2 Commits

Author SHA1 Message Date
Steve Dudenhoeffer 7a5eebc468 fix(ci): restore valid adversarial-review.yml + pin gadfly reusable @7bc3c98 [skip ci]
The reusable now reads swarm config from user-scope vars (GADFLY_DEFAULT_* +
GADFLY_ENDPOINT_*); this immutable @sha bumps past the long-lived-runner ref
cache so the vars-config reusable is adopted. Direct to main + [skip ci] to
avoid triggering the review swarm.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 02:05:28 -04:00
steve 7211ce227c ci: pin gadfly reusable workflow to immutable sha (cache-bust @v1)
executus CI / test (push) Successful in 48s
Long-lived act_runners cache the reusable-workflow ref, so a moved @v1 tag
keeps resolving to a stale cached copy and a newly-added reviewer never runs.
Pinning to a unique immutable sha forces a cache miss → fresh fetch.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 05:44:52 +00:00
+5 -4
View File
@@ -38,10 +38,11 @@ jobs:
&& (github.actor == 'steve' && (github.actor == 'steve'
|| github.actor == 'fizi' || github.actor == 'fizi'
|| github.actor == 'dazed')) || github.actor == 'dazed'))
# Tracks gadfly's v1 release tag — a curated pointer re-moved on each release # Pinned to an immutable gadfly commit (not @v1): our act_runners are long-lived
# (unlike @main, which moves on every push). Central swarm tuning propagates # and cache the reusable-workflow ref, so a moved v1 tag keeps resolving to the
# here automatically; the tradeoff vs a full sha pin is that v1 is mutable. # stale cached copy. A unique sha forces a cache miss → fresh fetch. Bump this
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1 # sha to adopt central swarm changes.
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@7bc3c982fa7b72367034c673f7812bf05e9c503e
# Least privilege: forward only the review secrets (not `secrets: inherit`, # Least privilege: forward only the review secrets (not `secrets: inherit`,
# which would expose every repo secret). GITEA_TOKEN is the automatic token. # which would expose every repo secret). GITEA_TOKEN is the automatic token.
secrets: secrets: