mirror of
https://github.com/imjasonh/git-k8s
synced 2026-07-06 22:12:25 +00:00
Remove all GitHub Agentic Workflow files
This commit is contained in:
parent
87a76aee70
commit
430713e9c6
10 changed files with 0 additions and 6070 deletions
14
.github/aw/actions-lock.json
vendored
14
.github/aw/actions-lock.json
vendored
|
|
@ -1,14 +0,0 @@
|
||||||
{
|
|
||||||
"entries": {
|
|
||||||
"actions/github-script@v8": {
|
|
||||||
"repo": "actions/github-script",
|
|
||||||
"version": "v8",
|
|
||||||
"sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
|
|
||||||
},
|
|
||||||
"github/gh-aw/actions/setup@v0.50.7": {
|
|
||||||
"repo": "github/gh-aw/actions/setup",
|
|
||||||
"version": "v0.50.7",
|
|
||||||
"sha": "9cbca3cd9be433a23a38e4da332635097fd40251"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
100
.github/workflows/auto-merge.yaml
vendored
100
.github/workflows/auto-merge.yaml
vendored
|
|
@ -1,100 +0,0 @@
|
||||||
name: Auto-merge automation PRs
|
|
||||||
|
|
||||||
on:
|
|
||||||
# Trigger when CI checks complete on PRs
|
|
||||||
pull_request:
|
|
||||||
types: [opened, synchronize, labeled]
|
|
||||||
# Also trigger when check suites complete
|
|
||||||
check_suite:
|
|
||||||
types: [completed]
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
pull-requests: write
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
auto-merge:
|
|
||||||
name: Auto-merge
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
# Only run for PRs created by agentic workflows (labeled "automation")
|
|
||||||
if: >-
|
|
||||||
(github.event_name == 'pull_request' &&
|
|
||||||
contains(github.event.pull_request.labels.*.name, 'automation')) ||
|
|
||||||
github.event_name == 'check_suite'
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Enable auto-merge for automation PRs
|
|
||||||
uses: actions/github-script@v7
|
|
||||||
with:
|
|
||||||
script: |
|
|
||||||
// Find the PR number depending on the trigger event
|
|
||||||
let prNumber;
|
|
||||||
if (context.eventName === 'pull_request') {
|
|
||||||
prNumber = context.payload.pull_request.number;
|
|
||||||
} else if (context.eventName === 'check_suite') {
|
|
||||||
// Find PRs associated with this check suite
|
|
||||||
const prs = context.payload.check_suite.pull_requests;
|
|
||||||
if (!prs || prs.length === 0) {
|
|
||||||
console.log('No PRs associated with this check suite');
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
prNumber = prs[0].number;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!prNumber) {
|
|
||||||
console.log('No PR number found');
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get the PR details
|
|
||||||
const { data: pr } = await github.rest.pulls.get({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
pull_number: prNumber,
|
|
||||||
});
|
|
||||||
|
|
||||||
// Only auto-merge PRs with the "automation" label
|
|
||||||
const hasAutomationLabel = pr.labels.some(l => l.name === 'automation');
|
|
||||||
if (!hasAutomationLabel) {
|
|
||||||
console.log(`PR #${prNumber} does not have the "automation" label, skipping`);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if all CI checks have passed
|
|
||||||
const { data: checks } = await github.rest.checks.listForRef({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
ref: pr.head.sha,
|
|
||||||
});
|
|
||||||
|
|
||||||
const pending = checks.check_runs.filter(c =>
|
|
||||||
c.name !== 'Auto-merge' && c.status !== 'completed'
|
|
||||||
);
|
|
||||||
const failed = checks.check_runs.filter(c =>
|
|
||||||
c.name !== 'Auto-merge' && c.status === 'completed' && c.conclusion !== 'success' && c.conclusion !== 'skipped'
|
|
||||||
);
|
|
||||||
|
|
||||||
if (pending.length > 0) {
|
|
||||||
console.log(`PR #${prNumber} has ${pending.length} pending checks, will retry when they complete`);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (failed.length > 0) {
|
|
||||||
console.log(`PR #${prNumber} has ${failed.length} failed checks, not merging:`);
|
|
||||||
failed.forEach(c => console.log(` - ${c.name}: ${c.conclusion}`));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// All checks passed — merge the PR
|
|
||||||
console.log(`All checks passed for PR #${prNumber}, merging...`);
|
|
||||||
try {
|
|
||||||
await github.rest.pulls.merge({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
pull_number: prNumber,
|
|
||||||
merge_method: 'merge',
|
|
||||||
});
|
|
||||||
console.log(`PR #${prNumber} merged successfully`);
|
|
||||||
} catch (error) {
|
|
||||||
console.log(`Failed to merge PR #${prNumber}: ${error.message}`);
|
|
||||||
}
|
|
||||||
1477
.github/workflows/ci-doctor.lock.yml
generated
vendored
1477
.github/workflows/ci-doctor.lock.yml
generated
vendored
File diff suppressed because it is too large
Load diff
161
.github/workflows/ci-doctor.md
vendored
161
.github/workflows/ci-doctor.md
vendored
|
|
@ -1,161 +0,0 @@
|
||||||
---
|
|
||||||
description: |
|
|
||||||
Monitors the CI workflow and automatically investigates failures. Analyzes
|
|
||||||
logs to identify root causes, checks for patterns in past failures, and
|
|
||||||
either creates a fix PR directly or opens an issue with detailed diagnosis.
