Skip to content

Commit aca1652

Browse files
authored
Merge branch 'main' into feat/keep-sandbox
2 parents 4138c8e + 027de9f commit aca1652

127 files changed

Lines changed: 5549 additions & 1193 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/pat-cleanup.yml

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
# Delete expired classic PATs from the e2e test account (botsend).
2+
# Each e2e run creates a PAT and tries to clean it up, but crashed or
3+
# timed-out runs leave orphaned tokens that accumulate over time.
4+
5+
name: Clean up expired PATs
6+
7+
on:
8+
schedule:
9+
- cron: "0 4 * * 0" # Weekly on Sundays at 4am UTC
10+
workflow_dispatch:
11+
12+
concurrency:
13+
group: pat-cleanup
14+
cancel-in-progress: false
15+
16+
permissions:
17+
contents: read
18+
19+
jobs:
20+
cleanup:
21+
runs-on: ubuntu-latest
22+
timeout-minutes: 30
23+
steps:
24+
- uses: actions/checkout@v4
25+
26+
- uses: actions/setup-go@v5
27+
with:
28+
go-version-file: go.mod
29+
30+
- name: Install Playwright browser and system dependencies
31+
run: |
32+
go run github.com/playwright-community/playwright-go/cmd/playwright install chromium
33+
npx playwright install-deps chromium
34+
35+
- name: Decode session
36+
run: |
37+
SESSION_FILE="${RUNNER_TEMP}/github-session.json"
38+
printf '%s' "$E2E_GITHUB_SESSION_B64" | base64 -d > "$SESSION_FILE"
39+
chmod 600 "$SESSION_FILE"
40+
echo "E2E_GITHUB_SESSION_FILE=${SESSION_FILE}" >> "$GITHUB_ENV"
41+
env:
42+
E2E_GITHUB_SESSION_B64: ${{ secrets.E2E_GITHUB_SESSION }}
43+
44+
- name: Delete expired PATs
45+
run: go run hack/cleanup-pats.go

.github/workflows/reusable-code.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,7 @@ jobs:
123123
ISSUE_NUMBER: ${{ fromJSON(inputs.event_payload).issue.number }}
124124
REPO_FULL_NAME: ${{ inputs.source_repo }}
125125
GITHUB_ISSUE_URL: ${{ fromJSON(inputs.event_payload).issue.html_url }}
126+
COMMENT_BODY: ${{ fromJSON(inputs.event_payload).comment.body }}
126127
run: bash scripts/pre-code.sh
127128

128129
- name: Setup GCP and prepare credentials

.github/workflows/reusable-dispatch.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -164,7 +164,9 @@ jobs:
164164
;;
165165
166166
issues)
167-
if [[ "${EVENT_ACTION}" == "labeled" ]]; then
167+
if [[ "${EVENT_ACTION}" == "opened" || "${EVENT_ACTION}" == "edited" ]]; then
168+
STAGE="triage"
169+
elif [[ "${EVENT_ACTION}" == "labeled" ]]; then
168170
if [[ "${TRIGGERING_LABEL}" == "ready-to-code" ]]; then
169171
STAGE="code"
170172
elif [[ "${TRIGGERING_LABEL}" == "ready-for-review" ]]; then

.github/workflows/reusable-fix.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -247,8 +247,8 @@ jobs:
247247
run: |
248248
if [[ "${TRIGGER_SOURCE}" =~ \[bot\]$ ]]; then
249249
PR_INFO=$(gh pr view "${PR_NUM}" --repo "${SOURCE_REPO}" \
250-
--json labels,author --jq '{labels: [.labels[].name], author: .author.login}' 2>/dev/null \
251-
|| echo '{"labels":[],"author":""}')
250+
--json labels,author --jq '{labels: [.labels[].name], author: .author.login}') \
251+
|| { echo "::error::Failed to fetch PR info for #${PR_NUM}"; exit 1; }
252252
253253
HAS_NO_FIX=$(echo "${PR_INFO}" | jq -r '.labels | any(. == "fullsend-no-fix")')
254254
if [[ "${HAS_NO_FIX}" == "true" ]]; then

