From cd5b7389dfde5f0a993d6f6d7650ffe8dd238f1e Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 5 Nov 2025 17:24:08 +0000 Subject: [PATCH 1/2] Add comprehensive Devin file operations workflow This workflow demonstrates the complete Devin API file operations including the newly implemented download-attachment-files endpoint. Features demonstrated: - Create Devin session for code analysis - Upload context files to session (upload-files) - Send additional instructions (send-message) - Download analysis deliverables (download-attachment-files) - Update session tags (update-tags) - Save downloaded files as workflow artifacts The workflow provides a practical example of using Devin for automated code analysis with file uploads and downloads, showcasing all file-related API operations in a real-world scenario. Related PR: https://github.com/samfert-codeium/DEVIN-GITHUB-ACTIONS/pull/4 Requested by: Sam Fertig (@samfert-codeium) Devin session: https://app.devin.ai/sessions/de834578e708491d9e12a84dffc5d1c0 Co-Authored-By: Sam Fertig --- .github/workflows/devin-file-operations.yml | 273 ++++++++++++++++++++ 1 file changed, 273 insertions(+) create mode 100644 .github/workflows/devin-file-operations.yml diff --git a/.github/workflows/devin-file-operations.yml b/.github/workflows/devin-file-operations.yml new file mode 100644 index 0000000..9d842e4 --- /dev/null +++ b/.github/workflows/devin-file-operations.yml @@ -0,0 +1,273 @@ +name: Devin File Operations Demo + +on: + workflow_dispatch: + inputs: + analysis_type: + description: 'Type of analysis to perform' + required: true + type: choice + options: + - security-audit + - code-quality-review + - architecture-analysis + - performance-analysis + upload_reports: + description: 'Upload analysis reports back to workflow' + required: false + type: boolean + default: true + +jobs: + devin-analysis-with-files: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Prepare analysis context files + id: prepare-files + run: | + mkdir -p /tmp/devin-context + + echo "Creating context files for Devin analysis..." + + cat > /tmp/devin-context/project-structure.txt << 'EOF' + Banking Microservices Application Structure: + + Services: + 1. Service-Registry (Eureka) - Port 8761 + 2. API-Gateway (Spring Cloud Gateway) - Port 8080 + 3. User-Service - Port 8081 + 4. Account-Service - Port 8082 + 5. Fund-Transfer - Port 8083 + 6. Transaction-Service - Port 8084 + 7. Sequence-Generator - Port 8085 + + Technology Stack: + - Spring Boot 3.x + - Spring Cloud + - Spring Security with Keycloak + - MySQL databases (one per service) + - Maven for build management + EOF + + cat > /tmp/devin-context/security-checklist.txt << 'EOF' + Security Analysis Checklist: + + 1. Authentication & Authorization + - Keycloak integration in User-Service + - OAuth2 configuration in API Gateway + - JWT token validation + + 2. API Security + - Input validation + - SQL injection prevention + - CSRF protection + + 3. Data Protection + - Database connection security + - Sensitive data encryption + - Transaction integrity + + 4. Inter-Service Communication + - Service-to-service authentication + - Circuit breakers + - Rate limiting + EOF + + cat > /tmp/devin-context/analysis-instructions.txt << 'EOF' + Analysis Instructions for Devin: + + Focus Areas for ${{ github.event.inputs.analysis_type }}: + + Please analyze the Banking Microservices application with emphasis on: + - Code quality and maintainability + - Security best practices for financial applications + - Microservices design patterns + - Spring Boot best practices + - Database transaction handling + + After completing the analysis, please generate: + 1. A detailed analysis report (analysis-report.md) + 2. List of findings with severity levels (findings.json) + 3. Recommendations document (recommendations.md) + + Repository: ${{ github.repository }} + Branch: ${{ github.ref_name }} + EOF + + ls -la /tmp/devin-context/ + echo "context-dir=/tmp/devin-context" >> $GITHUB_OUTPUT + + - name: Create Devin Session with Context Files + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments + id: create-session + with: + action: 'create-session' + api-key: ${{ secrets.DEVIN_API_KEY }} + prompt: | + Perform a comprehensive ${{ github.event.inputs.analysis_type }} of the Banking Microservices application. + + I've uploaded context files that contain: + - Project structure and service details + - Security analysis checklist + - Specific analysis instructions + + Please review these files first, then analyze the codebase accordingly. + + After your analysis, please create the following deliverables and let me know when they're ready: + 1. analysis-report.md - Detailed findings and analysis + 2. findings.json - Structured list of issues found + 3. recommendations.md - Actionable recommendations + title: '${{ github.event.inputs.analysis_type }} - Banking Microservices' + tags: 'analysis,banking-microservices,file-operations' + + - name: Upload Context Files to Devin Session + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments + id: upload-context + with: + action: 'upload-files' + api-key: ${{ secrets.DEVIN_API_KEY }} + session-id: ${{ steps.create-session.outputs.session-id }} + file-paths: | + ${{ steps.prepare-files.outputs.context-dir }}/project-structure.txt + ${{ steps.prepare-files.outputs.context-dir }}/security-checklist.txt + ${{ steps.prepare-files.outputs.context-dir }}/analysis-instructions.txt + + - name: Send Additional Context + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments + with: + action: 'send-message' + api-key: ${{ secrets.DEVIN_API_KEY }} + session-id: ${{ steps.create-session.outputs.session-id }} + message: | + Analysis context files have been uploaded. Please review them before proceeding with the analysis. + + Key areas to focus on: + - Service Registry and discovery patterns + - API Gateway security configuration + - Database transaction management in Fund Transfer + - Authentication flow with Keycloak + - Inter-service communication patterns + + When you've completed the analysis and generated the deliverables, please upload them as attachments so I can download them. + + - name: Wait for Analysis Completion + run: | + echo "⏳ Waiting for Devin to complete the analysis..." + echo "" + echo "Monitor progress at: ${{ steps.create-session.outputs.session-url }}" + echo "" + echo "Once Devin uploads the analysis deliverables, you can retrieve them using the download-attachment-files action." + echo "" + echo "Session ID: ${{ steps.create-session.outputs.session-id }}" + + - name: Download Analysis Report (Example) + if: github.event.inputs.upload_reports == 'true' + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments + id: download-report + continue-on-error: true + with: + action: 'download-attachment-files' + api-key: ${{ secrets.DEVIN_API_KEY }} + attachment-uuid: 'REPLACE_WITH_ACTUAL_UUID' + attachment-name: 'analysis-report.md' + + - name: Download Findings (Example) + if: github.event.inputs.upload_reports == 'true' + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments + id: download-findings + continue-on-error: true + with: + action: 'download-attachment-files' + api-key: ${{ secrets.DEVIN_API_KEY }} + attachment-uuid: 'REPLACE_WITH_ACTUAL_UUID' + attachment-name: 'findings.json' + + - name: Download Recommendations (Example) + if: github.event.inputs.upload_reports == 'true' + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments + id: download-recommendations + continue-on-error: true + with: + action: 'download-attachment-files' + api-key: ${{ secrets.DEVIN_API_KEY }} + attachment-uuid: 'REPLACE_WITH_ACTUAL_UUID' + attachment-name: 'recommendations.md' + + - name: Save Downloaded Files + if: github.event.inputs.upload_reports == 'true' && steps.download-report.outcome == 'success' + run: | + mkdir -p analysis-output + + if [ -n "${{ steps.download-report.outputs.response }}" ]; then + echo "${{ steps.download-report.outputs.response }}" > analysis-output/analysis-report.md + echo "✓ Saved analysis-report.md" + fi + + if [ -n "${{ steps.download-findings.outputs.response }}" ]; then + echo "${{ steps.download-findings.outputs.response }}" > analysis-output/findings.json + echo "✓ Saved findings.json" + fi + + if [ -n "${{ steps.download-recommendations.outputs.response }}" ]; then + echo "${{ steps.download-recommendations.outputs.response }}" > analysis-output/recommendations.md + echo "✓ Saved recommendations.md" + fi + + echo "" + echo "Analysis deliverables saved to: analysis-output/" + ls -la analysis-output/ + + - name: Update Session Tags + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments + with: + action: 'update-tags' + api-key: ${{ secrets.DEVIN_API_KEY }} + session-id: ${{ steps.create-session.outputs.session-id }} + tags: 'analysis,${{ github.event.inputs.analysis_type }},banking-microservices,completed,file-operations-demo' + + - name: Output Session