|
|
||||||
Assigns the maintainer only when manual intervention is truly needed.
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_run:
|
|
||||||
workflows: ["CI"]
|
|
||||||
types:
|
|
||||||
- completed
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
|
|
||||||
if: ${{ github.event.workflow_run.conclusion == 'failure' }}
|
|
||||||
|
|
||||||
permissions: read-all
|
|
||||||
|
|
||||||
network: defaults
|
|
||||||
|
|
||||||
safe-outputs:
|
|
||||||
create-issue:
|
|
||||||
title-prefix: "[CI Fix] "
|
|
||||||
labels: [automation, ci-failure]
|
|
||||||
assignees: [imjasonh]
|
|
||||||
create-pull-request:
|
|
||||||
title-prefix: "[CI Fix] "
|
|
||||||
labels: [automation, ci-failure]
|
|
||||||
draft: false
|
|
||||||
add-comment:
|
|
||||||
push-to-pull-request-branch:
|
|
||||||
|
|
||||||
tools:
|
|
||||||
cache-memory: true
|
|
||||||
bash: true
|
|
||||||
web-fetch:
|
|
||||||
github:
|
|
||||||
toolsets: [pull_requests, repos, issues]
|
|
||||||
|
|
||||||
engine: claude
|
|
||||||
|
|
||||||
timeout-minutes: 20
|
|
||||||
---
|
|
||||||
|
|
||||||
# CI Failure Doctor
|
|
||||||
|
|
||||||
You are the CI Failure Doctor for the **git-k8s** project. When CI fails, you investigate the root cause and fix it — or clearly explain what needs human attention.
|
|
||||||
|
|
||||||
## Project Context
|
|
||||||
|
|
||||||
- **Language**: Go 1.24.7, module `github.com/imjasonh/git-k8s`
|
|
||||||
- **CI workflow**: Two jobs — `Build` (compile, test, vet) and `e2e` (KinD cluster + Gitea + controller deployment + integration tests)
|
|
||||||
- **Controllers**: push-controller, sync-controller, resolver-controller, repo-watcher-controller