.pre-commit-config.yaml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ repos:
99
- id: end-of-file-fixer
1010
- id: trailing-whitespace
1111
- id: detect-private-key
12-
exclude: "internal/layers/secrets_test\\.go$|internal/security/scanner_test\\.go$|internal/dispatch/gcf/provisioner_test\\.go$|tests/.*test_.*\\.py$"
12+
exclude: "internal/layers/secrets_test\\.go$|internal/security/scanner_test\\.go$|internal/dispatch/gcf/provisioner_test\\.go$|internal/cli/mint_test\\.go$|tests/.*test_.*\\.py$"
1313
- id: check-added-large-files
1414
args: ["--maxkb=1000"]
1515
- id: check-merge-conflict
@@ -51,6 +51,12 @@ repos:
5151
hooks:
5252
- id: gitleaks
5353

54+
- repo: https://github.com/shellcheck-py/shellcheck-py
55+
rev: v0.10.0.1
56+
hooks:
57+
- id: shellcheck
58+
args: ["-x", "-e", "SC1091,SC2001,SC2016"]
59+
5460
- repo: https://github.com/rhysd/actionlint
5561
rev: v1.7.11
5662
hooks:

AGENTS.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,3 +25,13 @@ All git forge operations (GitHub API calls, PR comments, issue creation, workflo
2525
**When writing code:** If you need a forge operation that `forge.Client` does not yet support, add a new method to the interface and implement it in the GitHub client — do not work around the interface.
2626

2727
**When reviewing PRs:** Flag any direct `exec.Command("gh", ...)`, raw GitHub API calls, or other forge-specific operations outside `internal/forge/github/` as a medium-severity or higher finding. This is an architectural violation, not a style preference.
28+
29+
## Architecture Decision Records (ADRs)
30+
31+
These rules apply whenever you touch `docs/ADRs/` or review a PR that does. Full authoring guidance is in [`skills/writing-adrs/SKILL.md`](skills/writing-adrs/SKILL.md); invoke that skill when writing a new ADR.
32+
33+
**Immutability:** Once an ADR on `main` has status **Accepted**, its Context, Decision, and Consequences sections are frozen. Do not add post-decision notes, rewrite rationale, or edit consequences in place. When circumstances change, write a **new** ADR that supersedes the old one. The only acceptable edits to an Accepted ADR on `main` are status changes (e.g., to Deprecated or Superseded) and links to the superseding ADR. Typos and broken links are narrow exceptions — call them out in the PR description.
34+
35+
**New ADRs in pull requests:** Approval happens at **merge**, not when the branch is created. If the decision is made, set status to **Accepted** in the ADR you are proposing (not **Proposed** merely because the PR is open). Use **Proposed** or **Undecided** only when the decision itself is still unsettled. When status is Accepted, update `docs/architecture.md` and related problem docs in the same PR per the writing-adrs skill.
36+
37+
**When reviewing PRs:** Flag in-place edits to Context, Decision, or Consequences on Accepted ADRs already on `main` as a policy violation. Allow status-only updates and supersession links. For brand-new ADR files on the PR branch, evaluate whether the recorded decision matches the diff — do not treat **Accepted** on a new file as a mistake if the ADR is ready for human review at merge.

Makefile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ help:
2525
@echo " go-vet - Run go vet"
2626
@echo " go-tidy - Run go mod tidy"
2727
@echo " lint-md-links - Check markdown files for broken in-repo links and anchors"
28-
@echo " script-test - Run shell script tests (post-triage, post-code, post-review, reconcile-repos, validate-output-schema)"
28+
@echo " script-test - Run shell script tests (post-triage, post-code, post-review, pre-fetch-prior-review, reconcile-repos, validate-output-schema)"
2929
@echo " test - Run all checks: lint-all, go-test, script-test"
3030
@echo " e2e-test - Run admin e2e tests (requires E2E_GITHUB_SESSION_FILE or E2E_GITHUB_USERNAME + E2E_GITHUB_PASSWORD)"
3131
@echo " e2e-export-session - Login to GitHub and export a Playwright session file"
@@ -113,6 +113,7 @@ script-test:
113113
bash internal/scaffold/fullsend-repo/scripts/reconcile-repos-test.sh
114114
bash internal/scaffold/fullsend-repo/scripts/validate-output-schema-test.sh
115115
bash internal/scaffold/fullsend-repo/scripts/pre-code-test.sh
116+
bash internal/scaffold/fullsend-repo/scripts/pre-fetch-prior-review-test.sh
116117
python3 internal/scaffold/fullsend-repo/scripts/process-fix-result-test.py
117118
python3 skills/topissues/scripts/topissues_test.py
118119

