refactor(difc): extract modifyTags helper to deduplicate bulk label mutation pattern#2561
Closed
Copilot wants to merge 2 commits into
Closed
refactor(difc): extract modifyTags helper to deduplicate bulk label mutation pattern#2561Copilot wants to merge 2 commits into
Copilot wants to merge 2 commits into
Conversation
6 tasks
…lication Agent-Logs-Url: https://github.com/github/gh-aw-mcpg/sessions/cacc16d5-0a78-459a-903b-8e9826b890a1 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Refactor bulk label operations to use shared helper
refactor(difc): extract modifyTags helper to deduplicate bulk label mutation pattern
Mar 26, 2026
This was referenced Mar 26, 2026
dra60153-eng
approved these changes
Mar 26, 2026
lpcox
added a commit
that referenced
this pull request
Mar 26, 2026
… env vars (#2569) 🤖 *This PR was created by Repo Assist, an automated AI assistant.* ## Summary Several DIFC flags in `internal/cmd/flags_difc.go` used `os.Getenv()` directly in the `init()` function instead of following the `getDefault*()` helper pattern documented in `flags.go`. Additionally, the helper table in `flags.go` referenced `getDefaultDIFCSinkServerIDs()` which did not exist — a stale documentation error. ## Changes **`internal/cmd/flags_difc.go`** - Adds `getDefaultDIFCSinkServerIDs()` (was referenced in `flags.go` table but missing) - Adds `getDefaultGuardPolicyJSON()` - Adds `getDefaultAllowOnlyOwner()` - Adds `getDefaultAllowOnlyRepo()` - Adds `getDefaultAllowOnlyMinIntegrity()` - Updates `init()` to use all helper functions consistently **`internal/cmd/flags.go`** - Expands the helper table to list all 11 `getDefault*()` helpers, including `getDefaultAllowOnlyScopePublic()` which existed but was not documented **`internal/cmd/flags_difc_test.go`** - Updates `TestGetDefaultDIFCSinkServerIDs` to call `getDefaultDIFCSinkServerIDs()` directly (previously tested `os.Getenv()` directly, not the helper) - Updates `TestGetDefaultGuardPolicyInputs` to call all new helpers, using `t.Setenv()` for cleaner automatic cleanup ## Rationale The `getDefault*()` pattern exists precisely to make each flag's environment variable override explicit and testable. Flags bypassing this pattern: 1. Are harder to test in isolation 2. Diverge from the codebase's own documented convention 3. Cannot be easily found via code search when looking for all env var defaults This is a pure refactor — no behavioural changes. `envutil.GetEnvString("X", "")` is equivalent to `os.Getenv("X")` for string flags (both return empty string as default), and the helpers for `owner`, `repo`, `min-integrity`, and `policy-json` all default to `""`. ## Test Status⚠️ **Infrastructure failure**: The CI environment for this workflow run does not have Go module dependencies available (network access to `proxy.golang.org` is blocked), so `make agent-finished` could not be run. The changes are a pure refactor with no logic changes, and the updated tests exercise the new helper functions directly using `t.Setenv()` for safe parallelism. The PR CI should run full tests in the normal build environment. > [!WARNING] > <details> > <summary><strong>⚠️ Firewall blocked 1 domain</strong></summary> > > The following domain was blocked by the firewall during workflow execution: > > - `proxy.golang.org` > > To allow these domains, add them to the `network.allowed` list in your workflow frontmatter: > > ```yaml > network: > allowed: > - defaults > - "proxy.golang.org" > ``` > > See [Network Configuration](https://github.github.com/gh-aw/reference/network/) for more information. > > </details> > [!NOTE] > <details> > <summary><b>🔒 Integrity filter blocked 14 items</b></summary> > > The following items were blocked because they don't meet the GitHub integrity level. > > - [#2567](#2567) `list_pull_requests`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - [#2561](#2561) `list_pull_requests`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #2568 