-
Notifications
You must be signed in to change notification settings - Fork 1
fix: pin feature-ideation.yml reusable workflow to SHA #129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
51e3e01
78b01b1
2c96651
6337306
abe27c1
1276a40
f20933f
10d65f4
56de9e8
bf39e11
e3d4ff2
9898b79
7ce4b05
7bd093b
13f25ca
6959067
3027c00
436a540
14fe6de
472948f
43e4a04
9c44da4
fe47278
77077ed
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -28,16 +28,22 @@ | |
| # 2. Replace the `project_context` value with a 3-5 sentence description | ||
| # of your project, its target users, and the competitive landscape Mary | ||
| # should research. This is the only required customisation. | ||
| # 3. (Optional) Adjust the schedule cron if Friday morning UTC doesn't suit. | ||
| # 4. Ensure GitHub Discussions is enabled with an "Ideas" category. | ||
| # 5. Confirm the org-level secret CLAUDE_CODE_OAUTH_TOKEN is accessible. | ||
| # 3. (Optional) Copy standards/feature-ideation-sources.md from | ||
| # petry-projects/.github to .github/feature-ideation-sources.md in your | ||
| # repo and trim/extend it for your project. Mary uses YOUR copy — not the | ||
| # central template — so each repo controls its own source list. | ||
| # Pass `sources_file: path/to/your-list.md` to the reusable workflow if | ||
| # you prefer a different location. | ||
| # 4. (Optional) Adjust the schedule cron if Friday morning UTC doesn't suit. | ||
| # 5. Ensure GitHub Discussions is enabled with an "Ideas" category. | ||
| # 6. Confirm the org-level secret CLAUDE_CODE_OAUTH_TOKEN is accessible. | ||
| # | ||
| # Standard: https://github.com/petry-projects/.github/blob/main/standards/ci-standards.md#8-feature-ideation-feature-ideationyml--bmad-method-repos | ||
| name: Feature Research & Ideation (BMAD Analyst) | ||
|
|
||
| on: | ||
| schedule: | ||
| - cron: '0 7 * * 5' # Friday 07:00 UTC (3 AM EDT / 2 AM EST) | ||
| - cron: '0 7 * * 5' # Friday 07:00 UTC (3 AM EDT / 2 AM EST) | ||
| workflow_dispatch: | ||
| inputs: | ||
| focus_area: | ||
|
|
@@ -53,6 +59,11 @@ on: | |
| - quick | ||
| - standard | ||
| - deep | ||
| dry_run: | ||
| description: 'Skip Discussion mutations and log them to a JSONL artifact instead. Use this on a fork to smoke-test before going live.' | ||
| required: false | ||
| default: false | ||
| type: boolean | ||
|
|
||
| permissions: {} | ||
|
|
||
|
|
@@ -64,18 +75,20 @@ jobs: | |
| ideate: | ||
| # Permissions cascade from the calling job to the reusable workflow. | ||
| # The reusable workflow's two jobs (gather-signals + analyze) need: | ||
| # - contents: read (checkout, file reads) | ||
| # - issues: read (signal collection) | ||
| # - pull-requests: read (signal collection) | ||
| # - discussions: write (CRITICAL — create/update Discussion threads) | ||
| # - id-token: write (claude-code-action OIDC for GitHub App token) | ||
| # - contents: read (checkout, file reads) | ||
| # - issues: read (signal collection) | ||
| # - pull-requests: read (signal collection) | ||
| # - discussions: write (CRITICAL — create/update Discussion threads) | ||
| # - id-token: write (claude-code-action OIDC for GitHub App token) | ||
| # - actions: read (feed checkpoint — last successful run query) | ||
| permissions: | ||
| contents: read | ||
| issues: read | ||
| pull-requests: read | ||
| discussions: write | ||
| id-token: write | ||
| uses: petry-projects/.github/.github/workflows/feature-ideation-reusable.yml@v1 | ||
| actions: read | ||
| uses: petry-projects/.github/.github/workflows/feature-ideation-reusable.yml@ee22b427cbce9ecadcf2b436acb57c3adf0cb63d # v1 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Description: Verify that the pinned SHA is the dereferenced commit SHA for the v1 tag.
# Expected: The commit SHA should match ee22b427cbce9ecadcf2b436acb57c3adf0cb63d
# Get tag object info
TAG_INFO=$(gh api repos/petry-projects/.github/git/ref/tags/v1 2>/dev/null || echo '{"message": "Not Found"}')
echo "Tag ref info:"
echo "$TAG_INFO" | jq .
# Check if tag exists
if echo "$TAG_INFO" | jq -e '.message == "Not Found"' > /dev/null 2>&1; then
echo "Tag v1 not found in petry-projects/.github"
exit 0
fi
TAG_SHA=$(echo "$TAG_INFO" | jq -r '.object.sha')
TAG_TYPE=$(echo "$TAG_INFO" | jq -r '.object.type')
echo ""
echo "Tag object SHA: $TAG_SHA"
echo "Tag object type: $TAG_TYPE"
# If annotated tag, dereference to get the commit
if [ "$TAG_TYPE" = "tag" ]; then
echo ""
echo "Annotated tag detected — dereferencing to commit..."
COMMIT_INFO=$(gh api repos/petry-projects/.github/git/tags/$TAG_SHA 2>/dev/null)
COMMIT_SHA=$(echo "$COMMIT_INFO" | jq -r '.object.sha')
echo "Dereferenced commit SHA: $COMMIT_SHA"
else
COMMIT_SHA="$TAG_SHA"
fi
echo ""
echo "Pinned SHA in workflow: ee22b427cbce9ecadcf2b436acb57c3adf0cb63d"
echo "Resolved commit SHA: $COMMIT_SHA"
if [ "$COMMIT_SHA" = "ee22b427cbce9ecadcf2b436acb57c3adf0cb63d" ]; then
echo "✅ SHA matches"
else
echo "⚠️ SHA MISMATCH — the workflow may fail at runtime"
fiRepository: petry-projects/markets Length of output: 716 The pinned SHA is incorrect and does not match the The tag 🤖 Prompt for AI Agents |
||
| with: | ||
| # === CUSTOMISE THIS PER REPO — the only required edit === | ||
| # Replace this paragraph with a 3-5 sentence description of your project, | ||
|
|
@@ -85,7 +98,14 @@ jobs: | |
| TODO: Replace this with a description of the project and its market. | ||
| Example: "ProjectX is a [type of product] for [target user]. Competitors | ||
| include A, B, C. Key emerging trends in this space: X, Y, Z." | ||
| # === OPTIONAL: repo-local reputable source list === | ||
| # Copy standards/feature-ideation-sources.md from petry-projects/.github | ||
| # to .github/feature-ideation-sources.md and customise it. The reusable | ||
| # workflow defaults to that path, so you only need to uncomment and change | ||
| # sources_file below if you store the list somewhere else. | ||
| # sources_file: 'docs/feature-ideation-sources.md' | ||
| focus_area: ${{ inputs.focus_area || '' }} | ||
| research_depth: ${{ inputs.research_depth || 'standard' }} | ||
| dry_run: ${{ inputs.dry_run || false }} | ||
| secrets: | ||
| CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The file header states you “MUST NOT change” the
uses:line and job-levelpermissions:block, but this PR intentionally updates both (SHA pin +actions: read). Consider updating that guidance to clarify that syncing/pinning the reusable ref and adding required permissions is allowed, so future editors aren’t confused by the contradiction.