Files
gadfly/examples/reusable.yml
T
Steve Dudenhoeffer 6e87a3e73f
Adversarial Review (Gadfly) / review (pull_request) Successful in 3m4s
docs: correct examples/reusable.yml pin guidance (runners cache @v1; prefer @sha)
The @v1 comment claimed it auto-updates on releases, but long-lived act_runners
cache the reusable by ref so a moved tag isn't re-fetched. Recommend an
immutable @<sha>; routine tuning rides owner variables.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 02:10:35 -04:00

72 lines
3.5 KiB
YAML

# Gadfly — SLIM consumer stub via the reusable workflow.
# Copy to .gitea/workflows/adversarial-review.yml in your repo.
#
# This is the shortest way to subscribe: it calls Gadfly's centralized reusable
# workflow, which holds the image pin + all the env plumbing. You only declare
# the triggers, the comment-trigger actor gate, and any overrides you want.
#
# The reusable ships a DEFAULT swarm: 3 cloud models + the Claude Code engine
# (sonnet/opus/opus:max), 5-lens suite. That default needs BOTH
# OLLAMA_CLOUD_API_KEY and CLAUDE_CODE_OAUTH_TOKEN. This example overrides
# `models:` to a cloud-only set so it works with just OLLAMA_CLOUD_API_KEY —
# delete that override (and forward the Claude token) to inherit the full default.
#
# Forward ONLY the secrets the reviewer uses (least privilege) — see the
# `secrets:` block below. GITEA_TOKEN is automatic. `secrets: inherit` also works
# but hands the reusable EVERY secret in your repo (registry/deploy/db creds the
# review never touches), so prefer the explicit form. Pin to an immutable
# @<sha>: long-lived act_runners CACHE the reusable by ref, so a moved tag (@v1)
# or @main is often not re-fetched and silently runs a stale copy. Bump the @<sha>
# to adopt a structural change; routine swarm tuning rides owner variables (see
# the gadfly README "Central config via variables") with no re-pin needed.
#
# For custom named endpoints (GADFLY_ENDPOINT_<NAME>) or a provider the reusable
# doesn't map, use the full stub in adversarial-review.yml instead.
name: Adversarial Review (Gadfly)
on:
pull_request:
types: [opened, reopened, ready_for_review]
issue_comment:
types: [created]
workflow_dispatch:
inputs:
pr_number: { description: "PR number to review", required: true }
permissions:
contents: read
issues: write
pull-requests: write
concurrency:
group: gadfly-${{ github.event.issue.number || github.event.pull_request.number || github.event.inputs.pr_number }}
cancel-in-progress: true
jobs:
review:
# Only let your maintainers re-trigger via a PR comment (keep in sync with
# the allowed_users override below).
if: >-
github.event_name != 'issue_comment'
|| (github.event.issue.pull_request && github.actor == 'your-username')
# Pin to an immutable @<sha> (runners cache the ref, so @v1/@main can run
# stale). Bump it for structural changes; tune the swarm via owner variables.
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1
# Forward ONLY what the reviewer needs. Add provider keys you use
# (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, GADFLY_API_KEY) and/or
# GADFLY_ENDPOINT_M1/M5; drop the findings ones if you don't run telemetry.
secrets:
OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
# CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
# GADFLY_FINDINGS_URL: ${{ secrets.GADFLY_FINDINGS_URL }}
# GADFLY_FINDINGS_TOKEN: ${{ secrets.GADFLY_FINDINGS_TOKEN }}
with:
# Cloud-only override so this works with just OLLAMA_CLOUD_API_KEY. Delete
# this line (and forward CLAUDE_CODE_OAUTH_TOKEN above) to inherit the full
# default swarm (3 cloud + Claude Code sonnet/opus/opus:max, 5 lenses).
models: "minimax-m3:cloud,glm-5.2:cloud,deepseek-v4-pro:cloud"
# Other inputs inherit the default (5-lens suite, concurrency, 90-min cap);
# override any of them here (specialists, provider, base_url, timeout_secs…).
allowed_users: "your-username"