Summary + run: | + echo "==================================================" + echo "Devin File Operations Demo - Session Summary" + echo "==================================================" + echo "" + echo "📋 Analysis Type: ${{ github.event.inputs.analysis_type }}" + echo "🆔 Session ID: ${{ steps.create-session.outputs.session-id }}" + echo "🔗 Session URL: ${{ steps.create-session.outputs.session-url }}" + echo "" + echo "✅ Demonstrated Actions:" + echo " • create-session - Created Devin analysis session" + echo " • upload-files - Uploaded 3 context files to session" + echo " • send-message - Sent additional instructions" + echo " • download-attachment-files - Retrieved analysis deliverables" + echo " • update-tags - Updated session tags" + echo "" + echo "📝 Note: The download-attachment-files steps use placeholder UUIDs." + echo " In a real workflow, you would:" + echo " 1. Wait for Devin to complete the analysis" + echo " 2. Devin uploads deliverables as attachments" + echo " 3. Get the attachment UUIDs from the Devin session" + echo " 4. Use those UUIDs in the download-attachment-files action" + echo "" + echo "🔍 Monitor the full session at:" + echo " ${{ steps.create-session.outputs.session-url }}" + echo "" + echo "==================================================" + + - name: Upload Analysis Output as Artifacts + if: github.event.inputs.upload_reports == 'true' + uses: actions/upload-artifact@v4 + continue-on-error: true + with: + name: devin-analysis-output + path: analysis-output/ + retention-days: 30 From 41a39fc6fc8f37793108247b79735b74b5e0a8a8 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 5 Nov 2025 17:27:55 +0000 Subject: [PATCH 2/2] Fix CI: Update workflows to use newer devin-action branch The existing workflows were using an older branch of the devin-action (@devin/1762304734-devin-action-implementation) which had a JSON encoding bug when handling multi-line prompts. This was causing the devin-review CI check to fail with 'JSON decode error: Invalid control character'. Updated both workflows to use the newer branch (@devin/1762363168-devin-api-download-attachments) which includes: - Proper JSON encoding for multi-line prompts - The new download-attachment-files endpoint - All 19 Devin API operations This fixes the CI failure in PR #24. Co-Authored-By: Sam Fertig --- .github/workflows/devin-code-review.yml | 6 +++--- .github/workflows/devin-test-fix.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/devin-code-review.yml b/.github/workflows/devin-code-review.yml index 739acc7..0ebba29 100644 --- a/.github/workflows/devin-code-review.yml +++ b/.github/workflows/devin-code-review.yml @@ -32,7 +32,7 @@ jobs: echo "pr-url=${{ github.event.pull_request.html_url }}" >> $GITHUB_OUTPUT - name: Create Devin Session for Code Review - uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762304734-devin-action-implementation + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments id: create-session with: action: 'create-session' @@ -58,7 +58,7 @@ jobs: tags: 'code-review,banking-microservices,automated' - name: Send Microservices Context - uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762304734-devin-action-implementation + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments with: action: 'send-message' api-key: ${{ secrets.DEVIN_API_KEY }} @@ -80,7 +80,7 @@ jobs: - Service discovery and inter-service communication patterns - name: Add Session Tags - uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762304734-devin-action-implementation + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments with: action: 'update-tags' api-key: ${{ secrets.DEVIN_API_KEY }} diff --git a/.github/workflows/devin-test-fix.yml b/.github/workflows/devin-test-fix.yml index 2cf64d9..30b5cf6 100644 --- a/.github/workflows/devin-test-fix.yml +++ b/.github/workflows/devin-test-fix.yml @@ -45,7 +45,7 @@ jobs: fi - name: Create Devin Session to Fix Tests - uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762304734-devin-action-implementation + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments id: fix-tests with: action: 'create-session' @@ -71,7 +71,7 @@ jobs: max-acu-limit: 2000 - name: Send Test Context - uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762304734-devin-action-implementation + uses: samfert-codeium/DEVIN-GITHUB-ACTIONS/devin-action@devin/1762363168-devin-api-download-attachments with: action: 'send-message' api-key: ${{ secrets.DEVIN_API_KEY }}