|
|
||||||
- **Key dependencies**: `go-git/v5`, `k8s.io/client-go`, `knative.dev/pkg`
|
|
||||||
|
|
||||||
## Context
|
|
||||||
|
|
||||||
- **Repository**: ${{ github.repository }}
|
|
||||||
- **Failed Run**: ${{ github.event.workflow_run.id }}
|
|
||||||
- **Conclusion**: ${{ github.event.workflow_run.conclusion }}
|
|
||||||
- **Run URL**: ${{ github.event.workflow_run.html_url }}
|
|
||||||
- **Head SHA**: ${{ github.event.workflow_run.head_sha }}
|
|
||||||
|
|
||||||
## Investigation Protocol
|
|
||||||
|
|
||||||
**Only proceed if the conclusion is `failure` or `cancelled`.** Exit immediately if successful.
|
|
||||||
|
|
||||||
### Phase 1: Identify Failures
|
|
||||||
|
|
||||||
1. Use `get_workflow_run` to get full details of the failed run
|
|
||||||
2. Use `list_workflow_jobs` to identify which jobs failed
|
|
||||||
3. Determine if this is the Build job, e2e job, or both
|
|
||||||
|
|
||||||
### Phase 2: Analyze Logs
|
|
||||||
|
|
||||||
1. Use `get_job_logs` with `failed_only=true` to retrieve logs from failed jobs
|
|
||||||
2. Look for:
|
|
||||||
- **Compilation errors**: missing imports, type mismatches, undefined references
|
|
||||||
- **Test failures**: specific test names, assertion messages, panic traces
|
|
||||||
- **Vet failures**: shadowed variables, unreachable code, printf format mismatches
|
|
||||||
- **go mod tidy drift**: `go.sum` or `go.mod` changes needed
|
|
||||||
- **E2E failures**: controller crash loops, timeout waiting for deployments, Gitea setup failures, test assertions on CRD status
|
|
||||||
- **Infrastructure issues**: KinD cluster creation failures, image pull errors, port-forward failures
|
|
||||||
|
|
||||||
### Phase 3: Check History
|
|
||||||
|
|
||||||
1. Search cached investigation files in `/tmp/memory/investigations/` for similar failures
|
|
||||||
2. Search existing GitHub issues for related problems
|
|
||||||
3. If this is a known recurring pattern, reference previous findings
|
|
||||||
|
|
||||||
### Phase 4: Fix or Escalate
|
|
||||||
|
|
||||||
Based on your analysis, take **one** of the following paths:
|
|
||||||
|
|
||||||
#### Path A: Auto-fix (for clear, mechanical failures)
|
|
||||||
|
|
||||||
These are safe to fix automatically:
|
|
||||||
- `go mod tidy` drift
|
|
||||||
- `go fmt` issues
|
|
||||||
- Missing or extra imports
|
|
||||||
- Simple compilation errors with obvious fixes
|
|
||||||
- Test expectation mismatches due to intentional behavior changes
|
|
||||||
|
|
||||||
Steps:
|
|
||||||
1. Create a new branch from `main`
|
|
||||||
2. Check out the code and apply the fix
|
|
||||||
3. Run `go build ./cmd/push-controller/ && go build ./cmd/sync-controller/ && go build ./cmd/resolver-controller/ && go build ./cmd/repo-watcher-controller/` to verify compilation
|
|
||||||
4. Run `go test ./...` to verify tests pass
|
|
||||||
5. Run `go vet ./...` to verify linting
|
|
||||||
6. Create a pull request with the fix, referencing the failed run
|
|
||||||
|
|
||||||
#### Path B: Detailed diagnosis (for complex failures)
|
|
||||||
|
|
||||||
For failures that require human judgment:
|
|
||||||
1. Create a GitHub issue with the investigation report (template below)
|
|
||||||
2. Assign to @imjasonh with specific questions about the fix approach
|
|
||||||
|
|
||||||
### Phase 5: Store Findings
|
|
||||||
|
|
||||||
Save investigation data to `/tmp/memory/investigations/${{ github.event.workflow_run.id }}.json` with:
|
|
||||||
- Failure type and category
|
|
||||||
- Root cause analysis
|
|
||||||
- Error messages and file paths
|
|
||||||
- Whether an auto-fix was attempted
|
|
||||||
- Resolution status
|
|
||||||
|
|
||||||
## Issue Template
|
|
||||||
|
|
||||||
```markdown
|
|
||||||
## CI Failure Investigation — Run #${{ github.event.workflow_run.run_number }}
|
|
||||||
|
|
||||||
**Run**: [${{ github.event.workflow_run.id }}](${{ github.event.workflow_run.html_url }})
|
|
||||||
**Commit**: ${{ github.event.workflow_run.head_sha }}
|
|
||||||
**Failed jobs**: [list]
|
|
||||||
|
|
||||||
### Root Cause
|
|
||||||
|
|
||||||
[Detailed explanation of what went wrong]
|
|
||||||
|
|
||||||
### Error Details
|
|
||||||
|
|
||||||
[Key error messages with file paths and line numbers]
|
|
||||||
|
|
||||||
### Recommended Fix
|
|
||||||
|
|
||||||
[Specific steps or code changes needed]
|
|
||||||
|
|
||||||
### Questions for @imjasonh
|
|
||||||
|
|
||||||
- [Specific question 1]
|
|
||||||
- [Specific question 2]
|
|
||||||
```
|
|
||||||
|
|
||||||
## Guidelines
|
|
||||||
|
|
||||||
- **Fix what you can** — don't create an issue for something you can auto-fix
|
|
||||||
- **Be specific** — include exact error messages, file paths, and line numbers
|
|
||||||
- **Don't guess** — if the root cause is unclear, say so and ask specific questions
|
|
||||||
- **Check for flakes** — if the same test fails intermittently, note it as a flaky test
|
|
||||||
- **Respect the architecture** — don't change fundamental patterns (reconciler structure, client design) without escalating
|
|
||||||
1360
.github/workflows/code-review.lock.yml
generated
vendored
1360
.github/workflows/code-review.lock.yml
generated
vendored
File diff suppressed because it is too large
Load diff
131
.github/workflows/code-review.md
vendored
131
.github/workflows/code-review.md
vendored
|
|
@ -1,131 +0,0 @@
|
||||||
---
|
|
||||||
description: |
|
|
||||||
Automated code reviewer for pull requests. Analyzes code changes for bugs,
|
|
||||||
security issues, performance problems, Go best practices, and Kubernetes
|
|
||||||
controller patterns. Creates review comments with specific feedback and
|
|
||||||
pushes minor fixes (formatting, linting) directly. Assigns the maintainer
|
|
||||||
only when human judgment is genuinely needed.
