dcaefff756
executus CI / test (push) Failing after 1m23s
Re-adds the local Macs (m1/qwen3:14b, m5/qwen3.6:35b-mlx) via their foreman endpoints alongside the 3 cloud models. Cloud keeps lens fan-out (ollama-cloud=1 model + lens=3); each Mac runs one model with lenses serial (foreman serializes anyway); all provider lanes parallel. Bumps the job timeout 30->90m for the slow local lanes. With findings telemetry now on, gadfly-reports can quantify whether the Macs earn their keep. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
94 lines
4.8 KiB
YAML
94 lines
4.8 KiB
YAML
# Gadfly — agentic adversarial PR reviewer (https://gitea.stevedudenhoeffer.com/steve/gadfly).
|
||
#
|
||
# Runs the published Gadfly image (pinned to an immutable :sha- tag — act_runner
|
||
# caches :latest, and this build is what carries foreman provider-type support)
|
||
# as a specialist swarm and posts
|
||
# ONE consolidated review comment as gitea-actions. Advisory only — never blocks a
|
||
# merge. This reviews executus PRs with 3 ollama-cloud models (3-lens suite). Gadfly
|
||
# is a simple system — findings are advisory; always double-check before acting.
|
||
|
||
name: Adversarial Review (Gadfly)
|
||
|
||
on:
|
||
pull_request:
|
||
types: [opened, reopened, ready_for_review]
|
||
issue_comment:
|
||
types: [created]
|
||
workflow_dispatch:
|
||
inputs:
|
||
pr_number:
|
||
description: "PR number to review"
|
||
required: true
|
||
|
||
permissions:
|
||
contents: read
|
||
issues: write
|
||
pull-requests: write
|
||
|
||
concurrency:
|
||
group: gadfly-${{ github.event.issue.number || github.event.pull_request.number || github.event.inputs.pr_number }}
|
||
cancel-in-progress: true
|
||
|
||
jobs:
|
||
review:
|
||
# Security: only trusted users may trigger a secret-bearing run via a PR
|
||
# comment (pull_request + workflow_dispatch are already trusted). Mirrors
|
||
# GADFLY_ALLOWED_USERS, the in-container belt-and-suspenders check.
|
||
if: >-
|
||
github.event_name != 'issue_comment'
|
||
|| (github.event.issue.pull_request
|
||
&& (github.actor == 'steve'
|
||
|| github.actor == 'fizi'
|
||
|| github.actor == 'dazed'))
|
||
runs-on: ubuntu-latest
|
||
# Full fleet: 3 cloud (lens fan-out) + M1/M5 Macs via foreman. The slow local
|
||
# lanes dominate wall time, so allow plenty of headroom.
|
||
timeout-minutes: 90
|
||
steps:
|
||
- uses: docker://gitea.stevedudenhoeffer.com/steve/gadfly:sha-d7f364d
|
||
env:
|
||
GITEA_API: ${{ github.server_url }}/api/v1/repos/${{ github.repository }}
|
||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||
OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
|
||
# Local Macs, reached through their foreman queues (native Ollama on the
|
||
# wire). GADFLY_ENDPOINT_M1 registers provider "m1", _M5 registers "m5",
|
||
# each a foreman-preset Ollama client at the secret's URL, of the form:
|
||
# foreman|https://<foreman-host>|<token>
|
||
# Needs an image with foreman provider-type support (this one). If a Mac
|
||
# is offline that model's comment shows an error and the others still post.
|
||
# (Gitea secrets aren't auto-exposed — map each explicitly.)
|
||
GADFLY_ENDPOINT_M1: ${{ secrets.GADFLY_ENDPOINT_M1 }}
|
||
GADFLY_ENDPOINT_M5: ${{ secrets.GADFLY_ENDPOINT_M5 }}
|
||
# Full fleet: 3 cloud + M1 Pro + M5 Max. The Macs are back so the
|
||
# gadfly-reports scoreboard can quantify whether they earn their keep
|
||
# (they previously took 26–29 min for ZERO real findings — now measured).
|
||
# Cloud concurrency lives in the LENSES: one cloud model at a time
|
||
# (ollama-cloud=1) with its 3 lenses concurrent (LENS ollama-cloud=3) so
|
||
# its comment lands sooner; each Mac runs one model, lenses serial (its
|
||
# foreman queue serializes anyway). All three provider lanes run parallel.
|
||
GADFLY_MODELS: "minimax-m3:cloud,deepseek-v4-flash:cloud,glm-5.2:cloud,m1/qwen3:14b,m5/qwen3.6:35b-mlx"
|
||
GADFLY_PROVIDER_CONCURRENCY: "ollama-cloud=1,m1=1,m5=1"
|
||
GADFLY_PROVIDER_LENS_CONCURRENCY: "ollama-cloud=3"
|
||
# Default => the 3-lens suite (security, correctness, error-handling).
|
||
# Set the repo var GADFLY_SPECIALISTS to override (csv / "all" / "auto").
|
||
GADFLY_SPECIALISTS: ${{ vars.GADFLY_SPECIALISTS || 'security,correctness,error-handling' }}
|
||
# Per-lens deadline + bounded steps so the slow local models stay sane.
|
||
GADFLY_TIMEOUT_SECS: "600"
|
||
GADFLY_MAX_STEPS: "14"
|
||
# Allow-list for the comment trigger (mirrors the job-level if: guard).
|
||
GADFLY_ALLOWED_USERS: "steve,fizi,dazed"
|
||
# --- findings telemetry: POST runs + findings to the gadfly-reports store ---
|
||
# Advisory & off unless GADFLY_FINDINGS_URL is set; failures only log to
|
||
# stderr and never affect the review. GADFLY_REPO / GADFLY_PR are derived
|
||
# in-container; the URL + token are user-scope secrets.
|
||
GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
|
||
GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
|
||
# --- event context (leave as-is) ---
|
||
EVENT_NAME: ${{ github.event_name }}
|
||
PR: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}
|
||
PR_BRANCH: ${{ github.head_ref }}
|
||
IS_DRAFT: ${{ github.event.pull_request.draft }}
|
||
COMMENT_BODY: ${{ github.event.comment.body }}
|
||
COMMENT_ID: ${{ github.event.comment.id }}
|
||
ACTOR: ${{ github.actor }}
|