Skip to content

chore: sync gh-aw workflows to upstream HEAD (cb66d12 → 524090c)#109

Open
verkyyi wants to merge 1 commit intomainfrom
chore/sync-gh-aw-workflows
Open

chore: sync gh-aw workflows to upstream HEAD (cb66d12 → 524090c)#109
verkyyi wants to merge 1 commit intomainfrom
chore/sync-gh-aw-workflows

Conversation

@verkyyi
Copy link
Copy Markdown
Owner

@verkyyi verkyyi commented Apr 20, 2026

Summary

Catches the .github/workflows/*.md files up to upstream verkyyi/github-agent-runner@main. Our install was 8 commits behind, including the v0.2 audit fix that repairs a silently-broken pipeline-summary lookup in the reviewer agent.

What changed

Behavior change

  • reviewer-agent.md: gh run list --workflow=<file>.yml replaced with gh run list --workflow="Spec Agent" etc. The old form returned empty results — every pipeline-summary comment on approve had stale / blank run links. Fixed upstream in c99b00f.

Housekeeping

  • All four agent-team .md source SHAs bumped cb66d12524090c.
  • implementer-agent.md gets a trailing newline (cosmetic).
  • github/gh-aw-actions/setup action pinned v0.68.3v0.68.7.
  • Lock files regenerated.

Known advisories

Surfaced by gh aw update and intentionally not addressed in this PR:

Advisory Why deferred
implementer-agent.md source still @main, not a SHA gh aw update preserves the install-time source ref string; the rewrite to a uniform SHA pin is tracked upstream as verkyyi/github-agent-runner#47.
New restricted secret ANTHROPIC_API_KEY in compiled manifest We run engine: claude with CLAUDE_CODE_OAUTH_TOKEN; the ANTHROPIC_API_KEY reference is an unused fallback path baked into the upstream lock template. Benign.
pull-requests: read permission missing on spec/planner Toolset requirement tightened upstream; our stages don't touch PRs — kept as-is to avoid over-granting.
6 container image digests unresolved in lock files Local env lacks Docker/crane. GitHub Actions runtime uses tag refs regardless.

Related

  • Upstream proposal: verkyyi/github-agent-runner#60/sync-workflows skill to orchestrate this whole flow (layer-A plugin update + layer-B workflow update + preview + PR) in one command. The manual process done for this PR is what that skill would automate.
  • Consumer feedback pipeline: verkyyi/github-agent-runner#58.

Test plan

  • Merge → observe daily-repo-status runs on schedule without regression.
  • Next agent-team task dispatched on this repo: confirm reviewer's pipeline-summary table has real run links (not stale/blank ones).

@verkyyi
Sync gh-aw workflows to upstream HEAD (cb66d12 → 524090c)
384a3c2 
Pulls 8 upstream commits from verkyyi/github-agent-runner catalog, most
notably:

- reviewer-agent.md: fix the gh run list --workflow= lookup to use the
  display name (e.g. "Spec Agent") instead of the file basename — the
  previous form returned empty results, breaking the pipeline-summary
  run-ID links silently. (c99b00f, v0.2 audit fix)
- Tier-2/3 catalog tests upstream — not adopted, catalog-only.
- github/gh-aw-actions/setup v0.68.3 → v0.68.7.

Known advisories surfaced by gh aw update (acknowledged, not acted on):
- implementer-agent.md source still @main (not a SHA). gh aw update
  preserved the install-time ref value; rewriting to a pinned SHA is
  tracked upstream as verkyyi/github-agent-runner#47.
- New restricted secret ANTHROPIC_API_KEY appears in compiled lock
  manifests. We use CLAUDE_CODE_OAUTH_TOKEN at runtime (engine: claude);
  the ANTHROPIC_API_KEY reference is an unused fallback path in the
  compiled YAML. Safe to carry.
- pull-requests: read permission missing on spec-agent / planner-agent
  per new toolset requirements. Kept as-is for now — current runs don't
  need pull-requests access at those stages.
- Local digest resolution unavailable (Docker/crane not in this env) so
  6 container images in lock files stay on tag refs rather than
  sha256: digests. GitHub Actions runtime unaffected.

Companion upstream work: verkyyi/github-agent-runner#60 proposes a
/sync-workflows skill to orchestrate both layers of the update path.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@verkyyi