mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-05-01 21:30:21 +00:00
f7c6e07867
* feat: security triage now applies full label taxonomy Triage mode now applies: - Safety label (safe-to-work / malicious / needs-human-review) - Content-type label (bug, enhancement, security, question, etc.) - Lifecycle label (Pending Review) so downstream teams can pick up Team-building mode now transitions lifecycle labels: - Adds "In Progress" at start, removes it on close Added a "Available Labels Reference" section to the triage prompt documenting all label categories for the agent. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: all security-filed issues get safe-to-work + Pending Review Issues filed by the security team (scan findings, drift/anomaly reports, follow-up issues from closed PRs) now automatically get `safe-to-work` and `Pending Review` labels so downstream teams can immediately pick them up without waiting for another triage. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: remove Pending Review from safe-to-work issues safe-to-work already means triage is complete — adding Pending Review is redundant and confusing. Now only UNCLEAR issues get Pending Review (they still need human attention). SAFE issues and security-filed issues skip straight to actionable with just safe-to-work. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: normalize all labels to kebab-case Renamed on GitHub: - "In Progress" → "in-progress" - "Pending Review" → "pending-review" - "Under Review" → "under-review" - "good first issue" → "good-first-issue" - "help wanted" → "help-wanted" Updated all references in security.sh and refactor.sh to match. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: align issue templates and workflows with actual repo labels Created missing labels: cloud-request, agent-request, cli. Replaced nonexistent needs-triage with pending-review in all templates. Templates updated: - bug_report: bug + pending-review - cli_feature_request: cli + enhancement + pending-review - cloud_request: cloud-request + enhancement + pending-review - agent_request: agent-request + enhancement + pending-review Workflows updated: - refactor.yml: trigger on safe-to-work AND (bug|cli|enhancement|maintenance) - discovery.yml: already correct (safe-to-work AND cloud-request|agent-request) - security.yml: already correct (team-building label check) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Sprite <noreply@sprites.dev> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
53 lines
1.9 KiB
YAML
53 lines
1.9 KiB
YAML
name: Trigger Refactor
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '*/5 * * * *'
|
|
issues:
|
|
types: [opened, reopened, labeled]
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: refactor-sprite-trigger
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
trigger:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 90
|
|
# Only trigger on issues with safe-to-work AND (bug, cli, enhancement, or maintenance) labels, or schedule/manual
|
|
if: >-
|
|
github.event_name != 'issues' ||
|
|
(contains(github.event.issue.labels.*.name, 'safe-to-work') &&
|
|
(contains(github.event.issue.labels.*.name, 'bug') ||
|
|
contains(github.event.issue.labels.*.name, 'cli') ||
|
|
contains(github.event.issue.labels.*.name, 'enhancement') ||
|
|
contains(github.event.issue.labels.*.name, 'maintenance')))
|
|
steps:
|
|
- name: Trigger and stream refactor cycle
|
|
env:
|
|
SPRITE_URL: ${{ secrets.REFACTOR_SPRITE_URL }}
|
|
TRIGGER_SECRET: ${{ secrets.REFACTOR_TRIGGER_SECRET }}
|
|
run: |
|
|
set +e
|
|
# --fail-with-body: exit 22 on HTTP errors but still print the body
|
|
# -N: no output buffering (stream chunks in real-time)
|
|
# --max-time: hard cap matching the Sprite's cycle timeout + grace
|
|
curl -sSN --http1.1 --fail-with-body --max-time 5400 -X POST \
|
|
"${SPRITE_URL}/trigger?reason=${{ github.event_name }}&issue=${{ github.event.issue.number || '' }}" \
|
|
-H "Authorization: Bearer ${TRIGGER_SECRET}"
|
|
CURL_EXIT=$?
|
|
set -e
|
|
|
|
if [ "$CURL_EXIT" -eq 0 ]; then
|
|
echo ""
|
|
echo "=== Cycle completed ==="
|
|
elif [ "$CURL_EXIT" -eq 22 ]; then
|
|
# HTTP error — body was already printed above (429 = already running, 409 = dedup, etc.)
|
|
echo ""
|
|
echo "=== Trigger returned HTTP error (see output above) ==="
|
|
else
|
|
echo ""
|
|
echo "=== curl failed (exit=$CURL_EXIT) ==="
|
|
exit 1
|
|
fi
|