Files
gadfly/examples
Steve Dudenhoeffer a1e9d109e5
Build & push image / build-and-push (push) Successful in 5s
security: add job-level if-guard to example stubs (gate comment trigger by actor)
Per a Gadfly self-review finding (kimi-k2.7-code): an issue_comment can start a
secret-bearing run before the in-container allowed-users check. Add a workflow
if: that only lets trusted actors trigger via comment (PR/dispatch already
trusted); keep GADFLY_ALLOWED_USERS as the belt-and-suspenders layer. README
documents it + the default-branch caveat for comment triggers. (Docs/examples
only — paths-ignored, no image rebuild.)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
EOF
2026-06-25 21:49:23 -04:00
..

Example consumer workflows

Each file here is a complete, copy-paste stub workflow. Pick the one that matches your setup, copy it to .gitea/workflows/adversarial-review.yml in the repo you want reviewed, and set the secrets/vars it references. Gadfly is advisory only — it never blocks a merge.

File Backend Needs
adversarial-review.yml Ollama Cloud (default) + inline notes for every provider secret OLLAMA_CLOUD_API_KEY
local-ollama.yml a local/LAN Ollama daemon nothing (or GADFLY_BASE_URL for a remote host)
openai-compatible.yml any OpenAI-compatible endpoint (local Ollama /v1, gateway, vLLM, OpenRouter…) GADFLY_BASE_URL (+ a key for most gateways)
endpoint-aliases.yml several named backends at once (one comment each) repo vars GADFLY_ENDPOINT_<NAME>
.gadfly.yml per-repo specialist config (not a workflow — goes at your repo root)

Common to all:

  • Triggers: new/reopened/ready non-draft PR (auto), @gadfly review comment (allowed users), or manual workflow_dispatch with a pr_number.
  • GITEA_TOKEN is provided automatically; comments post as gitea-actions.
  • Tested backends are the Ollama ones; OpenAI/Anthropic/Google are wired via majordomo but untested. See the repo README for the full config reference and the honest tested/untested status.

Gitea note: repo vars/secrets are not auto-exposed as env — anything you reference via ${{ vars.X }} / ${{ secrets.X }} must appear in the step's env: block (already wired in these examples).