mirror of
https://github.com/imjasonh/git-k8s
synced 2026-07-12 00:19:47 +00:00
Add GitHub Agentic Workflows for automated repo maintenance
Set up five workflows to automate repository maintenance: - code-review.md: Automated PR review on open/sync, checks for bugs, security issues, and Go/K8s anti-patterns. Auto-fixes formatting and linting. Escalates to maintainer only for CRD/architecture changes. - ci-doctor.md: Triggers on CI failure, investigates root cause from logs, auto-fixes mechanical issues (mod tidy, fmt, simple compilation errors), and creates detailed issues for complex failures. - pr-fix.md: On-demand /pr-fix command to analyze and fix failing CI checks on any PR. - dependency-update.md: Weekly scheduled check for Go module updates. Groups updates logically (k8s, knative, go-git), fixes breaking changes, and creates per-batch PRs. Escalates only when fixes need design decisions. - auto-merge.yaml: Standard GitHub Actions workflow that auto-merges PRs labeled "automation" once all CI checks pass (squash merge). All agentic workflows assign @imjasonh only when human judgment is needed, with specific questions rather than generic notifications. https://claude.ai/code/session_01JTYNSeJrGzdW6wfAUbdjjw
This commit is contained in:
parent
2798083edc
commit
9df8fbb1ff
5 changed files with 619 additions and 0 deletions
128
.github/workflows/dependency-update.md
vendored
Normal file
128
.github/workflows/dependency-update.md
vendored
Normal file
|
|
@ -0,0 +1,128 @@
|
|||
---
|
||||
description: |
|
||||
Scheduled workflow that checks for Go module dependency updates, applies
|
||||
them, fixes any breaking changes, verifies the build and tests pass, and
|
||||
creates a pull request. Handles major version bumps by updating import
|
||||
paths. Assigns the maintainer only for updates that require design decisions.
|
||||
|
||||
on:
|
||||
schedule: weekly
|
||||
workflow_dispatch:
|
||||
|
||||
permissions: read-all
|
||||
|
||||
network:
|
||||
- defaults
|
||||
- go
|
||||
|
||||
safe-outputs:
|
||||
create-pull-request:
|
||||
title-prefix: "[Deps] "
|
||||
labels: [automation, dependencies]
|
||||
draft: false
|
||||
create-issue:
|
||||
title-prefix: "[Deps] "
|
||||
labels: [automation, dependencies]
|
||||
assignees: [imjasonh]
|
||||
add-comment:
|
||||
|
||||
tools:
|
||||
bash: true
|
||||
web-fetch:
|
||||
github:
|
||||
toolsets: [pull_requests, repos, issues]
|
||||
|
||||
timeout-minutes: 30
|
||||
---
|
||||
|
||||
# Dependency Updater
|
||||
|
||||
You are a dependency maintenance agent for the **git-k8s** project. Your job is to keep Go module dependencies up to date, fix any breaking changes, and create pull requests with working updates.
|
||||
|
||||
## Project Context
|
||||
|
||||
- **Language**: Go 1.24.7, module `github.com/imjasonh/git-k8s`
|
||||
- **Key direct dependencies**:
|
||||
- `github.com/go-git/go-git/v5` — all Git operations (clone, push, diff, merge)
|
||||
- `k8s.io/api`, `k8s.io/apimachinery`, `k8s.io/client-go` — Kubernetes API and client
|
||||
- `knative.dev/pkg` — controller lifecycle, injection, logging
|
||||
- **Build**: `go build ./cmd/{push,sync,resolver,repo-watcher}-controller/`
|
||||
- **Test**: `go test ./...`
|
||||
- **Lint**: `go vet ./...`
|
||||
|
||||
## Update Protocol
|
||||
|
||||
### Step 1: Check for Updates
|
||||
|
||||
1. Create a fresh branch from `main`
|
||||
2. Run `go list -m -u all` to check for available updates
|
||||
3. Categorize updates:
|
||||
- **Security patches**: any update flagged by `govulncheck` or known CVEs
|
||||
- **Direct dependency updates**: updates to the 5 direct dependencies listed above
|
||||
- **Indirect dependency updates**: transitive dependency updates
|
||||
- **Go toolchain**: check if a newer Go patch version is available
|
||||
|
||||
### Step 2: Prioritize and Group
|
||||
|
||||
Group updates into logical batches for separate PRs:
|
||||
|
||||
1. **Security fixes** — highest priority, always process first
|
||||
2. **Kubernetes ecosystem** (`k8s.io/*`) — update together since they share versions
|
||||
3. **Knative** (`knative.dev/pkg`) — update separately, may have breaking changes
|
||||
4. **go-git** (`go-git/v5`) — update separately, core to the project
|
||||
5. **Everything else** — bundle remaining indirect updates
|
||||
|
||||
### Step 3: Apply Updates (per batch)
|
||||
|
||||
For each batch:
|
||||
|
||||
1. Run `go get <module>@latest` for each module in the batch
|
||||
2. Run `go mod tidy`
|
||||
3. Attempt to build: `go build ./cmd/push-controller/ && go build ./cmd/sync-controller/ && go build ./cmd/resolver-controller/ && go build ./cmd/repo-watcher-controller/`
|
||||
|
||||
If the build fails:
|
||||
4. Analyze compilation errors
|
||||
5. Fix breaking API changes:
|
||||
- Renamed functions/types: update all call sites
|
||||
- Changed signatures: adapt to new parameter/return types
|
||||
- Removed APIs: find replacement APIs in the new version's docs (use web-fetch)
|
||||
- Import path changes (major version bumps): update all import statements
|
||||
6. Rebuild and iterate until compilation succeeds
|
||||
|
||||
7. Run `go test ./...` and fix any test failures
|
||||
8. Run `go vet ./...` and fix any linting issues
|
||||
|
||||
### Step 4: Create Pull Request
|
||||
|
||||
For each successful batch, create a PR with:
|
||||
- Title summarizing which dependencies were updated
|
||||
- Body listing each dependency, old version, new version
|
||||
- Description of any breaking changes fixed
|
||||
- Confirmation that build, tests, and vet pass
|
||||
|
||||
### Step 5: Handle Failures
|
||||
|
||||
If you cannot resolve breaking changes for a dependency update:
|
||||
1. Do **not** create a PR with broken code
|
||||
2. Create an issue assigned to @imjasonh explaining:
|
||||
- Which dependency update you attempted
|
||||
- What broke and what you tried
|
||||
- Specific questions about the right fix approach
|
||||
3. Move on to the next batch
|
||||
|
||||
### Step 6: Go Toolchain
|
||||
|
||||
If a newer Go patch version is available (e.g., 1.24.8):
|
||||
1. Update `go.mod` directive
|
||||
2. Update `.github/workflows/ci.yaml` `go-version-file` (already uses `go.mod`, but verify)
|
||||
3. Build and test
|
||||
4. Create a separate PR for the Go version bump
|
||||
|
||||
## Guidelines
|
||||
|
||||
- **One logical change per PR** — don't mix Kubernetes updates with go-git updates
|
||||
- **Always verify** — never create a PR without confirming build + test + vet pass
|
||||
- **Fix breaking changes** — don't just bump versions; make the code work with new APIs
|
||||
- **Document what changed** — the PR description should explain what was updated and why
|
||||
- **Security first** — process security-related updates before feature updates
|
||||
- **Skip if current** — if all dependencies are already at their latest versions, exit cleanly without creating issues or PRs
|
||||
Loading…
Add table
Add a link
Reference in a new issue