feat(reusable): resolve swarm config from runtime variables (cache-immune central config)
Build & push image / build-and-push (pull_request) Successful in 5s

Long-lived act_runners cache the reusable workflow file by ref, so moving @v1
doesn't propagate config changes. Move the volatile config OUT of the cached
file and into runtime-injected user/org variables, which ARE re-read every run
(same mechanism as secrets):

- env now resolves: inputs.X || vars.GADFLY_DEFAULT_X  (input → owner var → image default)
  for models, specialists, provider_concurrency, provider_lens_concurrency.
- GADFLY_ENDPOINT_RAGNAROS (the 4090 Ti endpoint) now read from vars.GADFLY_ENDPOINT_RAGNAROS.
- input defaults dropped to "" so the public file default is generic (image default),
  which also removes the steve-specific swarm (incl. the personal LAN endpoint) from
  the publicly-inherited default — addresses the egress finding.

Net: owner retunes the whole fleet by editing one variable; consumers pin an
immutable @<sha> once and never re-pin for config tuning. README gets a "Central
config via variables" section; CLAUDE.md updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Steve Dudenhoeffer
2026-06-28 01:55:38 -04:00
parent 95a9ec546a
commit 025485d76e
3 changed files with 74 additions and 52 deletions
+8 -5
View File
@@ -46,11 +46,14 @@ entrypoint.sh container brains: trigger gating, PR clone, model loop (t
used to live in workflow YAML)
Dockerfile multi-stage; private-module creds via BuildKit secrets never reach the final image
.gitea/workflows/build-image.yml push main → :latest; tag v* → :<tag>+:latest; PR → build-only
.gitea/workflows/review-reusable.yml reusable (workflow_call) review job; ships the DEFAULT swarm as
input defaults (3 cloud + Claude Code sonnet/opus/opus:max + a local 4090 Ti
via llama-swap, 5-lens suite; 3 claude models concurrent / 5 lenses each, the
4090 Ti 1 model × 1 lens) so consumers inherit it by omitting `with:`. Consumers subscribe
with an ~8-line caller forwarding only the secrets the reviewer needs (Phase 4);
.gitea/workflows/review-reusable.yml reusable (workflow_call) review job; resolves swarm config at
RUNTIME: consumer `with:` input → owner user-scope var (GADFLY_DEFAULT_MODELS /
_SPECIALISTS / _PROVIDER_CONCURRENCY / _PROVIDER_LENS_CONCURRENCY, +
GADFLY_ENDPOINT_RAGNAROS) → image default. Vars are injected per-run, so editing
one var retunes the whole fleet even though long-lived act_runners CACHE this file
by ref (a moved tag is NOT re-fetched — only a runtime value or a fresh @<sha>
bypasses the cache). Consumers subscribe with an ~8-line caller forwarding only the
secrets the reviewer needs and pinned to an immutable @<sha> (Phase 4);
gadfly's own adversarial-review.yml is a thin caller of it (dogfoods the path).
examples/ copy-paste consumer stub workflows for different providers
```