vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-28 11:59:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
spawn/.github/workflows/security.yml
L 6e13256d96
refactor: simplify claude launch — no streaming, no output monitoring (#1412) 
Replace the complex claude launch pattern (subshell + PID file + tee
pipe + stream-json + 50-line watchdog monitoring log file growth +
session-end detection) with a simple direct launch:

  claude -p "..." >> "${LOG_FILE}" 2>&1 &

The watchdog is now just a wall-clock timeout. The idle-output detection,
stream-json result parsing, and tee piping are all removed.

Also remove GitHub Actions concurrency groups — the trigger server
already handles dedup (409 for same issue, 409 for same reason), making
the GH Actions concurrency groups redundant queuing.

Changes:
- refactor.sh: simple launch + wall-clock-only watchdog
- security.sh: same simplification
- discovery.sh: same (refactored _kill_claude_process and
  _run_watchdog_loop to simpler signatures)
- All 4 workflows: remove concurrency groups

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-17 09:02:47 -08:00

33 lines
1.1 KiB
YAML
Raw Blame History

name: Security Review
on:
issues:
types: [opened, reopened, labeled]
schedule:
- cron: '*/30 * * * *'
workflow_dispatch:
jobs:
review:
runs-on: ubuntu-latest
timeout-minutes: 5
# Only trigger on issues with safe-to-work AND (team-building or security) labels, or schedule/manual
if: >-
github.event_name != 'issues' ||
(contains(github.event.issue.labels.*.name, 'safe-to-work') &&
(contains(github.event.issue.labels.*.name, 'team-building') ||
contains(github.event.issue.labels.*.name, 'security')))
steps:
- name: Trigger security review
env:
SPRITE_URL: ${{ secrets.SECURITY_SPRITE_URL }}
TRIGGER_SECRET: ${{ secrets.SECURITY_TRIGGER_SECRET }}
run: |
if [ -z "$SPRITE_URL" ] || [ -z "$TRIGGER_SECRET" ]; then
echo "Security review secrets not configured — skipping"
exit 0
fi
curl -sS --fail-with-body -X POST \
"${SPRITE_URL}/trigger?reason=${{ github.event_name }}&issue=${{ github.event.issue.number || '' }}" \
-H "Authorization: Bearer ${TRIGGER_SECRET}"
Reference in a new issue View git blame Copy permalink