Runs on both PRs and pushes to main. Compiles all agentic workflow
markdown files and fails if the resulting lock files differ from what's
committed. This ensures contributors run `gh aw compile` before merging.
https://claude.ai/code/session_01JTYNSeJrGzdW6wfAUbdjjw
Triggers on pushes to main that touch .github/workflows/*.md files.
Installs gh-aw, compiles all agentic workflow markdown files, and
commits the resulting .lock.yml files back to the repo.
https://claude.ai/code/session_01JTYNSeJrGzdW6wfAUbdjjw
- Add engine: claude to all agentic workflows (uses ANTHROPIC_API_KEY)
- Fix dependency-update.md network field: use object format instead of
array to match the oneOf schema (string | object)
- Remove pr-fix.md since ci-doctor.md already handles CI failure
investigation and auto-fixing
https://claude.ai/code/session_01JTYNSeJrGzdW6wfAUbdjjw
Auto-merge workflow was using squash merges; change it to use standard
merge commits.
- **`auto-merge.yaml`**: Set `merge_method: 'merge'` (was `'squash'`)
<!-- START COPILOT CODING AGENT TIPS -->
---
💬 We'd love your input! Share your thoughts on Copilot coding agent in
our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
Set up five workflows to automate repository maintenance:
- code-review.md: Automated PR review on open/sync, checks for bugs,
security issues, and Go/K8s anti-patterns. Auto-fixes formatting and
linting. Escalates to maintainer only for CRD/architecture changes.
- ci-doctor.md: Triggers on CI failure, investigates root cause from logs,
auto-fixes mechanical issues (mod tidy, fmt, simple compilation errors),
and creates detailed issues for complex failures.
- pr-fix.md: On-demand /pr-fix command to analyze and fix failing CI checks
on any PR.
- dependency-update.md: Weekly scheduled check for Go module updates.
Groups updates logically (k8s, knative, go-git), fixes breaking changes,
and creates per-batch PRs. Escalates only when fixes need design decisions.
- auto-merge.yaml: Standard GitHub Actions workflow that auto-merges PRs
labeled "automation" once all CI checks pass (squash merge).
All agentic workflows assign @imjasonh only when human judgment is needed,
with specific questions rather than generic notifications.
https://claude.ai/code/session_01JTYNSeJrGzdW6wfAUbdjjw
The repo-watcher's delete loop was unconditionally removing any
GitBranch whose branch name didn't appear on the remote. This caused
a race with the push controller: when a GitBranch is created for a
branch that doesn't yet exist (e.g., before a push transaction),
the watcher would delete it before the push could complete.
Fix: only delete GitBranch CRDs that the repo-watcher itself created,
identified by having an owner reference pointing to the GitRepository.
Branches created manually or by other controllers are left alone.
This fixes the flaky TestPushTransaction e2e test, where the watcher
would delete "e2e-push-feature" before the push controller could
update its headCommit.
https://claude.ai/code/session_01P7xfBqARU5DFS8QJ4uDPVj
Tests cover the key behaviors of the repo-watcher:
- Branch discovery: auto-creates GitBranch CRDs from remote refs
- Owner references: created branches correctly reference GitRepository
- New branch detection: branches added on Gitea are picked up
- Commit update detection: new pushes to Gitea update headCommit
- Branch deletion: branches removed from Gitea trigger CRD deletion
- Multiple branches: all branches on a repo are discovered
- LastFetchTime: status is updated and advances on each poll
- Labels: repository label is set on created branches
- Slash branch names: feature/foo naming handled correctly
Also adds shared e2e helpers for Gitea branch/file operations and
updates CI workflow to deploy and monitor the repo-watcher-controller.
https://claude.ai/code/session_01P7xfBqARU5DFS8QJ4uDPVj
Introduces a fourth controller that watches GitRepository resources and
polls their remotes via git ls-remote on a configurable per-repo interval
(spec.pollInterval, defaulting to 30s). It auto-creates, updates, and
deletes GitBranch CRDs to reflect the actual state of the remote,
enabling fast detection of external pushes to trigger downstream sync.
Key changes:
- Add PollInterval field to GitRepositorySpec
- New pkg/reconciler/repowatcher with controller and reconciler
- New cmd/repo-watcher-controller binary
- CRD manifest updated for pollInterval
- Deployment manifest for the new controller
- Unit tests for ref filtering, naming, and poll interval logic
- CLAUDE.md updated with new controller docs and Go module workaround
https://claude.ai/code/session_01P7xfBqARU5DFS8QJ4uDPVj
Document the project architecture (three-controller design, CRDs),
directory structure, build commands, testing workflows, key dependencies,
and development conventions for AI assistants working on this codebase.
https://claude.ai/code/session_016QCVChhEZLuYZbhcfxyCzw
Move the key-splitting, resource-fetching, and not-found handling into a
generic internal.NewReconciler wrapper so that each reconciler only
implements ReconcileKind(ctx, *TypedResource) — matching the Knative
generated reconciler convention. The controller setup wraps the
reconciler with internal.NewReconciler, which bridges Reconcile(ctx, key)
to ReconcileKind(ctx, *T).
This removes duplicated boilerplate from all three reconcilers (push,
sync, resolver), eliminates their Reconcile/LeaderAware methods, and
makes splitKey an unexported implementation detail.
https://claude.ai/code/session_01Eu3LyxX3G1KCcw4aDzmHvp
- Extract triplicated splitKey into shared pkg/reconciler/internal package
using strings.Cut and removing the unnecessary error return
- Fix resolver merge bug: attemptMerge was using treeA.Hash as the merge
commit tree, silently dropping all of branch B's changes. Now builds a
proper merged tree that applies B's non-conflicting changes onto A's tree
- Replace hand-rolled nestedFieldNoCopy/unstructuredNestedStringMap with
k8s.io/apimachinery's unstructured.NestedStringMap stdlib equivalent
- Hoist branch listing out of per-refspec loop in updateBranches to avoid
redundant API calls
- Add not-found handling in all three reconcilers so deleted resources
don't cause infinite requeue loops
- Fix client.Get() to use checked type assertion with a clear panic message
instead of an opaque nil-pointer dereference
- Remove dead code: unused addDefaultingFuncs wrapper, unused context
injection in push controller setup
https://claude.ai/code/session_01634JRpHEoM9FzuBjZ7qHcY
- Remove Setup Knative step: the project only uses knative.dev/pkg as a
Go library for the controller framework, not Knative Serving/Eventing.
This eliminates the slowest setup step entirely.
- Create config-logging and config-observability ConfigMaps directly,
which is all knative.dev/pkg/injection/sharedmain needs at runtime.
- Deploy Gitea in parallel with ko controller builds instead of
sequentially, so both can start at the same time.
- Combine the "wait for controllers" and "wait for Gitea" steps into one.
- Reduce Gitea readiness probe initialDelaySeconds from 10s to 3s and
periodSeconds from 5s to 3s.
- Reduce Gitea API wait loop sleep from 2s to 1s.
- Reduce e2e test poll interval from 2s to 1s for faster feedback.
https://claude.ai/code/session_018itccL4SXV3eD7iuPwLGYa
Add cache-dependency-path: go.mod to both setup-go steps so that
actions/setup-go caches ~/go/pkg/mod and ~/.cache/go-build across
runs. Since go.sum is not checked in, go.mod is used as the cache key.
https://claude.ai/code/session_011joWLHyHc8v7nDfpNoWkEY
The push controller updates status to InProgress then later to
Succeeded/Failed. The first UpdateStatus call returns a new object with
an updated resourceVersion, but the code was discarding it. Subsequent
status updates used the stale resourceVersion, causing 409 Conflict
errors and an infinite retry loop where transactions never reached a
terminal phase.
