ci: add scheduled workflow to sync QQ group info from index.json#28
Merged
Aliothmoon merged 3 commits intomainfrom Apr 5, 2026
Merged
ci: add scheduled workflow to sync QQ group info from index.json#28Aliothmoon merged 3 commits intomainfrom
Aliothmoon merged 3 commits intomainfrom
Conversation
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey - 我发现了两个问题,并给出了一些整体层面的反馈:
sed的替换使用了未转义的插值变量(例如$USER_LINK、$DEV_LINK),如果数据中包含对sed有特殊意义的字符(如&或所选分隔符),就会出错;建议在替换前预先对这些值进行转义,或使用更健壮的模板/更新方式。curl -sf ... || exit 0这一行会在出现网络或 HTTP 错误时让任务静默成功;若能记录失败原因和/或让任务失败,会更利于排查问题,以便及时发现远程index.json的问题。
给 AI Agent 的提示词
Please address the comments from this code review:
## Overall Comments
- The `sed` replacements use unescaped interpolated values (e.g., `$USER_LINK`, `$DEV_LINK`), which will break if the data contains characters meaningful to `sed` (like `&` or the chosen delimiter); consider pre-escaping these values before substitution or using a more robust templating/update approach.
- The `curl -sf ... || exit 0` line causes the job to silently succeed on network or HTTP errors; it would be more debuggable to log the failure reason and/or fail the job so issues with the remote `index.json` can be detected promptly.
## Individual Comments
### Comment 1
<location path=".github/workflows/sync-qq-groups.yml" line_range="38-41" />
<code_context>
+
+ # 替换 constants.ts 中的值
+ FILE="app/constants.ts"
+ sed -i "s|USER_GROUP: \".*\"|USER_GROUP: \"$USER_GROUP\"|" "$FILE"
+ sed -i "s|USER_GROUP_LINK: \".*\"|USER_GROUP_LINK: \"$USER_LINK\"|" "$FILE"
+ sed -i "s|DEV_GROUP: \".*\"|DEV_GROUP: \"$DEV_GROUP\"|" "$FILE"
+ sed -i "s|DEV_GROUP_LINK: \".*\"|DEV_GROUP_LINK: \"$DEV_LINK\"|" "$FILE"
+
+ # 同步 README.md
</code_context>
<issue_to_address>
**issue:** 如果这些值中包含对 sed 有特殊意义的字符(例如 `|`、`&` 或反斜杠),当前的 sed 替换会出错。
由于变量被直接插入到了 `sed` 的替换部分中,`$USER_LINK`/`$DEV_LINK` 中的任何 `|`、`&` 或反斜杠都可能导致 `sed` 失败或替换到错误的文本。请在将这些值传给 `sed` 之前先进行转义,或者改用更安全的机制(例如使用带 `quotemeta` 的 `perl -pi -e`,或者编写一个小的 Node/TS 脚本,以结构化方式改写 `constants.ts`,而不是通过正则)。
</issue_to_address>
### Comment 2
<location path=".github/workflows/sync-qq-groups.yml" line_range="24-30" />
<code_context>
+ DEV_LINK=$(echo "$DATA" | jq -r '.qq_groups.dev.link // empty')
+
+ # 任一字段为空则跳过
+ if [ -z "$USER_GROUP" ] || [ -z "$USER_LINK" ] || [ -z "$DEV_GROUP" ] || [ -z "$DEV_LINK" ]; then
+ echo "Missing fields in index.json, skipping"
+ exit 0
+ fi
+
</code_context>
<issue_to_address>
**suggestion (bug_risk):** 在字段缺失时静默退出,可能会掩盖上游数据的问题。
由于这里任务是以成功状态退出的,仓库可能会一直保留旧数据,而 `index.json` 中的问题也可能长期不被发现。相反,建议让任务失败(`exit 1`),或者至少使用 `::warning::` / `::error::`,这样在 Actions UI 中就能清晰地看到数据缺失或格式错误。
```suggestion
# 解析字段
USER_GROUP=$(echo "$DATA" | jq -r '.qq_groups.user.number // empty')
USER_LINK=$(echo "$DATA" | jq -r '.qq_groups.user.link // empty')
DEV_GROUP=$(echo "$DATA" | jq -r '.qq_groups.dev.number // empty')
DEV_LINK=$(echo "$DATA" | jq -r '.qq_groups.dev.link // empty')
# 任一字段为空则报错并终止,以便在 Actions UI 中能明显看到问题
if [ -z "$USER_GROUP" ] || [ -z "$USER_LINK" ] || [ -z "$DEV_GROUP" ] || [ -z "$DEV_LINK" ]; then
echo "::error::Missing qq_groups fields in index.json (user/dev number/link); refusing to update QQ group info."
