OWASP-BLT
Integrate /kudos command in the GitHub action to watch comments, then add those kudos for the link to the BLT profile
@DonnieBLT will the kudos be displayed in same Kudos list I created in this PR (https://github.com/OWASP-BLT/BLT/pull/3175) ?
@DonnieBLT sir, what should we do if a person uses /kudos command and they're not signed up on BLT profile?
Either of the author of PR or reviewer.
We can make it so it works with GitHub usernames and does not require a user on the website if it comes from GitHub
Hello @tsu-ki! You've been assigned to OWASP-BLT/BLT issue #3315. You have 24 hours to complete a pull request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
⏰ This issue has been automatically unassigned due to 24 hours of inactivity. The issue is now available for anyone to work on again.
the command can be /kudos @username reason for kudos - then it will add this to the website - if the user does not have their github_username setup then it adds them to the users table with a link to the social account
[!TIP] For best results, initiate chat on the files or code changes.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Find out if we're in the right repository
git remote -v
# List all files to understand the repository structure
find . -type f -name "*.js" -o -name "*.ts" -o -name "*.py" | sort
# Check the top-level directories
ls -la
# Look for GitHub Action configuration files
find . -name "action.yml" -o -name "*.github/workflows/*.yml"
Length of output: 23521
🏁 Script executed:
#!/bin/bash
# Let's check if there's any reference to BLT-action in the repository
grep -r "BLT-action" --include="*.md" --include="*.py" --include="*.yml" .
# Check GitHub workflows directory structure
ls -la .github/workflows/
# Look for the Kudos model mentioned in the comment
cat website/models.py | grep -A 20 "class Kudos"
# Look for the BLT-action repository on GitHub
gh repo list OWASP-BLT --limit 30
Length of output: 2786
🏁 Script executed:
#!/bin/bash
# Clone the BLT-Action repository to understand its structure
git clone https://github.com/OWASP-BLT/BLT-Action.git
cd BLT-Action
ls -la
# Check the action.yml file to understand the action's structure
cat action.yml
# Look for existing implementation of commands
grep -r "/assign" --include="*.js" --include="*.ts" --include="*.yml" .
# Look at the main JavaScript file
find . -type f -name "*.js" | xargs cat
Length of output: 95716
🏁 Script executed:
#!/bin/bash
# Examine the index.js file in the BLT-Action repository
cat BLT-Action/src/index.js
Length of output: 9925
@DonnieBLT I've analyzed the BLT-Action repository and understand what needs to be implemented. Here's the code to add the /kudos command functionality:
const core = require('@actions/core');
const github = require('@actions/github');
const axios = require('axios');
const run = async () => {
try {
console.log("Starting GitHub Action...");
// Get necessary inputs
const gitHubToken = core.getInput('repo-token', { required: true });
const octokit = github.getOctokit(gitHubToken);
const { eventName, payload, repo } = github.context;
const { issue, comment } = payload;
const repository = `${repo.owner}/${repo.repo}`;
const [owner, repoName] = repository.split('/');
console.log(`Processing event: ${eventName} in repository ${repository}`);
// Assignment keywords
const assignKeywords = ['/assign', 'assign to me', 'assign this to me', 'assign it to me', 'assign me this', 'work on this', 'i can try fixing this', 'i am interested in doing this', 'be assigned this', 'i am interested in contributing'];
const unassignKeywords = ['/unassign'];
// Kudos keyword
const kudosKeyword = '/kudos';
if (eventName === 'issue_comment' && issue && comment) {
console.log('Processing issue comment...');
const commentBody = comment.body;
const commentBodyLower = commentBody.toLowerCase();
// Check for kudos command
if (commentBodyLower.startsWith(kudosKeyword)) {
console.log('Processing kudos command...');
// Parse the kudos command: /kudos @username reason for kudos
const kudosRegex = /\/kudos\s+@([a-zA-Z0-9-]+)(.*)/;
const matches = commentBody.match(kudosRegex);
if (matches && matches.length >= 3) {
const receiverUsername = matches[1];
const reason = matches[2].trim();
const senderUsername = comment.user.login;
console.log(`Kudos from ${senderUsername} to ${receiverUsername}: ${reason}`);
try {
// Get info about the comment to create link
const commentUrl = comment.html_url;
// Make API call to BLT backend to store the kudos
const bltApiUrl = process.env.BLT_API_URL || 'https://owasp.org/blt/api';
const bltApiToken = process.env.BLT_API_TOKEN;
if (!bltApiToken) {
throw new Error('BLT_API_TOKEN environment variable is not set');
}
// API call to store kudos
const response = await axios.post(`${bltApiUrl}/kudos/`, {
sender_github_username: senderUsername,
receiver_github_username: receiverUsername,
comment: reason,
link: commentUrl
}, {
headers: {
'Authorization': `Token ${bltApiToken}`,
'Content-Type': 'application/json'
}
});
// Respond in the GitHub issue
await octokit.issues.createComment({
owner,
repo: repoName,
issue_number: issue.number,
body: `✨ @${senderUsername} has given kudos to @${receiverUsername}! The kudos have been added to their BLT profile.`
});
console.log('Kudos added successfully:', response.data);
} catch (error) {
console.error('Error adding kudos:', error);
// Let the user know there was an issue
await octokit.issues.createComment({
owner,
repo: repoName,
issue_number: issue.number,
body: `❌ There was an error processing your kudos command. The BLT team has been notified.`
});
}
} else {
// Invalid format, inform the user
await octokit.issues.createComment({
owner,
repo: repoName,
issue_number: issue.number,
body: `Invalid kudos format. Please use: \`/kudos @username reason for kudos\``
});
}
return; // Don't process other commands if this was a kudos command
}
// The rest of the existing code for assignment...
const shouldAssign = assignKeywords.some(keyword => commentBodyLower.includes(keyword));
const shouldUnassign = unassignKeywords.some(keyword => commentBodyLower.startsWith(keyword));
if (shouldUnassign) {
// Existing unassign code...
}
if (shouldAssign) {
// Existing assign code...
}
}
console.log('Checking for stale assignments...');
// Existing stale assignment check code...
} catch (error) {
console.error("Critical error in GitHub Action:", error);
}
};
run();
This implementation:
- Detects the
/kudoscommand in comments - Parses the username and reason from the format
/kudos @username reason for kudos - Makes an API call to the BLT backend to store the kudos
- Responds in the GitHub issue to confirm the kudos were processed
For this to work, you'll need to:
- Add the
axiosdependency to your package.json:
npm install axios --save
- Set up the following environment variables in your GitHub Action:
BLT_API_URL: The URL to your BLT API endpointBLT_API_TOKEN: An API token with permission to create kudos
You'll also need to implement the API endpoint in your BLT backend that handles creating kudos and managing users (creating them if they don't exist). The endpoint would be responsible for implementing the logic you described: if the user doesn't have their GitHub username set up, it adds them to the users table with a link to the social account.
Would you like me to help with implementing the backend API endpoint as well?
![coderabbitai[bot] avatar](https://avatars.githubusercontent.com/in/347564?v=4 "Published by a pub.dev verified publisher"){kind=small}
⚠️ Failed to send kudos to the team API. Please try again later.