Files
gadfly/examples/reusable.yml
T
steve 27aa92a6e0
Build & push image / build-and-push (pull_request) Successful in 7s
fix: fold in PR #8 review findings (reusable workflow)
The swarm reviewed PR #8 *through the reusable path itself* — proving
github.event context propagates into a workflow_call reusable workflow on
this act_runner (the one part the probes hadn't covered). Folded in the
warranted findings:

- review-reusable.yml: bump timeout_minutes default 30 -> 45 (a multi-
  model/slow-lens review can exceed 30); map the generic GADFLY_API_KEY
  secret (was missing); add an explicit permissions block; drop the dead
  `specialist_suite` input.
- examples/reusable.yml: actor gate now also requires
  github.event.issue.pull_request (so an issue-comment on a plain issue
  doesn't waste a runner), and a note to pin @<ref> to a release tag.

Graded ~70 findings (heavy clustering): the real ones above + several
by-design/documented (inputs replace vars-overrides; only M1/M5 named
endpoints mapped) and many false positives (IS_DRAFT pattern, GITEA_TOKEN
via inherit, "empty specialists" misread — empty does default).

YAML validated; Go unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 19:41:45 -04:00

51 lines
1.9 KiB
YAML

# Gadfly — SLIM consumer stub via the reusable workflow.
# Copy to .gitea/workflows/adversarial-review.yml in your repo.
#
# This is the shortest way to subscribe: it calls Gadfly's centralized reusable
# workflow, which holds the image pin + all the env plumbing. You only declare
# the triggers, the comment-trigger actor gate, and any overrides you want.
#
# Needs: secret OLLAMA_CLOUD_API_KEY (the default Ollama Cloud provider).
# `secrets: inherit` passes your repo/org/user secrets through to the reusable
# workflow (GITEA_TOKEN is automatic). Pin @<ref> to a Gadfly tag/branch.
#
# Prefer this when you're happy with the defaults. For custom named endpoints
# (GADFLY_ENDPOINT_<NAME>) or a provider the reusable doesn't map, use the full
# stub in adversarial-review.yml instead.
name: Adversarial Review (Gadfly)
on:
pull_request:
types: [opened, reopened, ready_for_review]
issue_comment:
types: [created]
workflow_dispatch:
inputs:
pr_number: { description: "PR number to review", required: true }
permissions:
contents: read
issues: write
pull-requests: write
concurrency:
group: gadfly-${{ github.event.issue.number || github.event.pull_request.number || github.event.inputs.pr_number }}
cancel-in-progress: true
jobs:
review:
# Only let your maintainers re-trigger via a PR comment (keep in sync with
# the allowed_users override below).
if: >-
github.event_name != 'issue_comment'
|| (github.event.issue.pull_request && github.actor == 'your-username')
# Pin @<ref> to a Gadfly release tag for stability (@main tracks latest).
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@main
secrets: inherit
with:
# All optional — omit to take Gadfly's defaults. Examples:
# models: "qwen3-coder:480b-cloud,gpt-oss:120b-cloud"
# specialists: "security,correctness,error-handling"
allowed_users: "your-username"