feat: Phase 4 — reusable workflow ("subscribe") + dogfood it
Centralizes the ~90-line consumer stub into a reusable Gitea workflow so a repo can subscribe to Gadfly with a tiny caller. Feasibility was probe- verified on this act_runner: workflow_call runs, secrets: inherit delivers, and a fully-qualified owner/repo/path@ref resolves. - .gitea/workflows/review-reusable.yml: `on: workflow_call` job holding the image pin + all env plumbing. Inputs (models/specialists/provider/ concurrency/timeouts/allowed_users/…) default to "" so an empty value falls back to the image's own default — caller overrides only what it wants. Secrets via `secrets: inherit` (optional ones resolve empty). - adversarial-review.yml: gadfly's own dogfood is now a thin CALLER of the reusable (proves it end-to-end; advisory so safe to dogfood). - examples/reusable.yml: the slim ~8-line consumer stub. - README / examples/README / CLAUDE.md document the subscribe path. Caveat: consumers with arbitrary GADFLY_ENDPOINT_<NAME>s still need the full stub (a reusable workflow can't enumerate dynamic secret names). YAML validated; Go unchanged (build + test green). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -46,6 +46,9 @@ entrypoint.sh container brains: trigger gating, PR clone, model loop (t
|
||||
used to live in workflow YAML)
|
||||
Dockerfile multi-stage; private-module creds via BuildKit secrets never reach the final image
|
||||
.gitea/workflows/build-image.yml push main → :latest; tag v* → :<tag>+:latest; PR → build-only
|
||||
.gitea/workflows/review-reusable.yml reusable (workflow_call) review job; consumers subscribe with
|
||||
an ~8-line caller + `secrets: inherit` (Phase 4). gadfly's own
|
||||
adversarial-review.yml is a thin caller of it (dogfoods the path).
|
||||
examples/ copy-paste consumer stub workflows for different providers
|
||||
```
|
||||
|
||||
|
||||
Reference in New Issue
Block a user