Skip to content
This repository was archived by the owner on May 30, 2026. It is now read-only.
Refact JetBrains Plugin CI build

feat(chat): enforce execution-time tool allowlist #14

Sign in to view logs

feat(chat): enforce execution-time tool allowlist

feat(chat): enforce execution-time tool allowlist #14

Workflow file for this run

.github/workflows/plugin_intellij_build.yml at 4632985
name: Refact JetBrains Plugin CI build
on:
push:
branches: [main, dev]
paths:
- "plugins/intellij/**"
- "refact-agent/gui/**"
- "refact-agent/engine/**"
- ".github/workflows/plugin_intellij_*"
- ".github/workflows/agent_gui_*"
- ".github/workflows/agent_engine_*"
pull_request:
paths:
- "plugins/intellij/**"
- "refact-agent/gui/**"
- "refact-agent/engine/**"
- ".github/workflows/plugin_intellij_*"
- ".github/workflows/agent_gui_*"
- ".github/workflows/agent_engine_*"
workflow_dispatch:
concurrency:
group: plugin-intellij-build-${{ github.head_ref || github.ref_name }}
cancel-in-progress: true
jobs:
engine:
uses: ./.github/workflows/agent_engine_build.yml
gui:
uses: ./.github/workflows/agent_gui_build.yml
build:
name: build
needs: [engine, gui]
runs-on: ubuntu-latest
outputs:
version: ${{ steps.properties.outputs.version }}
changelog: ${{ steps.properties.outputs.changelog }}
steps:
- name: Maximize build space
run: |
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download GUI package
uses: actions/download-artifact@v4
with:
pattern: lts-refact-chat-js-*.tgz
path: plugins/intellij/chat_package
merge-multiple: true
- name: Prepare GUI package
shell: bash
working-directory: plugins/intellij
run: |
mkdir -p ./chat_package_fixed
find ./chat_package -name "*.tgz" -type f -exec tar -xzf {} -C ./chat_package_fixed/ \;
rm -rf ./src/main/resources/webview/dist
mv ./chat_package_fixed/package/dist ./src/main/resources/webview/dist
rm -rf ./chat_package ./chat_package_fixed
- name: Download engine artifacts
uses: actions/download-artifact@v4
with:
pattern: dist-*
path: plugins/intellij/src/main/resources/bin
- name: Make engine artifacts executable
shell: bash
working-directory: plugins/intellij
run: chmod +x ./src/main/resources/bin/dist-*/refact-lsp || true
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: zulu
java-version: 17
- name: Export properties
id: properties
shell: bash
working-directory: plugins/intellij
run: |
echo "pluginVerifierHomeDir=~/.pluginVerifier" >> $GITHUB_OUTPUT
./gradlew properties --console=plain -q
./gradlew printProductsReleases
- name: Run tests
working-directory: plugins/intellij
run: ./gradlew check
- name: Collect test results
if: ${{ failure() }}
uses: actions/upload-artifact@v4
with:
name: intellij-tests-result
path: plugins/intellij/build/reports/tests
- name: Setup Plugin Verifier IDEs cache
uses: actions/cache@v4
with:
path: ${{ steps.properties.outputs.pluginVerifierHomeDir }}/ides
key: plugin-verifier-${{ hashFiles('plugins/intellij/build/listProductsReleases.txt') }}
- name: Run plugin verification tasks
working-directory: plugins/intellij
run: |
for attempt in 1 2; do
if ./gradlew verifyPlugin -Dplugin.verifier.home.dir=${{ steps.properties.outputs.pluginVerifierHomeDir }}; then
exit 0
fi
if [[ "$attempt" == "2" ]]; then
exit 1
fi
echo "Plugin verifier failed, retrying once after cleaning verifier reports"
rm -rf build/reports/pluginVerifier
sleep 10
done
- name: Collect plugin verifier result
if: ${{ always() }}
uses: actions/upload-artifact@v4
with:
name: intellij-pluginVerifier-result
path: plugins/intellij/build/reports/pluginVerifier
- name: Prepare plugin artifact
id: artifact
shell: bash
working-directory: plugins/intellij
run: |
cd build/distributions
FILENAME=$(ls *.zip)
unzip "$FILENAME" -d content
echo "filename=${FILENAME:0:-4}" >> $GITHUB_OUTPUT
- name: Upload JetBrains plugin artifact
uses: actions/upload-artifact@v4
with:
name: ${{ steps.artifact.outputs.filename }}
path: plugins/intellij/build/distributions/content/*/*