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request:
|
|
||||||
types: [opened, synchronize]
|
|
||||||
|
|
||||||
permissions: read-all
|
|
||||||
|
|
||||||
network: defaults
|
|
||||||
|
|
||||||
safe-outputs:
|
|
||||||
create-pull-request-review-comment:
|
|
||||||
max: 10
|
|
||||||
side: "RIGHT"
|
|
||||||
submit-pull-request-review:
|
|
||||||
max: 1
|
|
||||||
push-to-pull-request-branch:
|
|
||||||
add-comment:
|
|
||||||
messages:
|
|
||||||
footer: "> Reviewed by [{workflow_name}]({run_url})"
|
|
||||||
run-started: "[{workflow_name}]({run_url}) is reviewing this pull request..."
|
|
||||||
run-success: "[{workflow_name}]({run_url}) has completed the review."
|
|
||||||
run-failure: "[{workflow_name}]({run_url}) encountered an error ({status})."
|
|
||||||
|
|
||||||
tools:
|
|
||||||
github:
|
|
||||||
lockdown: true
|
|
||||||
toolsets: [pull_requests, repos]
|
|
||||||
bash: true
|
|
||||||
web-fetch:
|
|
||||||
|
|
||||||
engine: claude
|
|
||||||
|
|
||||||
timeout-minutes: 15
|
|
||||||
---
|
|
||||||
|
|
||||||
# Automated Code Reviewer
|
|
||||||
|
|
||||||
You are an expert Go and Kubernetes developer reviewing pull requests for the **git-k8s** project — a Kubernetes-native controller system for managing Git repositories and automated Git operations.
|
|
||||||
|
|
||||||
## Project Context
|
|
||||||
|
|
||||||
- **Language**: Go 1.24.7
|
|
||||||
- **Module**: `github.com/imjasonh/git-k8s`
|
|
||||||
- **Key dependencies**: `go-git/v5`, `k8s.io/client-go`, `knative.dev/pkg`
|
|
||||||
- **Pattern**: Knative-style `KindReconciler[T]` with hand-written typed client over dynamic client
|
|
||||||
- **API group**: `git-k8s.imjasonh.com/v1alpha1`
|
|
||||||
- **Controllers**: push, sync, resolver, repo-watcher (each a separate binary)
|
|
||||||
- **Git operations**: All in-memory via `go-git` with `memory.NewStorage()`
|
|
||||||
|
|
||||||
## Review Protocol
|
|
||||||
|
|
||||||
### Step 1: Understand the Change
|
|
||||||
|
|
||||||
1. Get the pull request details for PR #${{ github.event.pull_request.number }} in `${{ github.repository }}`
|
|
||||||
2. Fetch the list of changed files and review the diff for each file
|
|
||||||
3. Understand the intent of the change from the PR title, description, and commit messages
|
|
||||||
|
|
||||||
### Step 2: Analyze the Code
|
|
||||||
|
|
||||||
Review the changes against these criteria, ordered by priority:
|
|
||||||
|
|
||||||
#### Critical (must block merge)
|
|
||||||
- **Security vulnerabilities**: command injection, credential leaks, unsafe deserialization
|
|
||||||
- **Data loss risks**: incorrect owner references, missing CAS (compare-and-swap) on push transactions
|
|
||||||
- **Concurrency bugs**: race conditions in reconcilers, unsafe shared state
|
|
||||||
- **API contract violations**: breaking changes to CRD types, incorrect status phase transitions
|
|
||||||
|
|
||||||
#### Important (should fix before merge)
|
|
||||||
- **Bug risks**: nil pointer dereferences, unhandled error returns, incorrect error wrapping
|
|
||||||
- **Kubernetes anti-patterns**: missing RBAC for new resources, incorrect label selectors, missing owner references