exit 1
fi
```
</issue_to_address>帮我变得更有用!请在每条评论上点 👍 或 👎,我会根据你的反馈改进后续的 Review。
Original comment in English
Hey - I've found 2 issues, and left some high level feedback:
- The
sedreplacements use unescaped interpolated values (e.g.,$USER_LINK,$DEV_LINK), which will break if the data contains characters meaningful tosed(like&or the chosen delimiter); consider pre-escaping these values before substitution or using a more robust templating/update approach. - The
curl -sf ... || exit 0line causes the job to silently succeed on network or HTTP errors; it would be more debuggable to log the failure reason and/or fail the job so issues with the remoteindex.jsoncan be detected promptly.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The `sed` replacements use unescaped interpolated values (e.g., `$USER_LINK`, `$DEV_LINK`), which will break if the data contains characters meaningful to `sed` (like `&` or the chosen delimiter); consider pre-escaping these values before substitution or using a more robust templating/update approach.
- The `curl -sf ... || exit 0` line causes the job to silently succeed on network or HTTP errors; it would be more debuggable to log the failure reason and/or fail the job so issues with the remote `index.json` can be detected promptly.
## Individual Comments
### Comment 1
<location path=".github/workflows/sync-qq-groups.yml" line_range="38-41" />
<code_context>
+
+ # 替换 constants.ts 中的值
+ FILE="app/constants.ts"
+ sed -i "s|USER_GROUP: \".*\"|USER_GROUP: \"$USER_GROUP\"|" "$FILE"
+ sed -i "s|USER_GROUP_LINK: \".*\"|USER_GROUP_LINK: \"$USER_LINK\"|" "$FILE"
+ sed -i "s|DEV_GROUP: \".*\"|DEV_GROUP: \"$DEV_GROUP\"|" "$FILE"
+ sed -i "s|DEV_GROUP_LINK: \".*\"|DEV_GROUP_LINK: \"$DEV_LINK\"|" "$FILE"
+
+ # 同步 README.md
</code_context>
<issue_to_address>
**issue:** The sed replacements will break if any of the values contain characters meaningful to sed (e.g. `|`, `&`, or backslashes).
Because the variables are interpolated directly into the replacement part of `sed`, any `|`, `&`, or backslashes in `$USER_LINK`/`$DEV_LINK` can make `sed` fail or substitute the wrong text. Please either escape these values before passing them to `sed`, or switch to a safer mechanism (e.g., `perl -pi -e` with `quotemeta`, or a small Node/TS script that rewrites `constants.ts` structurally instead of via regex).
</issue_to_address>
### Comment 2
<location path=".github/workflows/sync-qq-groups.yml" line_range="24-30" />
<code_context>
+ DEV_LINK=$(echo "$DATA" | jq -r '.qq_groups.dev.link // empty')
+
+ # 任一字段为空则跳过
+ if [ -z "$USER_GROUP" ] || [ -z "$USER_LINK" ] || [ -z "$DEV_GROUP" ] || [ -z "$DEV_LINK" ]; then
+ echo "Missing fields in index.json, skipping"
+ exit 0
+ fi
+
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Silently exiting on missing fields can mask upstream data issues.
Because the job exits successfully here, the repo can keep stale values and issues with `index.json` may go unnoticed. Instead, consider failing the job (`exit 1`) or at least using `::warning::` / `::error::` so missing or malformed data is clearly visible in the Actions UI.
