From 6e87a3e73f86b7900242de44870136ab333f80da Mon Sep 17 00:00:00 2001 From: Steve Dudenhoeffer Date: Sun, 28 Jun 2026 02:10:35 -0400 Subject: [PATCH] docs: correct examples/reusable.yml pin guidance (runners cache @v1; prefer @sha) The @v1 comment claimed it auto-updates on releases, but long-lived act_runners cache the reusable by ref so a moved tag isn't re-fetched. Recommend an immutable @; routine tuning rides owner variables. Co-Authored-By: Claude Opus 4.8 (1M context) --- examples/reusable.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/examples/reusable.yml b/examples/reusable.yml index 751497a..6d3b385 100644 --- a/examples/reusable.yml +++ b/examples/reusable.yml @@ -14,10 +14,11 @@ # Forward ONLY the secrets the reviewer uses (least privilege) — see the # `secrets:` block below. GITEA_TOKEN is automatic. `secrets: inherit` also works # but hands the reusable EVERY secret in your repo (registry/deploy/db creds the -# review never touches), so prefer the explicit form. Pin @: use the @v1 -# release tag (a curated pointer moved on deliberate releases) for auto-updating -# stability, or a full @ for an immutable pin. Avoid @main — it moves on -# every push and would change what runs with your forwarded secrets. +# review never touches), so prefer the explicit form. Pin to an immutable +# @: long-lived act_runners CACHE the reusable by ref, so a moved tag (@v1) +# or @main is often not re-fetched and silently runs a stale copy. Bump the @ +# to adopt a structural change; routine swarm tuning rides owner variables (see +# the gadfly README "Central config via variables") with no re-pin needed. # # For custom named endpoints (GADFLY_ENDPOINT_) or a provider the reusable # doesn't map, use the full stub in adversarial-review.yml instead. @@ -49,8 +50,8 @@ jobs: if: >- github.event_name != 'issue_comment' || (github.event.issue.pull_request && github.actor == 'your-username') - # @v1 = curated release tag (auto-updates on releases); swap for a full @ - # if you want an immutable pin. Don't use @main (moves on every push). + # Pin to an immutable @ (runners cache the ref, so @v1/@main can run + # stale). Bump it for structural changes; tune the swarm via owner variables. uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1 # Forward ONLY what the reviewer needs. Add provider keys you use # (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, GADFLY_API_KEY) and/or