|
|
||||||
- **Go anti-patterns**: goroutine leaks, deferred calls in loops, shadowed variables
|
|
||||||
- **Controller correctness**: reconciler not idempotent, missing requeue on transient errors, status not updated on all code paths
|
|
||||||
- **Test gaps**: untested error paths in new reconciler logic
|
|
||||||
|
|
||||||
#### Minor (nice to fix)
|
|
||||||
- **Style**: non-idiomatic Go, unnecessary complexity, unclear naming
|
|
||||||
- **Performance**: unnecessary allocations in hot paths, redundant API calls
|
|
||||||
|
|
||||||
### Step 3: Apply Automated Fixes
|
|
||||||
|
|
||||||
If you find issues that are unambiguously fixable (formatting, linting, `go mod tidy`), apply them:
|
|
||||||
|
|
||||||
1. Check out the PR branch
|
|
||||||
2. Run `go fmt ./...` and `go vet ./...`
|
|
||||||
3. Run `go mod tidy` if dependencies changed
|
|
||||||
4. If any files changed, commit and push to the PR branch with a clear message
|
|
||||||
5. Comment on the PR noting what was auto-fixed
|
|
||||||
|
|
||||||
### Step 4: Write Review Comments
|
|
||||||
|
|
||||||
For each issue found:
|
|
||||||
- Create a review comment on the specific file and line
|
|
||||||
- Explain **what** is wrong and **why** it matters
|
|
||||||
- Suggest a fix when possible
|
|
||||||
- Be concise and direct — no filler
|
|
||||||
|
|
||||||
### Step 5: Submit the Review
|
|
||||||
|
|
||||||
Submit a pull request review with your verdict:
|
|
||||||
- **APPROVE** if no critical or important issues remain (after auto-fixes)
|
|
||||||
- **REQUEST_CHANGES** if there are critical or important issues the author must address
|
|
||||||
- **COMMENT** if there are only minor suggestions
|
|
||||||
|
|
||||||
### Step 6: Escalation
|
|
||||||
|
|
||||||
If the change involves any of the following, add a comment tagging @imjasonh and assign the PR to them:
|
|
||||||
- CRD schema changes (anything in `pkg/apis/`)
|
|
||||||
- New controller or major architectural changes
|
|
||||||
- Changes to the CI pipeline itself
|
|
||||||
- Security-sensitive changes (auth, credentials, RBAC)
|
|
||||||
- Changes you are uncertain about
|
|
||||||
|
|
||||||
Use this format for escalation:
|
|
||||||
```
|
|
||||||
@imjasonh — This PR needs your review because: [specific reason and question]
|
|
||||||
```
|
|
||||||
|
|
||||||
## Important Guidelines
|
|
||||||
|
|
||||||
- Focus **only** on changed lines — do not review the entire codebase
|
|
||||||
- Prioritize critical and important issues over minor style nits
|
|
||||||
- When in doubt about intent, leave a question rather than requesting changes
|
|
||||||
- Never approve a PR that introduces security vulnerabilities or data loss risks
|
|
||||||
- Be direct and specific — every comment should be actionable
|
|
||||||
46
.github/workflows/compile-workflows.yaml
vendored
46
.github/workflows/compile-workflows.yaml
vendored
|
|
@ -1,46 +0,0 @@
|
||||||
name: Compile Agentic Workflows
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request:
|
|
||||||
branches: ["main"]
|
|
||||||
paths:
|
|
||||||
- ".github/workflows/*.md"
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
compile:
|
|
||||||
name: Compile
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
# Skip fork PRs: secrets are unavailable, and we should not compile
|
|
||||||
# untrusted .md content from a fork and push it back.
|
|
||||||
if: github.event.pull_request.head.repo.fork == false
|
|
||||||
permissions:
|
|
||||||
contents: read # checkout; push uses GH_PAT explicitly
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
||||||
with:
|
|
||||||
ref: ${{ github.head_ref }}
|
|
||||||
token: ${{ secrets.GH_PAT }}
|
|
||||||
|
|
||||||
- name: Install gh-aw extension
|
|
||||||
run: gh extension install github/gh-aw --version v0.50.7
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_PAT }}
|
|
||||||
|
|
||||||
- name: Compile all agentic workflows
|
|
||||||
run: gh aw compile .github/workflows/*.md
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_PAT }}
|
|
||||||
|
|
||||||
- name: Commit and push lock files if changed
|
|
||||||
run: |
|
|
||||||
git add .github/workflows/*.lock.yml || true
|
|
||||||
if git diff --cached --quiet; then
|
|
||||||
echo "Lock files are up to date."
|
|
||||||
else
|
|
||||||
git config user.name "github-actions[bot]"
|
|
||||||
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
||||||
git commit -m "Recompile agentic workflow lock files"
|
|
||||||
git push
|
|
||||||
fi
|
|
||||||
1308
.github/workflows/dependency-update.lock.yml
generated
vendored
1308
.github/workflows/dependency-update.lock.yml
generated
vendored
File diff suppressed because it is too large
Load diff
131
.github/workflows/dependency-update.md
vendored
131
.github/workflows/dependency-update.md
vendored
|
|
@ -1,131 +0,0 @@
|
||||||
---
|
|
||||||
description: |
|
|
||||||
Scheduled workflow that checks for Go module dependency updates, applies
|
|
||||||
them, fixes any breaking changes, verifies the build and tests pass, and
|
|
||||||
creates a pull request. Handles major version bumps by updating import
|
|
||||||
paths. Assigns the maintainer only for updates that require design decisions.
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule: weekly
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
permissions: read-all
|
|
||||||
|
|
||||||
network:
|
|
||||||
allowed:
|
|
||||||
- go
|
|
||||||
blocked: []
|
|
||||||
|
|
||||||
safe-outputs:
|
|
||||||
create-pull-request:
|
|
||||||
title-prefix: "[Deps] "
|
|
||||||
labels: [automation, dependencies]
|
|
||||||
draft: false
|
|
||||||
create-issue:
|
|
||||||
title-prefix: "[Deps] "
|
|
||||||
labels: [automation, dependencies]
|
|
||||||
assignees: [imjasonh]
|
|
||||||
add-comment:
|
|
||||||
|
|
||||||
tools:
|
|
||||||
bash: true
|
|
||||||
web-fetch:
|
|
||||||
github:
|
|
||||||
toolsets: [pull_requests, repos, issues]
|
|
||||||
|
|
||||||
engine: claude
|
|
||||||
|
|
||||||
timeout-minutes: 30
|
|
||||||
---
|
|
||||||
|
|
||||||
# Dependency Updater
|
|
||||||
|
|
||||||
You are a dependency maintenance agent for the **git-k8s** project. Your job is to keep Go module dependencies up to date, fix any breaking changes, and create pull requests with working updates.
