protocol-two/.github/workflows/gatekeeper.yml at main · codeijoe/protocol-two · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Codeijoe Gatekeeper

# Trigger pada Pull Request ke branch main
on:
  pull_request_target:
    branches: [ "main" ]
    paths:
      - 'src/**'
      - 'tests/**'

permissions:
  contents: read
  pull-requests: write # WAJIB: Izin untuk Bot memberi label, komen, dan menutup PR
  issues: write

jobs:
  validate-submission:
    name: Verify Challenger's Work
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      # ---------------------------------------------------------
      # STEP 1: ANTI-CHEAT (Polisi Integritas)
      # ---------------------------------------------------------
      - name: Detect Cheating (Test Modification)
        id: anti_cheat
        uses: tj-actions/changed-files@v41
        with:
          files: tests/**

      - name: Block Cheaters
        if: steps.anti_cheat.outputs.any_changed == 'true'
        run: |
          echo "::error title=Platform Integrity Violated::You modified the test files! CHEATING DETECTED."
          exit 1

      # ---------------------------------------------------------
      # STEP 2: BUILD & TEST (Ujian Kompetensi)
      # ---------------------------------------------------------
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '18'

      - name: Install Dependencies
        run: npm ci

      - name: Run The Gauntlet
        id: run_tests
        run: npm test > test-results.txt 2>&1
        continue-on-error: true

      # ---------------------------------------------------------
      # STEP 3: AUTOMATED JUDGMENT & CLOSURE (Hakim Robot)
      # ---------------------------------------------------------
      - name: Judge & Close
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            let testResult = '';
            try {
              testResult = fs.readFileSync('test-results.txt', 'utf8');
            } catch (e) {
              testResult = 'Test output missing.';
            }

            const outcome = '${{ steps.run_tests.outcome }}';
            let body = '';

            if (outcome === 'success') {
              // --- SKENARIO LULUS (VERIFIED CLOSE) ---
              body = '### ✅ MISSION ACCOMPLISHED\n\n' +
                     '**Target Verified.** Excellent work, Challenger.\n\n' +
                     '🔒 **PROTOCOL:** This PR will now be automatically **CLOSED** to prevent solution leakage to the main branch.\n' +
                     '🏆 **TROPHY:** This PR URL is your permanent **Proof of Work**. You may pin it to your profile as evidence of your engineering judgment.';

              // 1. Beri Label Penghargaan
              try {
                await github.rest.issues.addLabels({
                  owner: context.repo.owner,
                  repo: context.repo.repo,
                  issue_number: context.issue.number,
                  labels: ['mission-completed', 'verified']
                });
              } catch (e) {}

              // 2. Post Komentar Final
              await github.rest.issues.createComment({
                issue_number: context.issue.number,
                owner: context.repo.owner,
                repo: context.repo.repo,
                body: body
              });

              // 3. TUTUP PR (Auto-Close)
              await github.rest.pulls.update({
                owner: context.repo.owner,
                repo: context.repo.repo,
                pull_number: context.issue.number,
                state: 'closed'
              });

            } else {
              // --- SKENARIO GAGAL ---
              body = '### ❌ MISSION FAILED\n\n' +
                     'System status: **REJECTED**.\n' +
                     'Your code did not pass the automated tests. Check the logs below:\n\n' +
                     '<details><summary>Expand Test Logs</summary>\n\n' +
                     '```\n' + testResult.slice(0, 2000) + '...\n```\n' +
                     '\n</details>\n' +
                     '\n**Action Required:** Fix your code and push again. Do not ask for review until this turns Green.';

              // Hapus label jika ada sisa dari percobaan sebelumnya
              try {
                await github.rest.issues.removeLabel({
                  owner: context.repo.owner,
                  repo: context.repo.repo,
                  issue_number: context.issue.number,
                  name: 'mission-completed'
                });
              } catch (e) {}

              await github.rest.issues.createComment({
                issue_number: context.issue.number,
                owner: context.repo.owner,
                repo: context.repo.repo,
                body: body
              });
            }

      - name: Fail Workflow if Tests Failed
        if: steps.run_tests.outcome != 'success'
        run: exit 1