-
Notifications
You must be signed in to change notification settings - Fork 329
Enforce gh aw compile + lock-file regeneration for agentic workflows
#4298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
priyankatiwari08
wants to merge
2
commits into
main
Choose a base branch
from
dev/prtiwar/enforce-gh-aw-compile
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+81
−0
Open
Changes from 1 commit
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| --- | ||
| applyTo: ".github/workflows/**/*.md" | ||
| description: Rules for editing gh-aw agentic workflow Markdown files. | ||
| --- | ||
|
|
||
| # Agentic Workflow Edit Rules (`gh aw`) | ||
|
|
||
| This repository authors GitHub Actions agentic workflows in Markdown using | ||
| [`gh aw`](https://github.com/githubnext/gh-aw). Each workflow `.md` file under | ||
| `.github/workflows/` compiles to a sibling `.lock.yml`, and **only the | ||
| `.lock.yml` is executed by GitHub Actions at runtime.** | ||
|
|
||
| ## Mandatory rule | ||
|
|
||
| Whenever you create, edit, rename, or delete a file matching | ||
| `.github/workflows/**/*.md`, you **MUST**, in the **same commit / PR**: | ||
|
|
||
| 1. Run `gh aw compile` from the repository root. | ||
| 2. Stage and commit the regenerated sibling `<name>.lock.yml`. | ||
| 3. If you deleted a workflow `.md`, also delete its `.lock.yml`. | ||
|
|
||
| If the `.lock.yml` is stale or missing, the workflow fails at runtime | ||
| (see PR #4279 for the exact failure mode). The | ||
| `Verify gh aw lock files` CI check will block the PR in that case. | ||
|
|
||
| ## How to verify locally | ||
|
|
||
| ```bash | ||
| gh aw compile | ||
| git status # both the .md and .lock.yml should appear | ||
| gh aw compile # second run must be a no-op (clean diff) | ||
| ``` | ||
|
|
||
| ## Code-review checklist | ||
|
|
||
| When reviewing a PR that touches `.github/workflows/**/*.md`: | ||
|
|
||
| - [ ] A matching `.lock.yml` is updated in the same PR. | ||
| - [ ] `gh aw compile` produces no further diff on top of the PR. | ||
| - [ ] If new tools, network endpoints, or permissions are added in the `.md`, | ||
| they are present in the regenerated `.lock.yml`. | ||
|
|
||
| ## Out of scope | ||
|
|
||
| - Do **not** hand-edit `.lock.yml` files. They are generated; edit the `.md` | ||
| source and recompile. | ||
| - For deeper authoring guidance (creating, debugging, upgrading workflows), | ||
| invoke the `agentic-workflows` agent at | ||
| `.github/agents/agentic-workflows.agent.md`. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| name: Verify gh aw lock files | ||
|
|
||
| on: | ||
| pull_request: | ||
| paths: | ||
| - '.github/workflows/**/*.md' | ||
| - '.github/workflows/**/*.lock.yml' | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| verify: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Install gh-aw extension | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: gh extension install githubnext/gh-aw | ||
|
|
||
| - name: Recompile agentic workflows | ||
| run: gh aw compile | ||
|
|
||
| - name: Fail if any .lock.yml is stale | ||
| run: | | ||
| if ! git diff --exit-code -- '.github/workflows/**/*.lock.yml'; then | ||
| echo "::error::A .github/workflows/**/*.md file changed but its .lock.yml is stale." | ||
| echo "::error::Run 'gh aw compile' locally and commit the regenerated .lock.yml in this PR." | ||
|
cheenamalhotra marked this conversation as resolved.
Outdated
|
||
| exit 1 | ||
| fi | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.