```suggestion
# 解析字段
USER_GROUP=$(echo "$DATA" | jq -r '.qq_groups.user.number // empty')
USER_LINK=$(echo "$DATA" | jq -r '.qq_groups.user.link // empty')
DEV_GROUP=$(echo "$DATA" | jq -r '.qq_groups.dev.number // empty')
DEV_LINK=$(echo "$DATA" | jq -r '.qq_groups.dev.link // empty')
# 任一字段为空则报错并终止,以便在 Actions UI 中能明显看到问题
if [ -z "$USER_GROUP" ] || [ -z "$USER_LINK" ] || [ -z "$DEV_GROUP" ] || [ -z "$DEV_LINK" ]; then
echo "::error::Missing qq_groups fields in index.json (user/dev number/link); refusing to update QQ group info."
exit 1
fi
```
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Comment on lines
+24
to
+30
| # 解析字段 | ||
| USER_GROUP=$(echo "$DATA" | jq -r '.qq_groups.user.number // empty') | ||
| USER_LINK=$(echo "$DATA" | jq -r '.qq_groups.user.link // empty') | ||
| DEV_GROUP=$(echo "$DATA" | jq -r '.qq_groups.dev.number // empty') | ||
| DEV_LINK=$(echo "$DATA" | jq -r '.qq_groups.dev.link // empty') | ||
|
|
||
| # 任一字段为空则跳过 |
There was a problem hiding this comment.
suggestion (bug_risk): 在字段缺失时静默退出,可能会掩盖上游数据的问题。
由于这里任务是以成功状态退出的,仓库可能会一直保留旧数据,而 index.json 中的问题也可能长期不被发现。相反,建议让任务失败(exit 1),或者至少使用 ::warning:: / ::error::,这样在 Actions UI 中就能清晰地看到数据缺失或格式错误。
Suggested change
| # 解析字段 | |
| USER_GROUP=$(echo "$DATA" | jq -r '.qq_groups.user.number // empty') | |
| USER_LINK=$(echo "$DATA" | jq -r '.qq_groups.user.link // empty') | |
| DEV_GROUP=$(echo "$DATA" | jq -r '.qq_groups.dev.number // empty') | |
| DEV_LINK=$(echo "$DATA" | jq -r '.qq_groups.dev.link // empty') | |
| # 任一字段为空则跳过 | |
| # 解析字段 | |
| USER_GROUP=$(echo "$DATA" | jq -r '.qq_groups.user.number // empty') | |
| USER_LINK=$(echo "$DATA" | jq -r '.qq_groups.user.link // empty') | |
| DEV_GROUP=$(echo "$DATA" | jq -r '.qq_groups.dev.number // empty') | |
| DEV_LINK=$(echo "$DATA" | jq -r '.qq_groups.dev.link // empty') | |
| # 任一字段为空则报错并终止,以便在 Actions UI 中能明显看到问题 | |
| if [ -z "$USER_GROUP" ] || [ -z "$USER_LINK" ] || [ -z "$DEV_GROUP" ] || [ -z "$DEV_LINK" ]; then | |
| echo "::error::Missing qq_groups fields in index.json (user/dev number/link); refusing to update QQ group info." | |
| exit 1 | |
| fi |
Original comment in English
suggestion (bug_risk): Silently exiting on missing fields can mask upstream data issues.
Because the job exits successfully here, the repo can keep stale values and issues with index.json may go unnoticed. Instead, consider failing the job (exit 1) or at least using ::warning:: / ::error:: so missing or malformed data is clearly visible in the Actions UI.
Suggested change
| # 解析字段 | |
| USER_GROUP=$(echo "$DATA" | jq -r '.qq_groups.user.number // empty') | |
| USER_LINK=$(echo "$DATA" | jq -r '.qq_groups.user.link // empty') | |
| DEV_GROUP=$(echo "$DATA" | jq -r '.qq_groups.dev.number // empty') | |
| DEV_LINK=$(echo "$DATA" | jq -r '.qq_groups.dev.link // empty') | |
| # 任一字段为空则跳过 | |
| # 解析字段 | |
| USER_GROUP=$(echo "$DATA" | jq -r '.qq_groups.user.number // empty') | |
| USER_LINK=$(echo "$DATA" | jq -r '.qq_groups.user.link // empty') | |
| DEV_GROUP=$(echo "$DATA" | jq -r '.qq_groups.dev.number // empty') | |
| DEV_LINK=$(echo "$DATA" | jq -r '.qq_groups.dev.link // empty') | |
| # 任一字段为空则报错并终止,以便在 Actions UI 中能明显看到问题 | |
| if [ -z "$USER_GROUP" ] || [ -z "$USER_LINK" ] || [ -z "$DEV_GROUP" ] || [ -z "$DEV_LINK" ]; then | |
| echo "::error::Missing qq_groups fields in index.json (user/dev number/link); refusing to update QQ group info." | |
| exit 1 | |
| fi |
There was a problem hiding this comment.
