From 5fdf5876ff89f5649a62a387386e5abfc980a399 Mon Sep 17 00:00:00 2001 From: Snider Date: Wed, 4 Feb 2026 13:38:25 +0000 Subject: [PATCH] ci(workflows): replace inline logic with org reusable workflow callers agent-verify.yml and auto-project.yml now delegate to centralised reusable workflows in host-uk/.github, reducing per-repo duplication. Co-Authored-By: Claude Opus 4.5 --- .github/workflows/agent-verify.yml | 135 +---------------------------- .github/workflows/auto-project.yml | 29 +------ 2 files changed, 8 insertions(+), 156 deletions(-) diff --git a/.github/workflows/agent-verify.yml b/.github/workflows/agent-verify.yml index 9ea73659..d8bcb16e 100644 --- a/.github/workflows/agent-verify.yml +++ b/.github/workflows/agent-verify.yml @@ -1,137 +1,10 @@ -# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issues -name: "Agent Verification: Issue Labeled" +name: Agent Verification on: issues: types: [labeled] -permissions: - issues: write - jobs: - # When work is claimed, track the implementer - track-implementer: - if: github.event.label.name == 'agent:wip' - runs-on: ubuntu-latest - steps: - - name: Record implementer - run: | - echo "Implementer: ${{ github.actor }}" - # Could store in issue body or external system - - # When work is submitted for review, add to verification queue - request-verification: - if: github.event.label.name == 'agent:review' - runs-on: ubuntu-latest - steps: - - name: Add to Workstation for verification - uses: actions/add-to-project@v1.0.2 - with: - project-url: https://github.com/orgs/host-uk/projects/2 - github-token: ${{ secrets.PROJECT_TOKEN }} - - - name: Comment verification needed - uses: actions/github-script@v8 - with: - script: | - const implementer = context.payload.sender.login; - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - body: `## 🔍 Verification Required\n\nWork submitted by @${implementer}.\n\n**Rule:** A different agent must verify this work.\n\nTo verify:\n1. Review the implementation\n2. Run tests if applicable\n3. Add \`verified\` or \`verify-failed\` label\n\n_Self-verification is not allowed._` - }); - - # Block self-verification - check-verification: - if: github.event.label.name == 'verified' || github.event.label.name == 'verify-failed' - runs-on: ubuntu-latest - steps: - - name: Get issue details - id: issue - uses: actions/github-script@v8 - with: - script: | - const issue = await github.rest.issues.get({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number - }); - - // Check timeline for who added agent:wip - const timeline = await github.rest.issues.listEventsForTimeline({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - per_page: 100 - }); - - const wipEvent = timeline.data.find(e => - e.event === 'labeled' && e.label?.name === 'agent:wip' - ); - - const implementer = wipEvent?.actor?.login || 'unknown'; - const verifier = context.payload.sender.login; - - console.log(`Implementer: ${implementer}`); - console.log(`Verifier: ${verifier}`); - - if (implementer === verifier) { - core.setFailed(`Self-verification not allowed. ${verifier} cannot verify their own work.`); - } - - return { implementer, verifier }; - - - name: Record verification - if: success() - uses: actions/github-script@v8 - with: - script: | - const label = context.payload.label.name; - const verifier = context.payload.sender.login; - const status = label === 'verified' ? '✅ Verified' : '❌ Failed'; - - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - body: `## ${status}\n\nVerified by @${verifier}` - }); - - // Remove agent:review label - try { - await github.rest.issues.removeLabel({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - name: 'agent:review' - }); - } catch (e) { - console.log('agent:review label not present'); - } - - # If verification failed, reset for rework - handle-failure: - if: github.event.label.name == 'verify-failed' - runs-on: ubuntu-latest - needs: check-verification - steps: - - name: Reset for rework - uses: actions/github-script@v8 - with: - script: | - // Remove verify-failed after processing - await github.rest.issues.removeLabel({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - name: 'verify-failed' - }); - - // Add back to ready queue - await github.rest.issues.addLabels({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - labels: ['agent:ready'] - }); + verify: + uses: host-uk/.github/.github/workflows/agent-verify.yml@main + secrets: inherit diff --git a/.github/workflows/auto-project.yml b/.github/workflows/auto-project.yml index 47b6a7d9..9244ba20 100644 --- a/.github/workflows/auto-project.yml +++ b/.github/workflows/auto-project.yml @@ -1,31 +1,10 @@ -# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issues -name: "Auto Project: Issue Created/Labeled" +name: Auto Project on: issues: types: [opened, labeled] jobs: - add-to-project: - runs-on: ubuntu-latest - steps: - - name: Add to Workstation (agentic label) - if: contains(github.event.issue.labels.*.name, 'agentic') - uses: actions/add-to-project@v1.0.2 - with: - project-url: https://github.com/orgs/host-uk/projects/2 - github-token: ${{ secrets.PROJECT_TOKEN }} - - - name: Add to Core.GO (lang:go label) - if: contains(github.event.issue.labels.*.name, 'lang:go') - uses: actions/add-to-project@v1.0.2 - with: - project-url: https://github.com/orgs/host-uk/projects/4 - github-token: ${{ secrets.PROJECT_TOKEN }} - - - name: Add to Core.Framework (scope:arch label) - if: contains(github.event.issue.labels.*.name, 'scope:arch') - uses: actions/add-to-project@v1.0.2 - with: - project-url: https://github.com/orgs/host-uk/projects/1 - github-token: ${{ secrets.PROJECT_TOKEN }} + project: + uses: host-uk/.github/.github/workflows/auto-project.yml@main + secrets: inherit