Skip to content
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions remote-ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
77u/bmFtZTogQ0kKb246CiAgcHVzaDoKICAgIGJyYW5jaGVzOiBbbWFpbiwg

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Put the workflow where GitHub can discover it

When relying on this added CI to gate pushes or pull requests, it will never run because the added file is a base64 blob at the repository root rather than a YAML workflow under .github/workflows/. I decoded the content and it is a GitHub Actions name: CI workflow, but GitHub's workflow syntax docs state that workflow files must be stored in .github/workflows (https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions), and this repo's AGENTS.md also points CI to .github/workflows/; please commit the decoded YAML in that directory instead.

Useful? React with 👍 / 👎.

bWFzdGVyXQogIHB1bGxfcmVxdWVzdDoKICAgIGJyYW5jaGVzOiBbbWFpbiwg
bWFzdGVyXQogIHdvcmtmbG93X2Rpc3BhdGNoOgpqb2JzOgogIHZhbGlkYXRl
OgogICAgcnVucy1vbjogdWJ1bnR1LWxhdGVzdAogICAgc3RlcHM6CiAgICAg
IC0gdXNlczogYWN0aW9ucy9jaGVja291dEB2NAogICAgICAgIHdpdGg6CiAg
Comment on lines +1 to +5
ICAgICAgICBmZXRjaC1kZXB0aDogMAogICAgICAtIHVzZXM6IGFjdGlvbnMv
c2V0dXAtbm9kZUB2NAogICAgICAgIHdpdGg6CiAgICAgICAgICBub2RlLXZl
cnNpb246IDIwCiAgICAgICAgICBjYWNoZTogbnBtCiAgICAgIC0gd29ya2lu
Zy1kaXJlY3Rvcnk6IHRvb2xzL2xvb3AtYXVkaXQKICAgICAgICBydW46IG5w
bSBjaQogICAgICAtIHdvcmtpbmctZGlyZWN0b3J5OiB0b29scy9sb29wLWF1
ZGl0CiAgICAgICAgcnVuOiBub2RlIGRpc3QvY2xpLmpzIC4uIC0tbGV2ZWwg
TDIKICBhdWRpdDoKICAgIHJ1bnMtb246IHVidW50dS1sYXRlc3QKICAgIHN0
ZXBzOgogICAgICAtIHVzZXM6IGFjdGlvbnMvY2hlY2tvdXRAdjQKICAgICAg
ICB3aXRoOgogICAgICAgICAgZmV0Y2gtZGVwdGg6IDAKICAgICAgLSB1c2Vz
OiBhY3Rpb25zL3NldHVwLW5vZGVAdjQKICAgICAgICB3aXRoOgogICAgICAg
ICAgbm9kZS12ZXJzaW9uOiAyMAogICAgICAgICAgY2FjaGU6IG5wbQogICAg
ICAtIHdvcmtpbmctZGlyZWN0b3J5OiB0b29scy9sb29wLWF1ZGl0CiAgICAg
ICAgcnVuOiBucG0gY2kKICAgICAgLSB3b3JraW5nLWRpcmVjdG9yeTogdG9v
bHMvbG9vcC1hdWRpdAogICAgICAgIHJ1bjogbnBtIHJ1biBidWlsZAo=
Comment on lines +1 to +19

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

Multiple Issues Detected in remote-ci.yml

  1. Base64 Encoded Content: The file is currently base64-encoded. GitHub Actions cannot parse base64-encoded YAML files; it must be plain text.
  2. Incorrect Directory Location: This file is added in the root directory as remote-ci.yml. GitHub Actions workflows must be placed in the .github/workflows/ directory (e.g., .github/workflows/remote-ci.yml) to be detected and executed.
  3. Typo in Step Key: In the audit job, the last step uses zun: instead of run:. This is invalid syntax and will cause a workflow parsing error.
  4. Missing Build Step: The validate job attempts to run node dist/cli.js .. --level L2 immediately after npm ci. Since the dist directory is not committed and has not been built yet, this step will fail. You must run npm run build before executing the CLI.

The suggested code below decodes the base64 content, fixes the zun: typo, and adds the missing npm run build step to the validate job.

name: CI
on:
  push:
    branches: [main, master]
  pull_request:
    branches: [main, master]
  workflow_dispatch:
jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: npm
      - working-directory: tools/loop-audit
        run: npm ci
      - working-directory: tools/loop-audit
        run: npm run build
      - working-directory: tools/loop-audit
        run: node dist/cli.js .. --level L2
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: npm
      - working-directory: tools/loop-audit
        run: npm ci
      - working-directory: tools/loop-audit
        run: npm run build

Comment on lines +1 to +19

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remediation recommended

1. Obfuscated ci config 🐞 Bug ⚙ Maintainability

remote-ci.yml is committed as base64 text (and includes a leading UTF‑8 BOM) instead of normal
YAML, making the CI definition non-auditable and likely unusable by any YAML-based consumer. If this
was intended to add/modify CI behavior, it should be checked in as plain YAML in the standard
workflows area rather than an encoded blob at repo root.
Agent Prompt
## Issue description
`remote-ci.yml` is base64-encoded content (and starts with a BOM), not a YAML document. This makes it hard to review and unlikely to work with any standard YAML/CI tooling.

## Issue Context
The repo already contains GitHub Actions workflows as plain YAML under `.github/workflows/`. The newly-added file is at repo root and is encoded, which is inconsistent and likely accidental or mispackaged.

## Fix Focus Areas
- remote-ci.yml[1-19]
- .github/workflows/ci.yml[1-13]

## Suggested fix
1. Decode the base64 blob and commit the decoded content as plain YAML.
2. If it is meant to be a GitHub Actions workflow, place it under `.github/workflows/` (or merge the steps into an existing workflow).
3. Remove the UTF-8 BOM from the file content (both the file prefix and the decoded payload) to avoid parser issues.
4. If it is intentionally stored encoded for some external system, rename it to make that explicit (e.g., `remote-ci.yml.b64`) and add documentation + a checked-in decoder/consumer so usage is discoverable and reviewable.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Loading