|
| 1 | +# |
| 2 | +# ___ _ _ |
| 3 | +# / _ \ | | (_) |
| 4 | +# | |_| | __ _ ___ _ __ | |_ _ ___ |
| 5 | +# | _ |/ _` |/ _ \ '_ \| __| |/ __| |
| 6 | +# | | | | (_| | __/ | | | |_| | (__ |
| 7 | +# \_| |_/\__, |\___|_| |_|\__|_|\___| |
| 8 | +# __/ | |
| 9 | +# _ _ |___/ |
| 10 | +# | | | | / _| | |
| 11 | +# | | | | ___ _ __ _ __| |_| | _____ ____ |
| 12 | +# | |/\| |/ _ \ '__| |/ /| _| |/ _ \ \ /\ / / ___| |
| 13 | +# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ |
| 14 | +# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ |
| 15 | +# |
| 16 | +# This file was automatically generated by pkg/workflow/maintenance_workflow.go. DO NOT EDIT. |
| 17 | +# |
| 18 | +# To regenerate this workflow, run: |
| 19 | +# gh aw compile |
| 20 | +# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md |
| 21 | +# |
| 22 | +# Alternative regeneration methods: |
| 23 | +# make recompile |
| 24 | +# |
| 25 | +# Or use the gh-aw CLI directly: |
| 26 | +# ./gh-aw compile --validate --verbose |
| 27 | +# |
| 28 | +# The workflow is generated when any workflow uses the 'expires' field |
| 29 | +# in create-discussions or create-issues safe-outputs configuration. |
| 30 | +# Schedule frequency is automatically determined by the shortest expiration time. |
| 31 | +# |
| 32 | +name: Agentic Maintenance |
| 33 | + |
| 34 | +on: |
| 35 | + schedule: |
| 36 | + - cron: "37 0 * * *" # Daily (based on minimum expires: 7 days) |
| 37 | + workflow_dispatch: |
| 38 | + |
| 39 | +permissions: {} |
| 40 | + |
| 41 | +jobs: |
| 42 | + close-expired-entities: |
| 43 | + runs-on: ubuntu-slim |
| 44 | + permissions: |
| 45 | + discussions: write |
| 46 | + issues: write |
| 47 | + steps: |
| 48 | + - name: Checkout actions folder |
| 49 | + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 |
| 50 | + with: |
| 51 | + sparse-checkout: | |
| 52 | + actions |
| 53 | + persist-credentials: false |
| 54 | + |
| 55 | + - name: Setup Scripts |
| 56 | + uses: ./actions/setup |
| 57 | + with: |
| 58 | + destination: /opt/gh-aw/actions |
| 59 | + |
| 60 | + - name: Close expired discussions |
| 61 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 62 | + with: |
| 63 | + script: | |
| 64 | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); |
| 65 | + setupGlobals(core, github, context, exec, io); |
| 66 | + const { main } = require('/opt/gh-aw/actions/close_expired_discussions.cjs'); |
| 67 | + await main(); |
| 68 | +
|
| 69 | + - name: Close expired issues |
| 70 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 71 | + with: |
| 72 | + script: | |
| 73 | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); |
| 74 | + setupGlobals(core, github, context, exec, io); |
| 75 | + const { main } = require('/opt/gh-aw/actions/close_expired_issues.cjs'); |
| 76 | + await main(); |
| 77 | +
|
| 78 | + compile-workflows: |
| 79 | + runs-on: ubuntu-slim |
| 80 | + permissions: |
| 81 | + contents: read |
| 82 | + issues: write |
| 83 | + steps: |
| 84 | + - name: Checkout repository |
| 85 | + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
| 86 | + with: |
| 87 | + persist-credentials: false |
| 88 | + |
| 89 | + |
| 90 | + - name: Setup Go |
| 91 | + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 |
| 92 | + with: |
| 93 | + go-version-file: go.mod |
| 94 | + cache: true |
| 95 | + |
| 96 | + - name: Build gh-aw |
| 97 | + run: make build |
| 98 | + |
| 99 | + - name: Compile workflows |
| 100 | + run: | |
| 101 | + ./gh-aw compile --validate --verbose |
| 102 | + echo "✓ All workflows compiled successfully" |
| 103 | +
|
| 104 | + - name: Setup Scripts |
| 105 | + uses: ./actions/setup |
| 106 | + with: |
| 107 | + destination: /opt/gh-aw/actions |
| 108 | + |
| 109 | + - name: Check for out-of-sync workflows and create issue if needed |
| 110 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 111 | + with: |
| 112 | + script: | |
| 113 | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); |
| 114 | + setupGlobals(core, github, context, exec, io); |
| 115 | + const { main } = require('/opt/gh-aw/actions/check_workflow_recompile_needed.cjs'); |
| 116 | + await main(); |
| 117 | +
|
| 118 | + zizmor-scan: |
| 119 | + runs-on: ubuntu-slim |
| 120 | + needs: compile-workflows |
| 121 | + permissions: |
| 122 | + contents: read |
| 123 | + steps: |
| 124 | + - name: Checkout repository |
| 125 | + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
| 126 | + |
| 127 | + - name: Setup Go |
| 128 | + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 |
| 129 | + with: |
| 130 | + go-version-file: go.mod |
| 131 | + cache: true |
| 132 | + |
| 133 | + - name: Build gh-aw |
| 134 | + run: make build |
| 135 | + |
| 136 | + - name: Run zizmor security scanner |
| 137 | + run: | |
| 138 | + ./gh-aw compile --zizmor --verbose |
| 139 | + echo "✓ Zizmor security scan completed" |
| 140 | +
|
| 141 | + secret-validation: |
| 142 | + runs-on: ubuntu-slim |
| 143 | + permissions: |
| 144 | + contents: read |
| 145 | + steps: |
| 146 | + - name: Checkout actions folder |
| 147 | + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 |
| 148 | + with: |
| 149 | + sparse-checkout: | |
| 150 | + actions |
| 151 | + persist-credentials: false |
| 152 | + |
| 153 | + - name: Setup Node.js |
| 154 | + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 |
| 155 | + with: |
| 156 | + node-version: '22' |
| 157 | + |
| 158 | + - name: Setup Scripts |
| 159 | + uses: ./actions/setup |
| 160 | + with: |
| 161 | + destination: /opt/gh-aw/actions |
| 162 | + |
| 163 | + - name: Validate Secrets |
| 164 | + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
| 165 | + env: |
| 166 | + # GitHub tokens |
| 167 | + GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} |
| 168 | + GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} |
| 169 | + GH_AW_PROJECT_GITHUB_TOKEN: ${{ secrets.GH_AW_PROJECT_GITHUB_TOKEN }} |
| 170 | + GH_AW_COPILOT_TOKEN: ${{ secrets.GH_AW_COPILOT_TOKEN }} |
| 171 | + # AI Engine API keys |
| 172 | + ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} |
| 173 | + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} |
| 174 | + BRAVE_API_KEY: ${{ secrets.BRAVE_API_KEY }} |
| 175 | + # Integration tokens |
| 176 | + NOTION_API_TOKEN: ${{ secrets.NOTION_API_TOKEN }} |
| 177 | + with: |
| 178 | + script: | |
| 179 | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); |
| 180 | + setupGlobals(core, github, context, exec, io); |
| 181 | + const { main } = require('/opt/gh-aw/actions/validate_secrets.cjs'); |
| 182 | + await main(); |
| 183 | +
|
| 184 | + - name: Upload secret validation report |
| 185 | + if: always() |
| 186 | + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 |
| 187 | + with: |
| 188 | + name: secret-validation-report |
| 189 | + path: secret-validation-report.md |
| 190 | + retention-days: 30 |
| 191 | + if-no-files-found: warn |
0 commit comments