Fix: capture the returned object from the InProgress UpdateStatus so
subsequent calls use the correct resourceVersion.
Also adds better timeout diagnostics in e2e test helpers.
https://claude.ai/code/session_01QfFzqKQUsxxBsiZUhuJ3pG
Move all e2e test logic from bash steps in ci.yaml into Go test files
under test/e2e/. CI now sets up infrastructure (KinD, Knative, CRDs,
controllers, Gitea) then runs `go test -tags=e2e ./test/e2e/`.
Benefits:
- Tests run concurrently via t.Parallel()
- No more bash-in-YAML maintenance burden
- Each test creates its own isolated resources with cleanup
- Proper Go test output with -v
- Build-tagged so `go test ./...` skips them
Tests:
- TestPushTransaction: push main to a new branch, verify on git server
- TestPushTransactionMultipleRefSpecs: push to two branches at once
- TestRepoSync: create two repos, set up GitRepoSync, verify controller
https://claude.ai/code/session_01QfFzqKQUsxxBsiZUhuJ3pG
Add unit tests for all packages that previously had zero test coverage:
- pkg/apis/git/v1alpha1: defaults, deepcopy, scheme registration, constants
- pkg/client: toUnstructured/fromUnstructured round-trips, context injection
- pkg/reconciler/push: splitKey, nestedFieldNoCopy, unstructuredNestedStringMap, base64 decoding
- pkg/reconciler/sync: splitKey
- pkg/reconciler/resolver: splitKey, changeName
Add e2e test exercising the sync controller:
- Creates second Gitea repo and GitRepository CR
- Creates GitBranch CRs with headCommit set via status subresource patch
- Creates GitRepoSync CR and verifies the sync controller processes it
https://claude.ai/code/session_01QfFzqKQUsxxBsiZUhuJ3pG
Gitea 1.21 refuses to run as root. The non-rootless image's
entrypoint switches to the git user, but kubectl exec still runs
as root, causing `gitea admin user create` to fail with:
"Gitea is not supposed to be run as root"
Switch to gitea/gitea:1.21-rootless which runs as UID 1000,
and mount emptyDir volumes at /var/lib/gitea and /etc/gitea.
https://claude.ai/code/session_01QfFzqKQUsxxBsiZUhuJ3pG
- Add explicit API readiness check inside the pod before running
admin commands (readiness probe alone may pass before DB is ready)
- Split "Initialize Gitea" into separate steps for better failure
diagnostics: "Create Gitea admin user" and "Create test repository"
https://claude.ai/code/session_01QfFzqKQUsxxBsiZUhuJ3pG
The `---` between the Deployment and Service was indented inside
the heredoc, so kubectl didn't recognize it as a document separator.
Split into two separate kubectl apply calls.
https://claude.ai/code/session_01QfFzqKQUsxxBsiZUhuJ3pG
Replace the stub smoke test (which only verified CRD creation) with a
full end-to-end test that:
- Deploys Gitea as an in-cluster git server (emptyDir, auto-install)
- Initializes a test repository with an admin user and initial commit
- Creates GitRepository, GitBranch, and GitPushTransaction CRDs
- Verifies the push controller clones, pushes main to a new branch,
and transitions the transaction to Succeeded
- Verifies the controller updates the GitBranch CR's headCommit
- Verifies the new branch actually exists on the git server
Also fixes a bug in the push controller's resolveAuth: Secret data
values are base64-encoded when accessed via the dynamic client, but
were being used directly without decoding, causing authentication
failures.
https://claude.ai/code/session_01QfFzqKQUsxxBsiZUhuJ3pG
The Knative reconciler.LeaderAware interface requires:
Promote(Bucket, func(Bucket, types.NamespacedName)) error
Our code had the wrong enqueue function signature using
(Bucket, string) error instead.
https://claude.ai/code/session_01QfFzqKQUsxxBsiZUhuJ3pG