Skip to content
.github/workflows/pre-merge.yml

Refresh forge health issues and glob parity #1671

Sign in to view logs

Refresh forge health issues and glob parity

Refresh forge health issues and glob parity #1671

Workflow file for this run

.github/workflows/pre-merge.yml at 280994f
name: github-shadow-ci
on:
pull_request:
branches: [master]
schedule:
- cron: '0 8 * * *'
workflow_dispatch:
inputs:
mode:
description: Which advisory shadow suite to run
type: choice
options:
- pre-merge
- nightly
default: pre-merge
permissions:
contents: read
pull-requests: read
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.select.outputs.matrix }}
selected_count: ${{ steps.select.outputs.selected_count }}
selected_titles: ${{ steps.select.outputs.selected_titles }}
changed_paths: ${{ steps.select.outputs.changed_paths }}
lane_mode: ${{ steps.mode.outputs.lane_mode }}
steps:
- name: Resolve lane mode
id: mode
run: |
if [[ "${{ github.event_name }}" == "schedule" ]]; then
echo "lane_mode=nightly" >> "$GITHUB_OUTPUT"
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
echo "lane_mode=branch" >> "$GITHUB_OUTPUT"
elif [[ "${{ github.event.inputs.mode }}" == "nightly" ]]; then
echo "lane_mode=nightly" >> "$GITHUB_OUTPUT"
else
echo "lane_mode=branch" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.sha }}
fetch-depth: 0
persist-credentials: false
- uses: actions/checkout@v4
if: github.event_name == 'pull_request'
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.sha }}
path: pr
fetch-depth: 0
persist-credentials: false
- name: Select shadow lanes from forge manifest
id: select
run: |
repo_root="$GITHUB_WORKSPACE"
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
repo_root="$GITHUB_WORKSPACE/pr"
fi
export FORGE_GITHUB_CI_REPO_ROOT="$repo_root"
args=(
python3 scripts/forge-github-ci-shim.py select
--mode "${{ steps.mode.outputs.lane_mode }}"
--github-output "$GITHUB_OUTPUT"
)
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
args+=(
--base "${{ github.event.pull_request.base.sha }}"
--head "${{ github.event.pull_request.head.sha }}"
--compare-repo-root "$GITHUB_WORKSPACE"
--head-repo-root "$GITHUB_WORKSPACE/pr"
)
elif [[ "${{ steps.mode.outputs.lane_mode }}" == "branch" ]]; then
args+=(--all)
fi
"${args[@]}"
- name: Summarize shadow selection
run: |
{
echo "## GitHub shadow selection"
echo
echo "- canonical control plane: \`git.pikachat.org\` forge"
echo "- GitHub role: mirror + advisory shadow CI only"
echo "- mode: \`${{ steps.mode.outputs.lane_mode }}\`"
echo "- selected lanes: \`${{ steps.select.outputs.selected_count }}\`"
echo
echo "### Selected lane titles"
if [[ -n "${{ steps.select.outputs.selected_titles }}" ]]; then
while IFS= read -r line; do
[[ -n "$line" ]] && echo "- $line"
done <<< "${{ steps.select.outputs.selected_titles }}"
else
echo "- none"
fi
echo
echo "### Changed paths"
if [[ -n "${{ steps.select.outputs.changed_paths }}" ]]; then
while IFS= read -r line; do
[[ -n "$line" ]] && echo "- \`$line\`"
done <<< "${{ steps.select.outputs.changed_paths }}"
else
echo "- none"
fi
} >> "$GITHUB_STEP_SUMMARY"
lane:
needs: [prepare]
if: needs.prepare.outputs.selected_count != '0'
runs-on: ${{ matrix.runner }}
timeout-minutes: ${{ matrix.timeout_minutes }}
environment:
name: ${{ contains(fromJSON('["justinmoon","futurepaul","AnthonyRonning","benthecarman","clarkmoody"]'), github.actor) == false && 'ci-approval' || 'ci-auto' }}
strategy:
fail-fast: false
matrix:
include: ${{ fromJSON(needs.prepare.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.sha }}
fetch-depth: 0
persist-credentials: false
- uses: actions/checkout@v4
if: github.event_name == 'pull_request'
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.sha }}
path: pr
fetch-depth: 0
persist-credentials: false
- uses: actions/checkout@v4
if: matrix.needs_openclaw_checkout
with:
repository: openclaw/openclaw
path: ${{ github.event_name == 'pull_request' && 'pr/openclaw' || 'openclaw' }}
- uses: useblacksmith/stickydisk@v1
with:
key: ${{ github.repository }}-${{ matrix.mode }}-nix-v2-${{ runner.os }}
path: /nix
- uses: useblacksmith/stickydisk@v1
with:
key: ${{ github.repository }}-${{ matrix.mode }}-cargo-home-v2-${{ runner.os }}
path: ~/.cargo
- uses: useblacksmith/stickydisk@v1
with:
key: ${{ github.repository }}-${{ matrix.mode }}-cargo-target-v2-${{ runner.os }}
path: |
target
pr/target
- uses: useblacksmith/stickydisk@v1
if: matrix.needs_gradle_cache
with:
key: ${{ github.repository }}-${{ matrix.mode }}-gradle-v2-${{ runner.os }}
path: ~/.gradle
- name: Fix /nix ownership
run: |
if [ -d /nix ] && [ "$(stat -c %u /nix)" != "$(id -u)" ]; then
sudo chown -R "$(id -u):$(id -g)" /nix
fi
- uses: nixbuild/nix-quick-install-action@v30
- name: Load Apple mini CI env
if: matrix.uses_apple_remote && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
id: apple_env
env:
AGE_SECRET_KEY: ${{ secrets.AGE_SECRET_KEY }}
PIKA_SHELL_QUIET: "1"
run: nix develop .#default -c ./scripts/write-pikaci-apple-github-env
- name: Join Tailscale
if: matrix.uses_apple_remote && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
uses: tailscale/github-action@v4
with:
authkey: ${{ steps.apple_env.outputs.tailscale_authkey }}
hostname: gha-shadow-${{ matrix.id }}-${{ github.run_id }}
ping: ${{ steps.apple_env.outputs.ssh_host }}
- name: Skip trusted-only lane on fork PR
if: matrix.uses_apple_remote && github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository
run: |
{
echo "## Advisory shadow lane"
echo
echo "- lane: \`${{ matrix.title }}\`"
echo "- result: skipped on fork PR because this lane needs trusted runtime credentials"
echo "- selector/runner code source: trusted base-repo checkout"
} >> "$GITHUB_STEP_SUMMARY"
- name: Run advisory shadow lane
if: !matrix.uses_apple_remote || github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository

Check failure on line 211 in .github/workflows/pre-merge.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/pre-merge.yml

Invalid workflow file 

You have an error in your yaml syntax on line 211
run: |
repo_root="$GITHUB_WORKSPACE"
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
repo_root="$GITHUB_WORKSPACE/pr"
fi
export FORGE_GITHUB_CI_REPO_ROOT="$repo_root"
python3 scripts/forge-github-ci-shim.py run --mode "${{ matrix.mode }}" --lane-id "${{ matrix.id }}"
- name: Summarize lane
if: always()
run: |
{
echo "## Advisory shadow lane"
echo
echo "- lane: \`${{ matrix.title }}\`"
echo "- id: \`${{ matrix.id }}\`"
echo "- entrypoint: \`${{ matrix.entrypoint }}\`"
echo "- command: \`${{ matrix.command_shell }}\`"
echo "- canonical control plane: \`git.pikachat.org\` forge"
echo "- GitHub role: advisory mirror validation only"
echo "- selector/runner code source: trusted base-repo checkout"
} >> "$GITHUB_STEP_SUMMARY"
shadow-summary:
if: always()
needs: [prepare, lane]
runs-on: ubuntu-latest
steps:
- name: Summarize advisory workflow role
run: |
{
echo "## GitHub shadow CI"
echo
echo "- canonical pre-merge/nightly orchestration lives in the forge on \`git.pikachat.org\`"
echo "- this workflow mirrors the checked-in forge manifest and is advisory only"
echo "- release/TestFlight workflows remain intentionally GitHub-owned"
echo "- selected lane count: \`${{ needs.prepare.outputs.selected_count || '0' }}\`"
echo "- lane job result: \`${{ needs.lane.result || 'skipped' }}\`"
} >> "$GITHUB_STEP_SUMMARY"