Skip to content
Closed
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
51e3e01
fix: pin feature-ideation.yml reusable workflow to SHA
github-actions[bot] Apr 19, 2026
78b01b1
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] Apr 21, 2026
2c96651
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] Apr 25, 2026
6337306
retrigger: bump workflows to run checks
claude Apr 28, 2026
abe27c1
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 3, 2026
1276a40
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 4, 2026
f20933f
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 4, 2026
10d65f4
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 4, 2026
56de9e8
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 4, 2026
bf39e11
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 4, 2026
e3d4ff2
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 5, 2026
9898b79
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 10, 2026
7ce4b05
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 11, 2026
7bd093b
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 11, 2026
13f25ca
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 11, 2026
6959067
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 12, 2026
3027c00
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 13, 2026
436a540
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 15, 2026
14fe6de
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 16, 2026
472948f
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 18, 2026
43e4a04
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 18, 2026
9c44da4
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 19, 2026
fe47278
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 19, 2026
77077ed
Merge branch 'main' into claude/issue-88-20260419-1833
github-actions[bot] May 19, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 30 additions & 10 deletions .github/workflows/feature-ideation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,22 @@
# 2. Replace the `project_context` value with a 3-5 sentence description
# of your project, its target users, and the competitive landscape Mary
# should research. This is the only required customisation.
# 3. (Optional) Adjust the schedule cron if Friday morning UTC doesn't suit.
# 4. Ensure GitHub Discussions is enabled with an "Ideas" category.
# 5. Confirm the org-level secret CLAUDE_CODE_OAUTH_TOKEN is accessible.
# 3. (Optional) Copy standards/feature-ideation-sources.md from
# petry-projects/.github to .github/feature-ideation-sources.md in your
# repo and trim/extend it for your project. Mary uses YOUR copy — not the
# central template — so each repo controls its own source list.
# Pass `sources_file: path/to/your-list.md` to the reusable workflow if
# you prefer a different location.
# 4. (Optional) Adjust the schedule cron if Friday morning UTC doesn't suit.
# 5. Ensure GitHub Discussions is enabled with an "Ideas" category.
# 6. Confirm the org-level secret CLAUDE_CODE_OAUTH_TOKEN is accessible.
#
# Standard: https://github.com/petry-projects/.github/blob/main/standards/ci-standards.md#8-feature-ideation-feature-ideationyml--bmad-method-repos
name: Feature Research & Ideation (BMAD Analyst)

on:
schedule:
- cron: '0 7 * * 5' # Friday 07:00 UTC (3 AM EDT / 2 AM EST)
- cron: '0 7 * * 5' # Friday 07:00 UTC (3 AM EDT / 2 AM EST)
workflow_dispatch:
inputs:
focus_area:
Expand All @@ -53,6 +59,11 @@ on:
- quick
- standard
- deep
dry_run:
description: 'Skip Discussion mutations and log them to a JSONL artifact instead. Use this on a fork to smoke-test before going live.'
required: false
default: false
type: boolean

permissions: {}

Expand All @@ -64,18 +75,20 @@ jobs:
ideate:
# Permissions cascade from the calling job to the reusable workflow.
# The reusable workflow's two jobs (gather-signals + analyze) need:
# - contents: read (checkout, file reads)
# - issues: read (signal collection)
# - pull-requests: read (signal collection)
# - discussions: write (CRITICAL — create/update Discussion threads)
# - id-token: write (claude-code-action OIDC for GitHub App token)
# - contents: read (checkout, file reads)
# - issues: read (signal collection)
# - pull-requests: read (signal collection)
# - discussions: write (CRITICAL — create/update Discussion threads)
# - id-token: write (claude-code-action OIDC for GitHub App token)
# - actions: read (feed checkpoint — last successful run query)
permissions:
contents: read
issues: read
pull-requests: read
discussions: write
id-token: write
uses: petry-projects/.github/.github/workflows/feature-ideation-reusable.yml@v1
actions: read
uses: petry-projects/.github/.github/workflows/feature-ideation-reusable.yml@ee22b427cbce9ecadcf2b436acb57c3adf0cb63d # v1

Copilot AI Apr 19, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file header states you “MUST NOT change” the uses: line and job-level permissions: block, but this PR intentionally updates both (SHA pin + actions: read). Consider updating that guidance to clarify that syncing/pinning the reusable ref and adding required permissions is allowed, so future editors aren’t confused by the contradiction.

Copilot uses AI. Check for mistakes.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify that the pinned SHA is the dereferenced commit SHA for the v1 tag.
# Expected: The commit SHA should match ee22b427cbce9ecadcf2b436acb57c3adf0cb63d

# Get tag object info
TAG_INFO=$(gh api repos/petry-projects/.github/git/ref/tags/v1 2>/dev/null || echo '{"message": "Not Found"}')
echo "Tag ref info:"
echo "$TAG_INFO" | jq .

# Check if tag exists
if echo "$TAG_INFO" | jq -e '.message == "Not Found"' > /dev/null 2>&1; then
  echo "Tag v1 not found in petry-projects/.github"
  exit 0
fi

TAG_SHA=$(echo "$TAG_INFO" | jq -r '.object.sha')
TAG_TYPE=$(echo "$TAG_INFO" | jq -r '.object.type')

echo ""
echo "Tag object SHA: $TAG_SHA"
echo "Tag object type: $TAG_TYPE"

# If annotated tag, dereference to get the commit
if [ "$TAG_TYPE" = "tag" ]; then
  echo ""
  echo "Annotated tag detected — dereferencing to commit..."
  COMMIT_INFO=$(gh api repos/petry-projects/.github/git/tags/$TAG_SHA 2>/dev/null)
  COMMIT_SHA=$(echo "$COMMIT_INFO" | jq -r '.object.sha')
  echo "Dereferenced commit SHA: $COMMIT_SHA"
else
  COMMIT_SHA="$TAG_SHA"
fi

echo ""
echo "Pinned SHA in workflow: ee22b427cbce9ecadcf2b436acb57c3adf0cb63d"
echo "Resolved commit SHA:    $COMMIT_SHA"

if [ "$COMMIT_SHA" = "ee22b427cbce9ecadcf2b436acb57c3adf0cb63d" ]; then
  echo "✅ SHA matches"
else
  echo "⚠️  SHA MISMATCH — the workflow may fail at runtime"
fi

Repository: petry-projects/markets

Length of output: 716


The pinned SHA is incorrect and does not match the v1 tag.

The tag v1 in petry-projects/.github currently resolves to commit d3d768dabb7f28cc63283cdfe48630da53700e50, not the pinned SHA ee22b427cbce9ecadcf2b436acb57c3adf0cb63d. GitHub Actions will fail to locate the reusable workflow at runtime using the incorrect SHA. Update the pinned SHA to match the commit that v1 actually points to.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/feature-ideation.yml at line 91, The pinned SHA in the
reusable workflow reference (the string after the @ in the uses line:
petry-projects/.github/.github/workflows/feature-ideation-reusable.yml@ee22b427cbce9ecadcf2b436acb57c3adf0cb63d)
does not match the actual commit pointed to by the v1 tag; update that SHA to
the commit ID that v1 currently resolves to (replace
ee22b427cbce9ecadcf2b436acb57c3adf0cb63d with
d3d768dabb7f28cc63283cdfe48630da53700e50) so the reusable workflow reference
matches the v1 tag and GitHub Actions can locate the workflow at runtime.

with:
# === CUSTOMISE THIS PER REPO — the only required edit ===
# Replace this paragraph with a 3-5 sentence description of your project,
Expand All @@ -85,7 +98,14 @@ jobs:
TODO: Replace this with a description of the project and its market.
Example: "ProjectX is a [type of product] for [target user]. Competitors
include A, B, C. Key emerging trends in this space: X, Y, Z."
# === OPTIONAL: repo-local reputable source list ===
# Copy standards/feature-ideation-sources.md from petry-projects/.github
# to .github/feature-ideation-sources.md and customise it. The reusable
# workflow defaults to that path, so you only need to uncomment and change
# sources_file below if you store the list somewhere else.
# sources_file: 'docs/feature-ideation-sources.md'
focus_area: ${{ inputs.focus_area || '' }}
research_depth: ${{ inputs.research_depth || 'standard' }}
dry_run: ${{ inputs.dry_run || false }}
secrets:
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}