diff --git a/.gitea/workflows/review-reusable.yml b/.gitea/workflows/review-reusable.yml index 9784b68..470b519 100644 --- a/.gitea/workflows/review-reusable.yml +++ b/.gitea/workflows/review-reusable.yml @@ -31,13 +31,21 @@ on: base_url: { type: string, default: "" } # GADFLY_BASE_URL provider_concurrency: { type: string, default: "" } # GADFLY_PROVIDER_CONCURRENCY provider_lens_concurrency: { type: string, default: "" } # GADFLY_PROVIDER_LENS_CONCURRENCY - specialist_suite: { type: string, default: "" } # reserved / future timeout_secs: { type: string, default: "" } # GADFLY_TIMEOUT_SECS (per lens) max_steps: { type: string, default: "" } # GADFLY_MAX_STEPS worker_model: { type: string, default: "" } # GADFLY_WORKER_MODEL allowed_users: { type: string, default: "" } # GADFLY_ALLOWED_USERS trigger_phrase: { type: string, default: "" } # GADFLY_TRIGGER_PHRASE - timeout_minutes: { type: number, default: 30 } # job wall-clock cap + # Job wall-clock cap. 45 > 30 as a default: a multi-model swarm or a slow + # lens (e.g. claude-code with extended thinking) can exceed 30 minutes. + timeout_minutes: { type: number, default: 45 } + +# The reusable job posts the review comment, so it needs issues/PR write. Gitea +# caps these by the caller's granted permissions; declaring them here is explicit. +permissions: + contents: read + issues: write + pull-requests: write jobs: review: @@ -61,6 +69,7 @@ jobs: OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }} + GADFLY_API_KEY: ${{ secrets.GADFLY_API_KEY }} CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} # Common named foreman/LAN endpoints (optional). Consumers with other # GADFLY_ENDPOINT_s need the full stub (examples/), since a diff --git a/examples/reusable.yml b/examples/reusable.yml index 0dc66e3..fe0b284 100644 --- a/examples/reusable.yml +++ b/examples/reusable.yml @@ -39,7 +39,8 @@ jobs: # the allowed_users override below). if: >- github.event_name != 'issue_comment' - || github.actor == 'your-username' + || (github.event.issue.pull_request && github.actor == 'your-username') + # Pin @ to a Gadfly release tag for stability (@main tracks latest). uses: steve/gadfly/.gitea/workflows/review-reusable.yml@main secrets: inherit with: