Skip to content

Sync Best Practices

Sync Best Practices #6

Workflow file for this run

name: Sync & Audit Config
on:
schedule:
- cron: '0 10 * * 1-5' # Weekdays at 10am UTC (midi Paris)
workflow_dispatch: {} # Manual trigger
permissions:
contents: write
pull-requests: write
jobs:
sync-audit:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
- name: Install Claude Code
run: npm install -g @anthropic-ai/claude-code
- name: Setup workspace
run: |
# Symlink checkout to ~/.claude so commands resolve correctly
ln -sfn "$GITHUB_WORKSPACE" "$HOME/.claude"
# Git identity for commits
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Sync best practices
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
claude -p "/sync-cookbook" \
--model claude-haiku-4-5 \
--dangerously-skip-permissions \
--max-turns 30 \
--output-format text \
| tee /tmp/sync-report.txt
# Fail if Claude wasn't authenticated
if grep -qi "not logged in\|please run /login\|authentication" /tmp/sync-report.txt; then
echo "::error::Claude authentication failed. Check ANTHROPIC_API_KEY secret."
exit 1
fi
- name: Run audit and apply fixes
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: |
cd "$HOME/.claude"
claude -p "/audit-config" \
--model claude-sonnet-4-6 \
--dangerously-skip-permissions \
--max-turns 30 \
--output-format text \
| tee /tmp/audit-report.txt
- name: Check for changes
id: changes
run: |
if git diff --quiet && [ -z "$(git ls-files --others --exclude-standard)" ]; then
echo "has_changes=false" >> "$GITHUB_OUTPUT"
else
echo "has_changes=true" >> "$GITHUB_OUTPUT"
{
echo "### Changed files:"
git diff --stat
git ls-files --others --exclude-standard | sed 's/^/ new: /'
} > /tmp/sync-summary.txt
fi
- name: Create PR
if: steps.changes.outputs.has_changes == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
BRANCH="chore/sync-$(date +%Y-%m-%d)"
# Clean up old sync branches and PRs
git fetch origin
for old_branch in $(git branch -r --list 'origin/chore/sync-*' | sed 's|origin/||' | xargs); do
gh pr close "$old_branch" --delete-branch 2>/dev/null || true
git push origin --delete "$old_branch" 2>/dev/null || true
done
git checkout -b "$BRANCH"
git add -A
git commit -m "chore: sync docs and apply audit improvements"
git push -u origin "$BRANCH"
# Build PR body
{
echo "## Changes"
echo ""
cat /tmp/sync-summary.txt
echo ""
echo "---"
echo ""
echo "## Audit Report"
echo ""
if [ -f /tmp/audit-report.txt ]; then
cat /tmp/audit-report.txt | tail -80
else
echo "No audit report generated."
fi
} > /tmp/pr-body.txt
gh pr create \
--title "chore: sync & improve config $(date +%Y-%m-%d)" \
--body-file /tmp/pr-body.txt \
--assignee nicolas-codemate
- name: Summary
if: always()
run: |
{
echo "## Sync & Audit — $(date +%Y-%m-%d)"
echo ""
if [ "${{ steps.changes.outputs.has_changes }}" = "true" ]; then
echo "**Statut** : PR cree avec changements"
echo ""
cat /tmp/sync-summary.txt
else
echo "**Statut** : Aucun changement detecte. Pas de PR."
fi
echo ""
echo "---"
echo ""
echo "### Sync report (derniere 20 lignes)"
echo ""
if [ -f /tmp/sync-report.txt ]; then
echo '```'
tail -20 /tmp/sync-report.txt
echo '```'
else
echo "Sync non execute ou echoue."
fi
} >> "$GITHUB_STEP_SUMMARY"