Skip to content

Commit 8ef46e7

Browse files
authored
Merge pull request #9 from baskduf/fix/ci-fable-source-fetch
ci: fix pinned FABLE source fetch
2 parents 299ec1f + fc34134 commit 8ef46e7

2 files changed

Lines changed: 19 additions & 5 deletions

File tree

.github/workflows/ci.yml

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -42,18 +42,14 @@ jobs:
4242
sh -n plugins/codex-fable5/bin/codex-goals
4343
4444
- name: Fetch pinned FABLE-5 source
45-
env:
46-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4745
run: |
4846
set -euo pipefail
4947
mkdir -p build/fable5
5048
# The pin lives in the coverage matrix's preamble. Hardcode the
5149
# commit SHA from the matrix's source note for explicit traceability.
5250
PIN="dc626fed52b06d687cdc812d51090c95ed03d575"
5351
curl -fsSL \
54-
-H "Authorization: Bearer ${GH_TOKEN}" \
55-
-H "Accept: application/vnd.github.raw" \
56-
"https://api.github.com/repos/elder-plinius/CL4R1T4S/contents/ANTHROPIC/CLAUDE-FABLE-5.md?ref=${PIN}" \
52+
"https://raw.githubusercontent.com/elder-plinius/CL4R1T4S/${PIN}/ANTHROPIC/CLAUDE-FABLE-5.md" \
5753
-o build/fable5/CLAUDE-FABLE-5.md
5854
# Sanity check: file must contain a Fable 5 marker.
5955
grep -q "Fable 5" build/fable5/CLAUDE-FABLE-5.md \

tests/test_scripts.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -293,6 +293,24 @@ def test_ci_workflow_validates_against_pinned_source(self) -> None:
293293
workflow = (ROOT / ".github" / "workflows" / "ci.yml").read_text(encoding="utf-8")
294294
self.assertIn("CLAUDE-FABLE-5.md", workflow)
295295
self.assertIn("elder-plinius/CL4R1T4S", workflow)
296+
fetch_step = re.search(
297+
r" - name: Fetch pinned FABLE-5 source\n(?P<body>.*?)(?:\n - name: |\Z)",
298+
workflow,
299+
re.DOTALL,
300+
)
301+
self.assertIsNotNone(fetch_step, "CI workflow must define the pinned source fetch step")
302+
assert fetch_step is not None # for type checkers
303+
fetch_step_body = fetch_step.group("body")
304+
self.assertIn(
305+
"raw.githubusercontent.com/elder-plinius/CL4R1T4S/${PIN}/ANTHROPIC/CLAUDE-FABLE-5.md",
306+
fetch_step_body,
307+
"CI should fetch the public pinned source directly, matching the release checklist",
308+
)
309+
self.assertNotIn(
310+
"Authorization: Bearer",
311+
fetch_step_body,
312+
"CI source fetch should not rely on a hand-built Authorization header; malformed quoting can hide curl failures",
313+
)
296314
pin_match = re.search(r'PIN="([0-9a-f]{40})"', workflow)
297315
self.assertIsNotNone(pin_match, "CI workflow must define the pinned upstream SHA")
298316
assert pin_match is not None # for type checkers

0 commit comments

Comments
 (0)