fix: fold in PR #8 review findings (reusable workflow)
Build & push image / build-and-push (pull_request) Successful in 7s

The swarm reviewed PR #8 *through the reusable path itself* — proving
github.event context propagates into a workflow_call reusable workflow on
this act_runner (the one part the probes hadn't covered). Folded in the
warranted findings:

- review-reusable.yml: bump timeout_minutes default 30 -> 45 (a multi-
  model/slow-lens review can exceed 30); map the generic GADFLY_API_KEY
  secret (was missing); add an explicit permissions block; drop the dead
  `specialist_suite` input.
- examples/reusable.yml: actor gate now also requires
  github.event.issue.pull_request (so an issue-comment on a plain issue
  doesn't waste a runner), and a note to pin @<ref> to a release tag.

Graded ~70 findings (heavy clustering): the real ones above + several
by-design/documented (inputs replace vars-overrides; only M1/M5 named
endpoints mapped) and many false positives (IS_DRAFT pattern, GITEA_TOKEN
via inherit, "empty specialists" misread — empty does default).

YAML validated; Go unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-27 19:41:45 -04:00
parent 0a01c3ae91
commit 27aa92a6e0
2 changed files with 13 additions and 3 deletions
+2 -1
View File
@@ -39,7 +39,8 @@ jobs:
# the allowed_users override below).
if: >-
github.event_name != 'issue_comment'
|| github.actor == 'your-username'
|| (github.event.issue.pull_request && github.actor == 'your-username')
# Pin @<ref> to a Gadfly release tag for stability (@main tracks latest).
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@main
secrets: inherit
with: