Merge pull request #7 from th30d4y/copilot/create-log-automation

Harden log-mirroring setup to use `LOGS_REPO_PAT` secret and remove plaintext token handling
2026-05-26 19:26:33 +00:00 · 2026-04-19 12:39:31 +05:30
parent 23e4e587bd 116965b0db
commit 91f5b95876
2 changed files with 133 additions and 1 deletions
@@ -0,0 +1,114 @@
+name: Mirror repository events to LOGS
+
+on:
+  push:
+  pull_request:
+  issues:
+  issue_comment:
+  pull_request_review:
+  pull_request_review_comment:
+  watch:
+    types: [started]
+  fork:
+  create:
+  delete:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  mirror-event-log:
+    runs-on: ubuntu-latest
+    env:
+      LOG_ROOT_DIR: openlearnx-events
+    steps:
+      - name: Ensure personal access token exists
+        env:
+          LOGS_REPO_PAT: ${{ secrets.LOGS_REPO_PAT }}
+        run: |
+          if [ -z "$LOGS_REPO_PAT" ]; then
+            echo "Missing required secret: LOGS_REPO_PAT. See README.md for setup instructions."
+            exit 1
+          fi
+
+      - name: Checkout logs repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        with:
+          repository: th30d4y/LOGS
+          token: ${{ secrets.LOGS_REPO_PAT }}
+          path: logs-repo
+
+      - name: Append event payload to daily log file
+        env:
+          SOURCE_REPOSITORY: ${{ github.repository }}
+          SOURCE_EVENT_NAME: ${{ github.event_name }}
+          SOURCE_EVENT_ACTION: ${{ github.event.action }}
+          SOURCE_ACTOR: ${{ github.actor }}
+          SOURCE_REF: ${{ github.ref }}
+          SOURCE_SHA: ${{ github.sha }}
+          SOURCE_RUN_ID: ${{ github.run_id }}
+          SOURCE_RUN_ATTEMPT: ${{ github.run_attempt }}
+          SOURCE_SERVER_URL: ${{ github.server_url }}
+        run: |
+          set -euo pipefail
+          export TZ=UTC
+
+          DAY="$(date +%F)"
+          LOG_DIR="logs-repo/${LOG_ROOT_DIR}/$DAY"
+          mkdir -p "$LOG_DIR"
+          LOG_FILE="$LOG_DIR/events.jsonl"
+
+          if [ ! -r "$GITHUB_EVENT_PATH" ]; then
+            echo "GitHub event payload file is missing or unreadable: $GITHUB_EVENT_PATH. Check workflow run environment details."
+            exit 1
+          fi
+
+          jq -cn \
+            --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
+            --arg repository "$SOURCE_REPOSITORY" \
+            --arg event_name "$SOURCE_EVENT_NAME" \
+            --arg event_action "$SOURCE_EVENT_ACTION" \
+            --arg actor "$SOURCE_ACTOR" \
+            --arg ref "$SOURCE_REF" \
+            --arg sha "$SOURCE_SHA" \
+            --arg run_id "$SOURCE_RUN_ID" \
+            --arg run_attempt "$SOURCE_RUN_ATTEMPT" \
+            --arg run_url "$SOURCE_SERVER_URL/$SOURCE_REPOSITORY/actions/runs/$SOURCE_RUN_ID" \
+            --slurpfile payload "$GITHUB_EVENT_PATH" \
+            '{
+              timestamp: $timestamp,
+              source_repository: $repository,
+              event_name: $event_name,
+              event_action: (if $event_action == "" then null else $event_action end),
+              actor: $actor,
+              ref: (if $ref == "" then null else $ref end),
+              sha: (if $sha == "" then null else $sha end),
+              run: {
+                id: $run_id,
+                attempt: $run_attempt,
+                url: $run_url
+              },
+              payload: $payload[0]
+            }' >> "$LOG_FILE"
+
+          if [ ! -s "$LOG_FILE" ]; then
+            echo "Log write failed: $LOG_FILE was not created with content."
+            exit 1
+          fi
+
+      - name: Commit and push logs
+        run: |
+          set -euo pipefail
+          cd logs-repo
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          if [ -z "$(git status --porcelain)" ]; then
+            echo "No log changes to commit"
+            exit 0
+          fi
+
+          git add "${LOG_ROOT_DIR}"
+          git commit -m "log(OpenLearnX): ${{ github.event_name }} @ ${{ github.run_id }}"
+          git push
@@ -109,6 +109,24 @@ pnpm run dev

 ---

-
+## 🧾 Repository Event Logging Automation
+
+This repository includes a GitHub Actions workflow at:
+
+- `.github/workflows/mirror-repo-events-to-logs.yml`
+
+It captures repository events (push, pull request activity, stars, forks, create/delete, and related interactions) and appends structured JSON logs to:
+
+- `https://github.com/th30d4y/LOGS`
+
+### Required setup
+
+Add this repository secret in **OpenLearnX**:
+
+- `LOGS_REPO_PAT`: a Personal Access Token that can write to `th30d4y/LOGS`.
+  - Fine-grained PAT: grant repository access to `th30d4y/LOGS` with **Contents: Read and write**.
+  - Classic PAT: use **repo** scope.
+
+---