ci: make CI fork-friendly when DEPLOY_KEY secret is absent#196
Merged
Conversation
The fork's CI has never run (`gh api repos/quangdang46/jcode/actions/runs`
returns total_count=0 for both pull_request and push events) because
upstream's workflows assume a `DEPLOY_KEY` SSH secret that the fork
does not have.
Two changes:
1. Gate every `webfactory/ssh-agent@v0.9.0` step on
`if: ${{ secrets.DEPLOY_KEY != '' }}` so the SSH agent setup is
simply skipped when the secret is absent. This is safe here because
none of this fork's Cargo git dependencies use SSH URLs:
- `agentgrep` -> https://github.com/1jehuang/agentgrep.git
- `mermaid-rs-renderer` -> https://github.com/1jehuang/mermaid-rs-renderer.git
So the `actions/checkout@v4` step's empty `ssh-key` falls back to
the GITHUB_TOKEN HTTPS path automatically. Applies to 5 jobs in
ci.yml + 1 step in release.yml.
2. Add `workflow_dispatch:` to ci.yml so maintainers can trigger CI
manually from the Actions tab while debugging without having to
force-push a no-op commit.
Note for the fork owner: GitHub disables Actions on a freshly-forked
repo until you visit the Actions tab once and click 'I understand my
workflows, go ahead and enable them'. After this PR is merged AND the
fork's Actions are enabled, future PRs will automatically run CI.
Refs the absence of CI runs blocking PRs #174-#195.
This was referenced May 23, 2026
quangdang46
pushed a commit
that referenced
this pull request
Jun 1, 2026
…le (#196) #261: Mistral strictly enforces the OpenAI schema and 422s on the non-standard reasoning_content message field and top-level thinking request field. Add strict_openai_schema_endpoint() (matches the mistral profile id or *.mistral.ai api_base) and suppress both reasoning_content injection and the thinking field for those endpoints. #196: Replace the hardcoded 180s SSE_CHUNK_TIMEOUT with a configurable [provider] stream_idle_timeout_secs (default 180), overridable via JCODE_STREAM_IDLE_TIMEOUT_SECS, so slow reasoning models that think silently for minutes don't trip a premature timeout.
quangdang46
pushed a commit
that referenced
this pull request
Jun 1, 2026
Minor bump from 0.17.2. Notable changes since the last release: Features - websearch: SearXNG JSON engine as an escape hatch when DuckDuckGo/Bing are blocked by TLS fingerprinting / IP reputation (#270). - mcp: advertise cached tool schemas at spawn with connect-on-first-call, so MCP tools are usable from the first turn with no prompt-cache miss in the warm case (#206 Phase 2); late-registration refresh is now one-shot and surfaced in the UI/logs. - relay: opt-in headed launch listener. Fixes - mcp: surface MCP tools that register after the tool snapshot locks (#206). - ambient: accept string-encoded numbers/bools in tool inputs (#106); stop hallucinated tool names and recover from unknown tools (#104). - websearch: detect anti-bot/captcha pages and surface a clear error. - provider: Mistral 422 (#261), configurable SSE idle timeout (#196), treat HTTP 402 as non-retryable, OpenRouter provider stickiness. - server: graceful `server reload`/`server stop`, stale-socket reaping, directional newer-binary check (#291). - tui: prevent phantom chat scroll offset; preserve input when cycling model favorites. - swarm: inherit coordinator model by default; auto-submit headed-spawn startup prompt.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The fork's CI has never run (
gh api repos/quangdang46/jcode/actions/runsreturnstotal_count=0for bothpull_requestandpushevents) because upstream's workflows assume aDEPLOY_KEYSSH secret that the fork does not have. This is why none of PRs #174-#195 show CI status.Changes
Gate every
webfactory/ssh-agent@v0.9.0step onif: ${{ secrets.DEPLOY_KEY != '' }}so the SSH agent setup is simply skipped when the secret is absent. Safe here because no Cargo git dependency in this fork uses SSH URLs:agentgrep→https://github.com/1jehuang/agentgrep.gitmermaid-rs-renderer→https://github.com/1jehuang/mermaid-rs-renderer.gitThe
actions/checkout@v4step's emptyssh-keyfalls back to the GITHUB_TOKEN HTTPS path automatically.Applies to 5 jobs in
.github/workflows/ci.yml+ 1 step in.github/workflows/release.yml.Add
workflow_dispatch:to ci.yml so maintainers can trigger CI manually from the Actions tab while debugging without having to force-push a no-op commit.One-time fork owner step (cannot be done via PR)
GitHub disables Actions on a freshly-forked repo until you visit the Actions tab once and click "I understand my workflows, go ahead and enable them":
After this PR is merged AND the fork's Actions are enabled, future PRs will automatically run CI. To verify after enable, you can manually trigger the new
workflow_dispatch:Tests
Both YAML files parse cleanly. The 5
if:insertions are syntactically minimal — they only add a single line per ssh-agent step.Notes
If you want CI to also exercise the SSH-deploy-key path (e.g. to validate it for an eventual private-dep setup), add a
DEPLOY_KEYrepo secret via:Without the secret, the gated steps are simply skipped — they do NOT fail the workflow.