Hey - 我发现了两个问题,并提供了一些整体性的反馈:
- 在 PR 标题/描述中,该工作流被描述为“定时运行”,但目前只使用了
repository_dispatch和workflow_dispatch触发器;如果你希望它按 cron 自动运行,建议添加一个schedule触发器。 - 用于更新
README.md的sed模式与现有的链接/编号格式以及 QQ 域名强耦合;建议为正则增加锚点或放宽匹配(或者使用更结构化的更新脚本),以避免在 README 格式有小调整或域名有变化时,悄悄导致同步失败。
供 AI 代理使用的提示
Please address the comments from this code review:
## Overall Comments
- The workflow is described as scheduled in the PR title/description but currently only uses `repository_dispatch` and `workflow_dispatch` triggers; consider adding a `schedule` trigger if you do want it to run automatically on a cron.
- The `sed` patterns for updating `README.md` are tightly coupled to the existing link/number format and QQ domain; consider anchoring or loosening the regex (or using a more structured update script) so that minor README formatting changes or domain variations don’t silently break the sync.
## Individual Comments
### Comment 1
<location path=".github/workflows/sync-qq-groups.yml" line_range="39-42" />
<code_context>
+
+ # 替换 constants.ts 中的值
+ FILE="app/constants.ts"
+ sed -i "s|USER_GROUP: \".*\"|USER_GROUP: \"$USER_GROUP\"|" "$FILE"
+ sed -i "s|USER_GROUP_LINK: \".*\"|USER_GROUP_LINK: \"$USER_LINK\"|" "$FILE"
+ sed -i "s|DEV_GROUP: \".*\"|DEV_GROUP: \"$DEV_GROUP\"|" "$FILE"
+ sed -i "s|DEV_GROUP_LINK: \".*\"|DEV_GROUP_LINK: \"$DEV_LINK\"|" "$FILE"
+
+ # 同步 README.md
</code_context>
<issue_to_address>
**issue (bug_risk):** Unescaped replacement values in sed can break updates if they contain '&' or backslashes.
In the replacement part of these sed commands, any `&` or `\` in `$USER_GROUP`, `$USER_LINK`, `$DEV_GROUP`, or `$DEV_LINK` will be treated specially by sed and can corrupt the resulting lines. To make this robust, escape these characters in the variables first (e.g., `&` → `\&`, `\` → `\\`), or switch to a safer update mechanism such as a small Node/TS script that edits `constants.ts` directly.
</issue_to_address>
### Comment 2
<location path=".github/workflows/sync-qq-groups.yml" line_range="23" />
<code_context>
+ - name: Fetch index.json and update constants
+ run: |
+ # 拉取远程数据
+ DATA=$(curl -sf https://end.maafw.com/index.json) || exit 0
+
+ # 解析字段
</code_context>
<issue_to_address>
**suggestion (bug_risk):** curl has no timeout, so the job might hang on network issues.
A hanging or very slow endpoint could block this job indefinitely. Please add an explicit timeout (e.g. `--connect-timeout` and/or `--max-time`, such as `curl -sf --connect-timeout 5 --max-time 15 ...`) so the step fails or exits within a bounded time.
```suggestion
DATA=$(curl -sf --connect-timeout 5 --max-time 15 https://end.maafw.com/index.json) || exit 0
```
</issue_to_address>帮我变得更有用!请在每条评论上点击 👍 或 👎,我会根据你的反馈改进后续的代码审查。
Original comment in English
Hey - I've found 2 issues, and left some high level feedback:
- The workflow is described as scheduled in the PR title/description but currently only uses
repository_dispatchandworkflow_dispatchtriggers; consider adding ascheduletrigger if you do want it to run automatically on a cron. - The
sedpatterns for updatingREADME.mdare tightly coupled to the existing link/number format and QQ domain; consider anchoring or loosening the regex (or using a more structured update script) so that minor README formatting changes or domain variations don’t silently break the sync.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The workflow is described as scheduled in the PR title/description but currently only uses `repository_dispatch` and `workflow_dispatch` triggers; consider adding a `schedule` trigger if you do want it to run automatically on a cron.
