Skip to content

Display secrecy and integrity fields in safe output step summary renderer #19552

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pelikhan merged 6 commits into from
Mar 4, 2026
Merged

Display secrecy and integrity fields in safe output step summary renderer #19552

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3f342e3
Initial plan
Copilot Mar 4, 2026
ce5776a
Display secrecy and integrity fields in safe output step summary rend…
Copilot Mar 4, 2026
3fe1dc8
Add changeset [skip-ci]
Mar 4, 2026
3062e0b
ci: trigger checks
github-actions[bot] Mar 4, 2026
6acf391
Merge branch 'main' into copilot/update-safe-output-summary-renderer
pelikhan Mar 4, 2026
85bb7c9
Merge branch 'main' into copilot/update-safe-output-summary-renderer
pelikhan Mar 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/patch-display-safe-output-secrecy-integrity.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions actions/setup/js/safe_output_summary.cjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,18 @@ function generateSafeOutputSummary(options) {
}
}

// Display secrecy and integrity security metadata fields if present in the message.
// secrecy indicates the confidentiality level of the message content.
// integrity indicates the trustworthiness level of the message source.
if (message) {
if (message.secrecy !== undefined && message.secrecy !== null) {
summary += `**Secrecy:** \`${message.secrecy}\`\n\n`;
Copy link
Contributor

@github-actions github-actions bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The secrecy/integrity display logic correctly uses both undefined and null checks before rendering. Consider adding a brief validation that values are strings before interpolating them into the markdown summary to avoid unexpected rendering if non-string values are passed.

}
if (message.integrity !== undefined && message.integrity !== null) {
summary += `**Integrity:** \`${message.integrity}\`\n\n`;
}
}

summary += `</details>\n\n`;

return summary;
Expand Down
111 changes: 111 additions & 0 deletions actions/setup/js/safe_output_summary.test.cjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,117 @@ describe("safe_output_summary", () => {
expect(summary).toContain("Project URL");
expect(summary).toContain("https://github.com/orgs/owner/projects/123");
});

it("should display secrecy field when present in message", () => {
const options = {
type: "create_issue",
messageIndex: 1,
success: true,
result: {
repo: "owner/repo",
number: 123,
},
message: {
title: "Secure Issue",
body: "Sensitive content",
secrecy: "private",
},
};

const summary = generateSafeOutputSummary(options);

expect(summary).toContain("Secrecy:");
expect(summary).toContain("private");
});

it("should display integrity field when present in message", () => {
const options = {
type: "create_issue",
messageIndex: 1,
success: true,
result: {
repo: "owner/repo",
number: 123,
},
message: {
title: "Trusted Issue",
body: "Verified content",
integrity: "high",
},
};

const summary = generateSafeOutputSummary(options);

expect(summary).toContain("Integrity:");
expect(summary).toContain("high");
});

it("should display both secrecy and integrity fields when present", () => {
const options = {
type: "add_comment",
messageIndex: 2,
Copy link
Contributor

@github-actions github-actions bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good test coverage including the failure case (success: false). The test at line 220+ verifies that secrecy/integrity fields are displayed even when the operation fails — this is an important edge case to validate.

success: true,
result: {
repo: "owner/repo",
number: 456,
},
message: {
body: "A comment",
secrecy: "internal",
integrity: "medium",
},
};

const summary = generateSafeOutputSummary(options);

expect(summary).toContain("Secrecy:");
expect(summary).toContain("internal");
expect(summary).toContain("Integrity:");
expect(summary).toContain("medium");
});

it("should not display secrecy or integrity when absent from message", () => {
const options = {
type: "create_issue",
messageIndex: 1,
success: true,
result: {
repo: "owner/repo",
number: 123,
},
message: {
title: "Normal Issue",
body: "Normal content",
},
};

const summary = generateSafeOutputSummary(options);

expect(summary).not.toContain("Secrecy:");
expect(summary).not.toContain("Integrity:");
});

it("should display secrecy and integrity fields even when operation fails", () => {
const options = {
type: "create_issue",
messageIndex: 1,
success: false,
result: null,
message: {
title: "Failed Issue",
secrecy: "public",
integrity: "low",
},
error: "Permission denied",
};

const summary = generateSafeOutputSummary(options);

expect(summary).toContain("Secrecy:");
expect(summary).toContain("public");
expect(summary).toContain("Integrity:");
expect(summary).toContain("low");
});
});

describe("writeSafeOutputSummaries", () => {
Expand Down
Loading
Loading