[duplicate-code] Duplicate safe-output prompt instructions across compiler and workflow locks

[github-actions]

🔍 Duplicate Code Detected

Analysis of commit 8bb16cc

Assignee: @copilot

Summary

The safe-output prompt instructions are hand-coded in pkg/workflow/safe_outputs.go and copied verbatim into every compiled workflow lock file. The repeated blocks exceed 40 lines per occurrence and appear in 20+ workflows, making future text or behavior changes error-prone.

Duplication Details

Pattern 1: Safe-output prompt blocks built inline in Go

• Severity: High
• Occurrences: 10 nearly identical instruction blocks within a single function
• Locations:
  • pkg/workflow/safe_outputs.go:120-200
• Code Sample:

  if safeOutputs.AddComments != nil {
      yaml.WriteString("          **Adding a Comment to an Issue or Pull Request**\n")
      yaml.WriteString("          \n")
      yaml.WriteString("          To add a comment to an issue or pull request, use the add-comments tool from the safe-outputs MCP\n")
      yaml.WriteString("          \n")
  }
  
  if safeOutputs.CreateIssues != nil {
      yaml.WriteString("          **Creating an Issue**\n")
      yaml.WriteString("          \n")
      yaml.WriteString("          To create an issue, use the create-issue tool from the safe-outputs MCP\n")
      yaml.WriteString("          \n")
  }

  Each block only differs by the hard-coded title and body text but otherwise repeats the same YAML construction logic.

Pattern 2: Generated workflow locks embed the full prompt text

• Severity: Medium
• Occurrences: 20+ lock files contain the same 30–40 line Markdown section
• Locations:
  • .github/workflows/poem-bot.lock.yml:1403-1455
  • .github/workflows/audit-workflows.lock.yml:1394-1403
  • .github/workflows/artifacts-summary.lock.yml:1024-1031
  • .github/workflows/ci-doctor.lock.yml:1133-1140
  • .github/workflows/changeset-generator.lock.yml:1481-1492
• Code Sample:

        cat >> $GITHUB_AW_PROMPT << 'EOF'
        
        ---
        
        **Creating a Pull Request**
        
        To create a pull request:
        1. Make any file changes directly in the working directory
        2. If you haven't done so already, create a local branch using an appropriate unique name
        3. Add and commit your changes to the branch...
        
        **Reporting Missing Tools or Functionality**
        
        To report a missing tool use the missing-tool tool from the safe-outputs MCP.
        ```
  The same rendered text is repeated for every workflow that enables safe-outputs, inflating generated artifacts and multiplying maintenance points.
  

Impact Analysis

• Maintainability: Updating instructions requires touching every hard-coded block; mistakes create inconsistent guidance.
• Bug Risk: Divergent instructions between workflows would be easy to miss and hard to audit.
• Code Bloat: Lock files grow by hundreds of duplicated lines, making reviews and diffs noisy.

Refactoring Recommendations

1. Drive prompt sections from structured data
   • Define a slice/map of prompt templates (title + body) and iterate over it in generateSafeOutputsPromptSection to replace copy-pasted if blocks.
   • Estimated effort: Medium (1–2 days) to model templates and adjust rendering.
   • Benefits: Single source of truth, easier localization or wording updates.
2. Centralize rendered Markdown for lock generation
   • Extract the safe-output Markdown into a shared include (e.g., .github/workflows/shared/safe-outputs.md) that the compiler can inject.
   • Estimated effort: Medium; reduces ~700 duplicated lines across artifacts and simplifies audits.

Implementation Checklist

• Review duplication findings
• Prioritize refactoring tasks
• Create refactoring plan
• Implement changes
• Update tests
• Verify no functionality broken

Analysis Metadata

• Analyzed Files: 1 Go source + representative 5 of 20+ workflow locks
• Detection Method: Serena semantic code analysis (find_symbol, search_for_pattern, manual review)
• Commit: 8bb16cc
• Analysis Date: 2025-10-11

AI generated by Duplicate Code Detector