Merge pull request 'docs: correct examples/reusable.yml pin guidance (prefer @sha; runners cache @v1)' (#15) from test/trigger-check into main
Reviewed-on: #15
This commit was merged in pull request #15.
This commit is contained in:
@@ -14,10 +14,11 @@
|
|||||||
# Forward ONLY the secrets the reviewer uses (least privilege) — see the
|
# Forward ONLY the secrets the reviewer uses (least privilege) — see the
|
||||||
# `secrets:` block below. GITEA_TOKEN is automatic. `secrets: inherit` also works
|
# `secrets:` block below. GITEA_TOKEN is automatic. `secrets: inherit` also works
|
||||||
# but hands the reusable EVERY secret in your repo (registry/deploy/db creds the
|
# but hands the reusable EVERY secret in your repo (registry/deploy/db creds the
|
||||||
# review never touches), so prefer the explicit form. Pin @<ref>: use the @v1
|
# review never touches), so prefer the explicit form. Pin to an immutable
|
||||||
# release tag (a curated pointer moved on deliberate releases) for auto-updating
|
# @<sha>: long-lived act_runners CACHE the reusable by ref, so a moved tag (@v1)
|
||||||
# stability, or a full @<sha> for an immutable pin. Avoid @main — it moves on
|
# or @main is often not re-fetched and silently runs a stale copy. Bump the @<sha>
|
||||||
# every push and would change what runs with your forwarded secrets.
|
# to adopt a structural change; routine swarm tuning rides owner variables (see
|
||||||
|
# the gadfly README "Central config via variables") with no re-pin needed.
|
||||||
#
|
#
|
||||||
# For custom named endpoints (GADFLY_ENDPOINT_<NAME>) or a provider the reusable
|
# For custom named endpoints (GADFLY_ENDPOINT_<NAME>) or a provider the reusable
|
||||||
# doesn't map, use the full stub in adversarial-review.yml instead.
|
# doesn't map, use the full stub in adversarial-review.yml instead.
|
||||||
@@ -49,8 +50,8 @@ jobs:
|
|||||||
if: >-
|
if: >-
|
||||||
github.event_name != 'issue_comment'
|
github.event_name != 'issue_comment'
|
||||||
|| (github.event.issue.pull_request && github.actor == 'your-username')
|
|| (github.event.issue.pull_request && github.actor == 'your-username')
|
||||||
# @v1 = curated release tag (auto-updates on releases); swap for a full @<sha>
|
# Pin to an immutable @<sha> (runners cache the ref, so @v1/@main can run
|
||||||
# if you want an immutable pin. Don't use @main (moves on every push).
|
# stale). Bump it for structural changes; tune the swarm via owner variables.
|
||||||
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1
|
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1
|
||||||
# Forward ONLY what the reviewer needs. Add provider keys you use
|
# Forward ONLY what the reviewer needs. Add provider keys you use
|
||||||
# (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, GADFLY_API_KEY) and/or
|
# (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, GADFLY_API_KEY) and/or
|
||||||
|
|||||||
Reference in New Issue
Block a user