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #2566 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #2565 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #2563 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #2560 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #2559 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #2558 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #2557 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #2554 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - #1711 `list_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - search_issues `search_issues`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > - [#2278](#2278) `issue_read`: has lower integrity than agent requires. The agent cannot read data with integrity below "merged". > > To allow these resources, lower `min-integrity` in your GitHub frontmatter: > > ```yaml > tools: > github: > min-integrity: approved # merged | approved | unapproved | none > ``` > > </details> > Generated by [Repo Assist](https://github.com/github/gh-aw-mcpg/actions/runs/23583377899) · [◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw-mcpg+%22gh-aw-workflow-id%3A+repo-assist%22&type=pullrequests) > > To install this [agentic workflow](https://github.com/githubnext/agentics/tree/851905c06e905bf362a9f6cc54f912e3df747d55/workflows/repo-assist.md), run > ``` > gh aw add githubnext/agentics@851905c > ``` <!-- gh-aw-agentic-workflow: Repo Assist, engine: copilot, model: auto, id: 23583377899, workflow_id: repo-assist, run: https://github.com/github/gh-aw-mcpg/actions/runs/23583377899 --> <!-- gh-aw-workflow-id: repo-assist -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
AddSecrecyTags,AddIntegrityTags, andDropIntegrityTagseach duplicated the same lock–operate–log boilerplate, while single-tag variants already delegated tomodifyTag. This adds a parallelmodifyTagshelper and refactors all three bulk methods to use it.Changes
New helper
modifyTagsininternal/difc/agent.go— mirrorsmodifyTagbut operates on[]Tag, with conditional operational logging (only whenlen(tags) > 0):Refactored bulk methods to delegate to the helper:
Log formats and behavior are preserved exactly.
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
example.com/tmp/go-build1956433166/b334/launcher.test /tmp/go-build1956433166/b334/launcher.test -test.testlogfile=/tmp/go-build1956433166/b334/testlog.txt -test.paniconexit0 -test.timeout=10m0s 8206�� ache/go/1.25.8/x64/src/runtime/c-c=4 SxT3yfSsn x_amd64/vet(dns block)invalid-host-that-does-not-exist-12345.com/tmp/go-build1956433166/b319/config.test /tmp/go-build1956433166/b319/config.test -test.testlogfile=/tmp/go-build1956433166/b319/testlog.txt -test.paniconexit0 -test.timeout=10m0s conf�� _.a mon/httpcommon.go x_amd64/compile(dns block)nonexistent.local/tmp/go-build1956433166/b334/launcher.test /tmp/go-build1956433166/b334/launcher.test -test.testlogfile=/tmp/go-build1956433166/b334/testlog.txt -test.paniconexit0 -test.timeout=10m0s 8206�� ache/go/1.25.8/x64/src/runtime/c-c=4 SxT3yfSsn x_amd64/vet(dns block)slow.example.com/tmp/go-build1956433166/b334/launcher.test /tmp/go-build1956433166/b334/launcher.test -test.testlogfile=/tmp/go-build1956433166/b334/testlog.txt -test.paniconexit0 -test.timeout=10m0s 8206�� ache/go/1.25.8/x64/src/runtime/c-c=4 SxT3yfSsn x_amd64/vet(dns block)this-host-does-not-exist-12345.com/tmp/go-build1956433166/b343/mcp.test /tmp/go-build1956433166/b343/mcp.test -test.testlogfile=/tmp/go-build1956433166/b343/testlog.txt -test.paniconexit0 -test.timeout=10m0s -obj�� /middleware/jqschema.go -importpath x_amd64/compile -import_runtime_runc -import_syscall=--version -ldflags="-O2" "-g" "-lpthread" x_amd64/compile -I _.a 820628/b151/ x_amd64/vet --gdwarf-5 ernal/mcp -o x_amd64/vet(dns block)If you need me to access, download, or install something from one of these locations, you can either:
💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.