fix: fold in PR #8 review findings (reusable workflow)
Build & push image / build-and-push (pull_request) Successful in 7s
Build & push image / build-and-push (pull_request) Successful in 7s
The swarm reviewed PR #8 *through the reusable path itself* — proving github.event context propagates into a workflow_call reusable workflow on this act_runner (the one part the probes hadn't covered). Folded in the warranted findings: - review-reusable.yml: bump timeout_minutes default 30 -> 45 (a multi- model/slow-lens review can exceed 30); map the generic GADFLY_API_KEY secret (was missing); add an explicit permissions block; drop the dead `specialist_suite` input. - examples/reusable.yml: actor gate now also requires github.event.issue.pull_request (so an issue-comment on a plain issue doesn't waste a runner), and a note to pin @<ref> to a release tag. Graded ~70 findings (heavy clustering): the real ones above + several by-design/documented (inputs replace vars-overrides; only M1/M5 named endpoints mapped) and many false positives (IS_DRAFT pattern, GITEA_TOKEN via inherit, "empty specialists" misread — empty does default). YAML validated; Go unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -31,13 +31,21 @@ on:
|
|||||||
base_url: { type: string, default: "" } # GADFLY_BASE_URL
|
base_url: { type: string, default: "" } # GADFLY_BASE_URL
|
||||||
provider_concurrency: { type: string, default: "" } # GADFLY_PROVIDER_CONCURRENCY
|
provider_concurrency: { type: string, default: "" } # GADFLY_PROVIDER_CONCURRENCY
|
||||||
provider_lens_concurrency: { type: string, default: "" } # GADFLY_PROVIDER_LENS_CONCURRENCY
|
provider_lens_concurrency: { type: string, default: "" } # GADFLY_PROVIDER_LENS_CONCURRENCY
|
||||||
specialist_suite: { type: string, default: "" } # reserved / future
|
|
||||||
timeout_secs: { type: string, default: "" } # GADFLY_TIMEOUT_SECS (per lens)
|
timeout_secs: { type: string, default: "" } # GADFLY_TIMEOUT_SECS (per lens)
|
||||||
max_steps: { type: string, default: "" } # GADFLY_MAX_STEPS
|
max_steps: { type: string, default: "" } # GADFLY_MAX_STEPS
|
||||||
worker_model: { type: string, default: "" } # GADFLY_WORKER_MODEL
|
worker_model: { type: string, default: "" } # GADFLY_WORKER_MODEL
|
||||||
allowed_users: { type: string, default: "" } # GADFLY_ALLOWED_USERS
|
allowed_users: { type: string, default: "" } # GADFLY_ALLOWED_USERS
|
||||||
trigger_phrase: { type: string, default: "" } # GADFLY_TRIGGER_PHRASE
|
trigger_phrase: { type: string, default: "" } # GADFLY_TRIGGER_PHRASE
|
||||||
timeout_minutes: { type: number, default: 30 } # job wall-clock cap
|
# Job wall-clock cap. 45 > 30 as a default: a multi-model swarm or a slow
|
||||||
|
# lens (e.g. claude-code with extended thinking) can exceed 30 minutes.
|
||||||
|
timeout_minutes: { type: number, default: 45 }
|
||||||
|
|
||||||
|
# The reusable job posts the review comment, so it needs issues/PR write. Gitea
|
||||||
|
# caps these by the caller's granted permissions; declaring them here is explicit.
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
issues: write
|
||||||
|
pull-requests: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
review:
|
review:
|
||||||
@@ -61,6 +69,7 @@ jobs:
|
|||||||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
||||||
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
|
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
|
||||||
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
|
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
|
||||||
|
GADFLY_API_KEY: ${{ secrets.GADFLY_API_KEY }}
|
||||||
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
|
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
|
||||||
# Common named foreman/LAN endpoints (optional). Consumers with other
|
# Common named foreman/LAN endpoints (optional). Consumers with other
|
||||||
# GADFLY_ENDPOINT_<NAME>s need the full stub (examples/), since a
|
# GADFLY_ENDPOINT_<NAME>s need the full stub (examples/), since a
|
||||||
|
|||||||
@@ -39,7 +39,8 @@ jobs:
|
|||||||
# the allowed_users override below).
|
# the allowed_users override below).
|
||||||
if: >-
|
if: >-
|
||||||
github.event_name != 'issue_comment'
|
github.event_name != 'issue_comment'
|
||||||
|| github.actor == 'your-username'
|
|| (github.event.issue.pull_request && github.actor == 'your-username')
|
||||||
|
# Pin @<ref> to a Gadfly release tag for stability (@main tracks latest).
|
||||||
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@main
|
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@main
|
||||||
secrets: inherit
|
secrets: inherit
|
||||||
with:
|
with:
|
||||||
|
|||||||
Reference in New Issue
Block a user