Refine agent governance global dependency downgrade #51
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Agent Governance | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, edited, ready_for_review] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| issues: write | |
| jobs: | |
| governance: | |
| name: Governance checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Run ABACUS governance checker | |
| id: governance | |
| run: | | |
| set +e | |
| base_sha="${{ github.event.pull_request.base.sha }}" | |
| head_sha="${{ github.event.pull_request.head.sha }}" | |
| merge_base="$(git merge-base "$base_sha" "$head_sha")" | |
| merge_base_status=$? | |
| if [ "$merge_base_status" -ne 0 ]; then | |
| { | |
| echo "## Agent Governance Check" | |
| echo | |
| echo "Failed to compute the pull request merge base." | |
| } > agent_governance_summary.md | |
| exit "$merge_base_status" | |
| fi | |
| python3 tools/03_code_analysis/agent_governance_check.py \ | |
| --base "$merge_base" \ | |
| --head "$head_sha" \ | |
| --event-path "$GITHUB_EVENT_PATH" \ | |
| --format markdown | tee agent_governance_summary.md | |
| status=${PIPESTATUS[0]} | |
| if [ ! -s agent_governance_summary.md ]; then | |
| { | |
| echo "## Agent Governance Check" | |
| echo | |
| echo "Checker failed before producing a summary." | |
| } > agent_governance_summary.md | |
| fi | |
| exit "$status" | |
| - name: Publish governance summary | |
| if: always() | |
| run: | | |
| cat agent_governance_summary.md >> "$GITHUB_STEP_SUMMARY" | |
| - name: Comment governance warnings | |
| if: >- | |
| always() && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| run: | | |
| if ! grep -qi '^| warning |' agent_governance_summary.md; then | |
| exit 0 | |
| fi | |
| marker='<!-- agent-governance-warning -->' | |
| body_file="$(mktemp)" | |
| json_file="$(mktemp)" | |
| { | |
| echo "$marker" | |
| echo | |
| cat agent_governance_summary.md | |
| } > "$body_file" | |
| jq -Rs '{body: .}' < "$body_file" > "$json_file" | |
| existing_comment_id="$(gh api --paginate \ | |
| "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" \ | |
| --jq ".[] | select(.body | contains(\"${marker}\")) | .id" \ | |
| | head -n 1)" | |
| if [ -n "$existing_comment_id" ]; then | |
| gh api --method PATCH \ | |
| "repos/${GITHUB_REPOSITORY}/issues/comments/${existing_comment_id}" \ | |
| --input "$json_file" | |
| else | |
| gh api --method POST \ | |
| "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" \ | |
| --input "$json_file" | |
| fi |