feat(reusable): ship the curated swarm as the default config consumers inherit
Build & push image / build-and-push (pull_request) Successful in 8s
Adversarial Review (Gadfly) / review (pull_request) Successful in 14m47s

Make the reusable workflow's input defaults BE the standard Gadfly swarm so a
consumer subscribes by just calling it (no `with:` block) and inherits:
- models: 3 strong cloud (minimax-m3, glm-5.2, deepseek-v4-pro) + Claude Code
  (sonnet, opus, opus:max)
- specialists: the 5-lens default suite (security, correctness, maintainability,
  performance, error-handling)
- provider_concurrency: ollama-cloud=3,claude-code=3 (all three claudes at once)
- timeout_minutes default 45 -> 90 (5 lenses x 2 passes over a slow lane)

The default is opinionated (needs OLLAMA_CLOUD_API_KEY + CLAUDE_CODE_OAUTH_TOKEN);
consumers override `models:` for cloud-only / other providers. gadfly's own
caller is slimmed to inherit (only allowed_users remains). examples/reusable.yml
keeps a cloud-only `models:` override so a public copy works with just the
Ollama key. README/CLAUDE.md updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Steve Dudenhoeffer
2026-06-27 22:05:31 -04:00
parent 20a5c431f2
commit 79da1bfde3
5 changed files with 53 additions and 38 deletions
+14 -7
View File
@@ -5,7 +5,12 @@
# workflow, which holds the image pin + all the env plumbing. You only declare
# the triggers, the comment-trigger actor gate, and any overrides you want.
#
# Needs: secret OLLAMA_CLOUD_API_KEY (the default Ollama Cloud provider).
# The reusable ships a DEFAULT swarm: 3 cloud models + the Claude Code engine
# (sonnet/opus/opus:max), 5-lens suite. That default needs BOTH
# OLLAMA_CLOUD_API_KEY and CLAUDE_CODE_OAUTH_TOKEN. This example overrides
# `models:` to a cloud-only set so it works with just OLLAMA_CLOUD_API_KEY —
# delete that override (and forward the Claude token) to inherit the full default.
#
# Forward ONLY the secrets the reviewer uses (least privilege) — see the
# `secrets:` block below. GITEA_TOKEN is automatic. `secrets: inherit` also works
# but hands the reusable EVERY secret in your repo (registry/deploy/db creds the
@@ -13,9 +18,8 @@
# Gadfly commit (not @main) so a push there can't change what runs with your
# secrets.
#
# Prefer this when you're happy with the defaults. For custom named endpoints
# (GADFLY_ENDPOINT_<NAME>) or a provider the reusable doesn't map, use the full
# stub in adversarial-review.yml instead.
# For custom named endpoints (GADFLY_ENDPOINT_<NAME>) or a provider the reusable
# doesn't map, use the full stub in adversarial-review.yml instead.
name: Adversarial Review (Gadfly)
@@ -56,7 +60,10 @@ jobs:
# GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
# GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
with:
# All optional — omit to take Gadfly's defaults. Examples:
# models: "qwen3-coder:480b-cloud,gpt-oss:120b-cloud"
# specialists: "security,correctness,error-handling"
# Cloud-only override so this works with just OLLAMA_CLOUD_API_KEY. Delete
# this line (and forward CLAUDE_CODE_OAUTH_TOKEN above) to inherit the full
# default swarm (3 cloud + Claude Code sonnet/opus/opus:max, 5 lenses).
models: "minimax-m3:cloud,glm-5.2:cloud,deepseek-v4-pro:cloud"
# Other inputs inherit the default (5-lens suite, concurrency, 90-min cap);
# override any of them here (specialists, provider, base_url, timeout_secs…).
allowed_users: "your-username"