# Gadfly — SLIM consumer stub via the reusable workflow. # Copy to .gitea/workflows/adversarial-review.yml in your repo. # # This is the shortest way to subscribe: it calls Gadfly's centralized reusable # workflow, which holds the image pin + all the env plumbing. You only declare # the triggers, the comment-trigger actor gate, and any overrides you want. # # The reusable ships a DEFAULT swarm: 3 cloud models + the Claude Code engine # (sonnet/opus/opus:max), 5-lens suite. That default needs BOTH # OLLAMA_CLOUD_API_KEY and CLAUDE_CODE_OAUTH_TOKEN. This example overrides # `models:` to a cloud-only set so it works with just OLLAMA_CLOUD_API_KEY — # delete that override (and forward the Claude token) to inherit the full default. # # Forward ONLY the secrets the reviewer uses (least privilege) — see the # `secrets:` block below. GITEA_TOKEN is automatic. `secrets: inherit` also works # but hands the reusable EVERY secret in your repo (registry/deploy/db creds the # review never touches), so prefer the explicit form. Pin @: use the @v1 # release tag (a curated pointer moved on deliberate releases) for auto-updating # stability, or a full @ for an immutable pin. Avoid @main — it moves on # every push and would change what runs with your forwarded secrets. # # For custom named endpoints (GADFLY_ENDPOINT_) or a provider the reusable # doesn't map, use the full stub in adversarial-review.yml instead. name: Adversarial Review (Gadfly) on: pull_request: types: [opened, reopened, ready_for_review] issue_comment: types: [created] workflow_dispatch: inputs: pr_number: { description: "PR number to review", required: true } permissions: contents: read issues: write pull-requests: write concurrency: group: gadfly-${{ github.event.issue.number || github.event.pull_request.number || github.event.inputs.pr_number }} cancel-in-progress: true jobs: review: # Only let your maintainers re-trigger via a PR comment (keep in sync with # the allowed_users override below). if: >- github.event_name != 'issue_comment' || (github.event.issue.pull_request && github.actor == 'your-username') # @v1 = curated release tag (auto-updates on releases); swap for a full @ # if you want an immutable pin. Don't use @main (moves on every push). uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1 # Forward ONLY what the reviewer needs. Add provider keys you use # (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, GADFLY_API_KEY) and/or # GADFLY_ENDPOINT_M1/M5; drop the findings ones if you don't run telemetry. secrets: OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }} # CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} # GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }} # GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }} with: # Cloud-only override so this works with just OLLAMA_CLOUD_API_KEY. Delete # this line (and forward CLAUDE_CODE_OAUTH_TOKEN above) to inherit the full # default swarm (3 cloud + Claude Code sonnet/opus/opus:max, 5 lenses). models: "minimax-m3:cloud,glm-5.2:cloud,deepseek-v4-pro:cloud" # Other inputs inherit the default (5-lens suite, concurrency, 90-min cap); # override any of them here (specialists, provider, base_url, timeout_secs…). allowed_users: "your-username"