- The `sed` patterns for updating `README.md` are tightly coupled to the existing link/number format and QQ domain; consider anchoring or loosening the regex (or using a more structured update script) so that minor README formatting changes or domain variations don’t silently break the sync.
## Individual Comments
### Comment 1
<location path=".github/workflows/sync-qq-groups.yml" line_range="39-42" />
<code_context>
+
+ # 替换 constants.ts 中的值
+ FILE="app/constants.ts"
+ sed -i "s|USER_GROUP: \".*\"|USER_GROUP: \"$USER_GROUP\"|" "$FILE"
+ sed -i "s|USER_GROUP_LINK: \".*\"|USER_GROUP_LINK: \"$USER_LINK\"|" "$FILE"
+ sed -i "s|DEV_GROUP: \".*\"|DEV_GROUP: \"$DEV_GROUP\"|" "$FILE"
+ sed -i "s|DEV_GROUP_LINK: \".*\"|DEV_GROUP_LINK: \"$DEV_LINK\"|" "$FILE"
+
+ # 同步 README.md
</code_context>
<issue_to_address>
**issue (bug_risk):** Unescaped replacement values in sed can break updates if they contain '&' or backslashes.
In the replacement part of these sed commands, any `&` or `\` in `$USER_GROUP`, `$USER_LINK`, `$DEV_GROUP`, or `$DEV_LINK` will be treated specially by sed and can corrupt the resulting lines. To make this robust, escape these characters in the variables first (e.g., `&` → `\&`, `\` → `\\`), or switch to a safer update mechanism such as a small Node/TS script that edits `constants.ts` directly.
</issue_to_address>
### Comment 2
<location path=".github/workflows/sync-qq-groups.yml" line_range="23" />
<code_context>
+ - name: Fetch index.json and update constants
+ run: |
+ # 拉取远程数据
+ DATA=$(curl -sf https://end.maafw.com/index.json) || exit 0
+
+ # 解析字段
</code_context>
<issue_to_address>
**suggestion (bug_risk):** curl has no timeout, so the job might hang on network issues.
A hanging or very slow endpoint could block this job indefinitely. Please add an explicit timeout (e.g. `--connect-timeout` and/or `--max-time`, such as `curl -sf --connect-timeout 5 --max-time 15 ...`) so the step fails or exits within a bounded time.
```suggestion
DATA=$(curl -sf --connect-timeout 5 --max-time 15 https://end.maafw.com/index.json) || exit 0
```
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
| - name: Fetch index.json and update constants | ||
| run: | | ||
| # 拉取远程数据 | ||
| DATA=$(curl -sf https://end.maafw.com/index.json) || exit 0 |
There was a problem hiding this comment.
suggestion (bug_risk): curl 没有设置超时时间,在出现网络问题时任务可能会一直挂起。
如果接口长时间无响应或非常缓慢,这一步可能会被无限阻塞。请显式添加超时参数(例如 --connect-timeout 和/或 --max-time,如 curl -sf --connect-timeout 5 --max-time 15 ...),以确保该步骤在有限时间内失败或退出。
Suggested change
| DATA=$(curl -sf https://end.maafw.com/index.json) || exit 0 | |
| DATA=$(curl -sf --connect-timeout 5 --max-time 15 https://end.maafw.com/index.json) || exit 0 |
Original comment in English
suggestion (bug_risk): curl has no timeout, so the job might hang on network issues.
A hanging or very slow endpoint could block this job indefinitely. Please add an explicit timeout (e.g. --connect-timeout and/or --max-time, such as curl -sf --connect-timeout 5 --max-time 15 ...) so the step fails or exits within a bounded time.
Suggested change
| DATA=$(curl -sf https://end.maafw.com/index.json) || exit 0 | |
| DATA=$(curl -sf --connect-timeout 5 --max-time 15 https://end.maafw.com/index.json) || exit 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
由 Sourcery 生成的摘要
CI:
index.json获取 QQ 群信息,更新app/constants.ts和README.md,并自动提交所有变更。Original summary in English
Summary by Sourcery
CI:
index.json获取 QQ 群数据,相应地更新app/constants.ts和README.md,并自动提交所有变更。Original summary in English
Summary by Sourcery
CI: