · 92 AIC · ⌖ 8.63 AIC · ⊞ 6.2K ·

@pelikhan
pelikhan marked this pull request as ready for review July 17, 2026 02:52
Copilot AI review requested due to automatic review settings July 17, 2026 02:52
@pelikhan

Copy link
Copy Markdown
Collaborator

@copilot resolve the merge conflicts on this branch.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the JavaScript “setup” action helpers under actions/setup/js/ by wrapping synchronous filesystem operations in try/catch blocks to satisfy the gh-aw-custom/require-fs-sync-try-catch / require-mkdirsync-try-catch ESLint rules and to avoid crashing the action on I/O failures.

Changes:

  • Wrapped many fs.*Sync calls (mkdir/read/write/append) in try/catch, generally rethrowing with more descriptive errors and { cause: err }.
  • Adjusted some “best effort” file appends (outputs/logging paths) to fail soft rather than terminate the action.
  • Updated the generated release.lock.yml manifest/comment metadata consistent with a recompile.
Show a summary per file
File Description
actions/setup/js/write_large_content_to_file.cjs Guard temp dir creation + file write with descriptive errors
actions/setup/js/upload_artifact.cjs Guard staging directory creation (mkdir) for artifact staging
actions/setup/js/unified_timeline.cjs Guard timeline/audit/event log reads with descriptive errors
actions/setup/js/start_mcp_gateway.cjs Guard MCP log/config dir creation + stdin/config reads + output appends
actions/setup/js/setup_threat_detection.cjs Guard template read and prompt dir/file creation
actions/setup/js/setup_comment_memory_files.cjs Guard comment-memory dir creation + prompt reads/writes
actions/setup/js/sanitize_output.cjs Guard output file reads prior to sanitization
actions/setup/js/sanitize_content_core.cjs Guard redaction log directory creation + log writes
actions/setup/js/safe_outputs_tools_loader.cjs Guard JSONL appends to safe-outputs output file
actions/setup/js/safe_outputs_handlers.cjs Guard assets dir creation, file reads, and staging dir creation
actions/setup/js/safe_outputs_config.cjs Guard output directory creation for safe-outputs config
actions/setup/js/runtime_import.cjs Guard cache dir creation, cache reads/writes, and runtime import reads
actions/setup/js/run_evals.cjs Guard evals dir creation, input reads, and prompt/result writes
actions/setup/js/redact_evals_results.cjs Guard eval results reads before redaction verification
actions/setup/js/push_to_pull_request_branch.cjs Guard patch file reads used for validation/stats
actions/setup/js/push_repo_memory.cjs Guard JSON file reads before parsing
actions/setup/js/pick_experiment.cjs Guard state dir creation and state/assignment writes
actions/setup/js/patch_awf_chroot_config.cjs Guard chroot config writes
actions/setup/js/parse_token_usage.cjs Make step-summary append best-effort
actions/setup/js/parse_mcp_gateway_log.cjs Guard token-usage JSONL reads
actions/setup/js/mount_mcp_as_cli.cjs Guard MCP CLI directory creation
actions/setup/js/messages_core.cjs Guard template file reads
actions/setup/js/merge_remote_agent_github_folder.cjs Guard file reads and directory creation during merge
actions/setup/js/merge_frontmatter_models.cjs Guard merged models.json write
actions/setup/js/mcp_scripts_config_loader.cjs Guard MCP scripts config reads
actions/setup/js/mcp_handler_shell.cjs Guard output file initialization writes
actions/setup/js/load_experiment_state_from_repo.cjs Guard state dir creation and state file writes
actions/setup/js/install_frontmatter_skills.cjs Guard skills destination directory creation
actions/setup/js/handle_noop_message.cjs Guard template reads for issue body generation
actions/setup/js/handle_detection_runs.cjs Guard template reads for issue body generation
actions/setup/js/handle_agent_failure.cjs Guard template reads for failure-context rendering
actions/setup/js/github_rate_limit_logger.cjs Guard log directory creation for rate-limit JSONL
actions/setup/js/generate_usage_activity_summary.cjs Guard summary JSON write
actions/setup/js/generate_safe_outputs_tools.cjs Guard env-json writes and tools output JSON write
actions/setup/js/generate_observability_summary.cjs Guard blocked-request file reads
actions/setup/js/generate_git_patch.cjs Guard patch dir creation and patch reads for stats
actions/setup/js/generate_git_bundle.cjs Guard bundle dir creation
actions/setup/js/generate_aw_info.cjs Guard tmp dir creation and aw_info.json write
actions/setup/js/gateway_difc_filtered.cjs Guard remediation text reads
actions/setup/js/frontmatter_hash_pure.cjs Guard default file reader reads
actions/setup/js/extract_inline_sub_agents.cjs Guard inline sub-agent dir creation and writes
actions/setup/js/extract_inline_skills.cjs Guard inline skill dir creation and writes
actions/setup/js/evaluate_outcomes.cjs Guard tmp JSON writes (atomic write helper)
actions/setup/js/detect_agent_errors.cjs Make output writes best-effort; guard log reads
actions/setup/js/daily_aic_workflow_helpers.cjs Guard usage JSONL reads
actions/setup/js/create_pull_request.cjs Guard patch reads/writes used in PR creation flows
actions/setup/js/create_code_scanning_alert.cjs Guard SARIF writes
actions/setup/js/copilot_harness.cjs Make output writes best-effort
actions/setup/js/convert_gateway_config_shared.cjs Guard secure output dir creation and writes
actions/setup/js/check_workflow_recompile_needed.cjs Guard working-tree file reads for comparison
actions/setup/js/build_checkout_manifest.cjs Guard manifest dir creation and manifest writes
actions/setup/js/artifact_client.cjs Guard destination directory creation for artifact downloads
actions/setup/js/apply_samples.cjs Guard temp patch writes; make synthetic log append best-effort
actions/setup/js/apply_safe_outputs_replay.cjs Guard artifact download dir creation and agent output reads
actions/setup/js/action_setup_otlp.cjs Make env/output writes best-effort
.github/workflows/release.lock.yml Regenerated workflow lockfile metadata/comments

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 56/56 changed files
  • Comments generated: 7
  • Review effort level: Low

Comment thread actions/setup/js/upload_artifact.cjs
Comment thread actions/setup/js/evaluate_outcomes.cjs Outdated
Comment thread actions/setup/js/start_mcp_gateway.cjs Outdated
Comment thread actions/setup/js/start_mcp_gateway.cjs Outdated
Comment thread actions/setup/js/convert_gateway_config_shared.cjs Outdated
Comment thread actions/setup/js/action_setup_otlp.cjs
Comment thread actions/setup/js/detect_agent_errors.cjs
Copilot AI and others added 2 commits July 17, 2026 03:20
Resolve conflict in .github/workflows/release.lock.yml:
- Keep v7.0.0 version tag for actions/setup-go from our branch
- Incorporate main's format change (manifest header on single line)
- Pick up mai-code-1-flash-picker model addition and other main changes

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…rkflows

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot MAI completed successfully!

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing...

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Smoke OTEL completed successfully!

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot Small completed successfully!

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing...

@github-actions

Copy link
Copy Markdown
Contributor

Smoke test summary:

  • Commits in the last 24h are mostly refactors, linting/tooling work, and security/sandbox fixes.
  • Overall status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by ⚡ Smoke Copilot MAI · 2.92 AIC · ⌖ 0.725 AIC · ⊞ 15.4K ·
Comment /smoke-copilot-mai to run again
Add label smoke to run again

@github-actions

Copy link
Copy Markdown
Contributor

Agent Container Tool Check

Tool Status Version
bash 5.2.21
sh available
git 2.54.0
jq 1.7
yq v4.53.3
curl 8.5.0
gh 2.96.0
node v20.20.2
python3 3.11.15 (PyPy 7.3.23)
go 1.24.13
java 10.0.301
dotnet 10.0.301

Result: 12/12 tools available ✅

Overall Status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔧 Tool validation by Agent Container Smoke Test · 9.1 AIC · ⌖ 5.37 AIC · ⊞ 4.5K ·
Comment /smoke-test-tools to run again

@github-actions

Copy link
Copy Markdown
Contributor

Comment Memory

Moss on cold stone
Binary dawn waits silent
Checks bloom in small light

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

🔮 The oracle has spoken through Smoke Codex · 6.27 AIC · ⊞ 13.9K ·
Comment /smoke-codex to run again

@github-actions

Copy link
Copy Markdown
Contributor

Smoke Test Results

  1. GitHub MCP: ✅
  2. Web Fetch: ✅
  3. File Writing: ✅
  4. Bash Tool: ✅
  5. Build gh-aw: ❌

Overall Status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

Smoke Gemini — Powered by Gemini · 14.3 AIC · ⌖ 4.49 AIC · ⊞ 9.3K ·
Comment /smoke-gemini to run again

@github-actions

Copy link
Copy Markdown
Contributor

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Details

The threat detection engine failed to produce results.

Review the workflow run logs for details.

Pull request created: #46217

Generated by Changeset Generator · 2.15 AIC · ⊞ 12.5K

@github-actions

Copy link
Copy Markdown
Contributor

Comment Memory

Old test lines break,
Missing tools in smoke pipeline,
Silence fills the void.

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

📰 BREAKING: Report filed by Smoke Copilot - AOAI (apikey) · 12.4 AIC · ⌖ 3 AIC · ⊞ 17.9K ·
Comment /smoke-copilot-aoai-apikey to run again
Add label smoke to run again

@github-actions

Copy link
Copy Markdown
Contributor

💥 Smoke Test: Claude — Run 29576560304

Core #1-12: ✅ all passed
PR Review #13-15,17: ✅ | #16 ⚠️ skip (no unresolved thread) | #18 ⚠️ skip (allowed-files policy) | #19 ⚠️ skip (no safe PR)

Overall: PARTIAL (all executed tests passed; 3 skipped)

Warning

Firewall blocked 4 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 107.1 AIC · ⌖ 33.8 AIC · ⊞ 8.4K ·
Comment /smoke-claude to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💥 Automated smoke test review - all systems nominal!

Warning

Firewall blocked 4 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 107.1 AIC · ⌖ 33.8 AIC · ⊞ 8.4K
Comment /smoke-claude to run again

const destination = options.path || process.env.GITHUB_WORKSPACE || process.cwd();
fs.mkdirSync(destination, { recursive: true });
try {
fs.mkdirSync(destination, { recursive: true });

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good defensive handling — wrapping mkdirSync in try/catch gives a clearer failure message. Consider reusing a shared helper for this pattern across the codebase.

try {
fs.mkdirSync(destination, { recursive: true });
} catch (err) {
throw new Error(`Failed to create directory ${destination}: ${String(err)}`, { cause: err });

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice use of the error cause option to preserve the original stack. The String(err) coercion is fine here for the message text.

@github-actions

Copy link
Copy Markdown
Contributor

fix(setup-js): wrap all sync fs calls in try/catch (eslint-monster remediation)
Overall: FAIL ❌ | author: Copilot | assignees: pelikhan, Copilot
1❌ 2✅ 3✅ 4❌
5❌ 6✅ 7✅ 8✅
9✅ 10✅ 11✅ 12✅
13✅ 14✅ 15✅ 16❌

📰 BREAKING: Report filed by Smoke Copilot · 79 AIC · ⌖ 5.41 AIC · ⊞ 19K ·
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions

Copy link
Copy Markdown
Contributor

Comment Memory

Circuits hum at dawn
Bots test branches made of light
Green checks bloom like rain

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

📰 BREAKING: Report filed by Smoke Copilot · 79 AIC · ⌖ 5.41 AIC · ⊞ 19K ·
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smoke review: helper guards noted.

📰 BREAKING: Report filed by Smoke Copilot · 79 AIC · ⌖ 5.41 AIC · ⊞ 19K
Comment /smoke-copilot to run again
Add label smoke to run again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[eslint-monster] [Code Quality] actions/setup/js: wrap synchronous fs and mkdirSync calls in try/catch

4 participants