|
|
||||||
|
|
||||||
## Project Context
|
|
||||||
|
|
||||||
- **Language**: Go 1.24.7, module `github.com/imjasonh/git-k8s`
|
|
||||||
- **Key direct dependencies**:
|
|
||||||
- `github.com/go-git/go-git/v5` — all Git operations (clone, push, diff, merge)
|
|
||||||
- `k8s.io/api`, `k8s.io/apimachinery`, `k8s.io/client-go` — Kubernetes API and client
|
|
||||||
- `knative.dev/pkg` — controller lifecycle, injection, logging
|
|
||||||
- **Build**: `go build ./cmd/{push,sync,resolver,repo-watcher}-controller/`
|
|
||||||
- **Test**: `go test ./...`
|
|
||||||
- **Lint**: `go vet ./...`
|
|
||||||
|
|
||||||
## Update Protocol
|
|
||||||
|
|
||||||
### Step 1: Check for Updates
|
|
||||||
|
|
||||||
1. Create a fresh branch from `main`
|
|
||||||
2. Run `go list -m -u all` to check for available updates
|
|
||||||
3. Categorize updates:
|
|
||||||
- **Security patches**: any update flagged by `govulncheck` or known CVEs
|
|
||||||
- **Direct dependency updates**: updates to the 5 direct dependencies listed above
|
|
||||||
- **Indirect dependency updates**: transitive dependency updates
|
|
||||||
- **Go toolchain**: check if a newer Go patch version is available
|
|
||||||
|
|
||||||
### Step 2: Prioritize and Group
|
|
||||||
|
|
||||||
Group updates into logical batches for separate PRs:
|
|
||||||
|
|
||||||
1. **Security fixes** — highest priority, always process first
|
|
||||||
2. **Kubernetes ecosystem** (`k8s.io/*`) — update together since they share versions
|
|
||||||
3. **Knative** (`knative.dev/pkg`) — update separately, may have breaking changes
|
|
||||||
4. **go-git** (`go-git/v5`) — update separately, core to the project
|
|
||||||
5. **Everything else** — bundle remaining indirect updates
|
|
||||||
|
|
||||||
### Step 3: Apply Updates (per batch)
|
|
||||||
|
|
||||||
For each batch:
|
|
||||||
|
|
||||||
1. Run `go get <module>@latest` for each module in the batch
|
|
||||||
2. Run `go mod tidy`
|
|
||||||
3. Attempt to build: `go build ./cmd/push-controller/ && go build ./cmd/sync-controller/ && go build ./cmd/resolver-controller/ && go build ./cmd/repo-watcher-controller/`
|
|
||||||
|
|
||||||
If the build fails:
|
|
||||||
4. Analyze compilation errors
|
|
||||||
5. Fix breaking API changes:
|
|
||||||
- Renamed functions/types: update all call sites
|
|
||||||
- Changed signatures: adapt to new parameter/return types
|
|
||||||
- Removed APIs: find replacement APIs in the new version's docs (use web-fetch)
|
|
||||||
- Import path changes (major version bumps): update all import statements
|
|
||||||
6. Rebuild and iterate until compilation succeeds
|
|
||||||
|
|
||||||
7. Run `go test ./...` and fix any test failures
|
|
||||||
8. Run `go vet ./...` and fix any linting issues
|
|
||||||
|
|
||||||
### Step 4: Create Pull Request
|
|
||||||
|
|
||||||
For each successful batch, create a PR with:
|
|
||||||
- Title summarizing which dependencies were updated
|
|
||||||
- Body listing each dependency, old version, new version
|
|
||||||
- Description of any breaking changes fixed
|
|
||||||
- Confirmation that build, tests, and vet pass
|
|
||||||
|
|
||||||
### Step 5: Handle Failures
|
|
||||||
|
|
||||||
If you cannot resolve breaking changes for a dependency update:
|
|
||||||
1. Do **not** create a PR with broken code
|
|
||||||
2. Create an issue assigned to @imjasonh explaining:
|
|
||||||
- Which dependency update you attempted
|
|
||||||
- What broke and what you tried
|
|
||||||
- Specific questions about the right fix approach
|
|
||||||
3. Move on to the next batch
|
|
||||||
|
|
||||||
### Step 6: Go Toolchain
|
|
||||||
|
|
||||||
If a newer Go patch version is available (e.g., 1.24.8):
|
|
||||||
1. Update `go.mod` directive
|
|
||||||
2. Update `.github/workflows/ci.yaml` `go-version-file` (already uses `go.mod`, but verify)
|
|
||||||
3. Build and test
|
|
||||||
4. Create a separate PR for the Go version bump
|
|
||||||
|
|
||||||
## Guidelines
|
|
||||||
|
|
||||||
- **One logical change per PR** — don't mix Kubernetes updates with go-git updates
|
|
||||||
- **Always verify** — never create a PR without confirming build + test + vet pass
|
|
||||||
- **Fix breaking changes** — don't just bump versions; make the code work with new APIs
|
|
||||||
- **Document what changed** — the PR description should explain what was updated and why
|
|
||||||
- **Security first** — process security-related updates before feature updates
|
|
||||||
- **Skip if current** — if all dependencies are already at their latest versions, exit cleanly without creating issues or PRs
|
|
||||||
1342
.github/workflows/pr-fix.lock.yml
generated
vendored
1342
.github/workflows/pr-fix.lock.yml
generated
vendored
File diff suppressed because it is too large
Load diff
Loading…
Add table
Add a link
Reference in a new issue