-
Notifications
You must be signed in to change notification settings - Fork 0
107 lines (98 loc) · 3.99 KB
/
implementor.yml
File metadata and controls
107 lines (98 loc) · 3.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: Implementor
on:
schedule:
- cron: '29 * * * *'
workflow_dispatch:
inputs:
lookback_hours:
description: Lookback window in hours for recently updated issues
required: false
default: '72'
max_issues:
description: Maximum number of issues to implement in a single run
required: false
default: '5'
lease_ttl_minutes:
description: How long an implementor lease stays active before another run may retry
required: false
default: '120'
agent_id:
description: Agent identity to write into metadata
required: false
default: implementor
command:
description: Optional shell command for the external implementor backend; falls back to the built-in Codex wrapper or vars.IMPLEMENTOR_COMMAND
required: false
default: ''
concurrency:
group: implementor
cancel-in-progress: false
jobs:
implementor:
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Setup Codex auth
id: setup-auth
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
CODEX_AUTH_JSON: ${{ secrets.CODEX_AUTH_JSON }}
run: |
if [ -n "$OPENAI_API_KEY" ]; then
echo "Using OPENAI_API_KEY."
elif [ -n "$CODEX_AUTH_JSON" ]; then
(umask 077 && mkdir -p ~/.codex && printf '%s\n' "$CODEX_AUTH_JSON" > ~/.codex/auth.json)
AUTH_HASH=$(sha256sum ~/.codex/auth.json | cut -d' ' -f1)
echo "auth_hash=$AUTH_HASH" >> "$GITHUB_OUTPUT"
echo "Using Codex OAuth auth."
else
echo "Warning: neither OPENAI_API_KEY nor CODEX_AUTH_JSON is configured. Codex auth will not be available; ensure IMPLEMENTOR_COMMAND does not require it."
fi
- name: Run implementor handoff
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
MCP4_AGENT_ARTIFACT_SIGNING_KEY: ${{ secrets.MCP4_AGENT_ARTIFACT_SIGNING_KEY }}
MCP4_AGENT_ARTIFACT_KEY_ID: ${{ vars.MCP4_AGENT_ARTIFACT_KEY_ID }}
MCP4_AGENT_ARTIFACT_ALLOW_UNSIGNED: ${{ vars.MCP4_AGENT_ARTIFACT_ALLOW_UNSIGNED }}
IMPLEMENTOR_LOOKBACK_HOURS: ${{ github.event.inputs.lookback_hours || '72' }}
IMPLEMENTOR_MAX_ISSUES: ${{ github.event.inputs.max_issues || '5' }}
IMPLEMENTOR_LEASE_TTL_MINUTES: ${{ github.event.inputs.lease_ttl_minutes || '120' }}
IMPLEMENTOR_AGENT_ID: ${{ github.event.inputs.agent_id || 'implementor' }}
IMPLEMENTOR_COMMAND: ${{ github.event.inputs.command || vars.IMPLEMENTOR_COMMAND || 'node dist/scripts/run-implementor-codex.js' }}
IMPLEMENTOR_FALLBACK_COMMAND: ${{ vars.IMPLEMENTOR_FALLBACK_COMMAND }}
run: npm run agent:implementor
- name: Persist Codex OAuth token if refreshed
if: always() && steps.setup-auth.outputs.auth_hash != ''
env:
GH_TOKEN: ${{ secrets.GH_PAT_FOR_SECRETS }}
ORIGINAL_HASH: ${{ steps.setup-auth.outputs.auth_hash }}
run: |
if [ -z "$GH_TOKEN" ]; then
echo "GH_PAT_FOR_SECRETS not configured, skipping token persistence."
exit 0
fi
if [ ! -f ~/.codex/auth.json ]; then
echo "auth.json missing after run, skipping."
exit 0
fi
NEW_HASH=$(sha256sum ~/.codex/auth.json | cut -d' ' -f1)
if [ "$NEW_HASH" != "$ORIGINAL_HASH" ]; then
gh secret set CODEX_AUTH_JSON --repo "$GITHUB_REPOSITORY" < ~/.codex/auth.json
echo "Token refreshed and persisted."
else
echo "Token unchanged, skipping."
fi