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ If you're applying fullsend to your own organization, consider adding your speci
6767
| A question, bug, or small suggestion | **File an issue** — lowest friction, can graduate later. |
6868
| A new problem area no existing doc covers | **Create a problem doc** in `docs/problems/` and link it here. |
6969
| More to say about an existing problem area | **Expand the existing problem doc.** |
70-
| A specific decision that needs a yes-or-no answer | **Propose an ADR** in `docs/ADRs/` — even with only one option, file it as `Undecided` ([see ADR 0001](docs/ADRs/0001-use-adrs-for-decision-making.md)). |
70+
| A specific decision that needs a yes-or-no answer | **Propose an ADR** in `docs/ADRs/` via a pull request ([see ADR 0001](docs/ADRs/0001-use-adrs-for-decision-making.md)). |
7171

7272
When in doubt, start with an issue.
7373

docs/ADRs/0000-adr-template.md

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
title: "NUMBER. TITLE"
3-
status: Proposed # Valid values: Proposed, Undecided, Accepted, Deprecated, Superseded
3+
status: Accepted # Valid values: Accepted, Deprecated, Superseded
44
relates_to:
55
- problem-doc-name # filename without .md from docs/problems/
66
topics:
@@ -13,7 +13,7 @@ Date: YYYY-MM-DD
1313

1414
## Status
1515

16-
{Proposed | Undecided | Accepted | Deprecated | Superseded}
16+
{Accepted | Deprecated | Superseded}
1717

1818
<!-- Once this ADR is Accepted, its content is frozen. Do not edit the Context,
1919
Decision, or Consequences sections. If circumstances change, write a new
@@ -27,18 +27,13 @@ What is the issue that we're seeing that motivates this decision or change?
2727
## Options
2828

2929
_Optional. Include only when there are genuine alternatives worth documenting.
30-
For Undecided ADRs, describe the options under consideration without choosing
31-
one yet. For Proposed or Accepted ADRs, include only if the rejected
32-
alternatives add useful context. If the decision is obvious, skip this
33-
section._
30+
For Accepted ADRs, include only if the rejected alternatives add useful
31+
context. If the decision is obvious, skip this section._
3432

3533
## Decision
3634

37-
_Leave blank for Undecided ADRs._ What is the change that we're proposing
38-
and/or doing?
35+
What is the change that we're proposing and/or doing?
3936

4037
## Consequences
4138

4239
What becomes easier or more difficult to do because of this change?
43-
For Undecided ADRs, describe consequences that apply regardless of which option
44-
is chosen, or leave blank.

docs/ADRs/0001-use-adrs-for-decision-making.md

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -41,21 +41,10 @@ ADRs live in `docs/ADRs/` and follow the naming convention
4141

4242
Each ADR has a Status field. Valid statuses are:
4343

44-
- **Proposed** -- A decision has been drafted but not yet discussed or agreed
45-
upon.
46-
- **Undecided** -- The problem is identified, options are described, but no
47-
decision has been made yet. These ADRs can be merged and iterated on. They
48-
must include an Options section describing the alternatives under
49-
consideration.
5044
- **Accepted** -- The decision has been made.
5145
- **Deprecated** -- The decision is no longer relevant.
5246
- **Superseded** -- The decision has been replaced by a later ADR.
5347

54-
The Undecided status is a deliberate part of our workflow. It lets us merge ADRs
55-
that frame a decision and its options, so the community can discuss and refine
56-
the options over time without pressure to decide prematurely. When consensus
57-
forms, the ADR is updated to Accepted with a Decision section filled in.
58-
5948
Each ADR includes YAML frontmatter with structured metadata:
6049

6150
- **title** -- The ADR title (required).
@@ -77,8 +66,7 @@ runs in CI to validate statuses, number uniqueness, and frontmatter correctness
7766

7867
- Problem documents in `docs/problems/` remain the place for open-ended
7968
exploration. ADRs are for when a specific decision point has been identified.
80-
- Contributors can propose ADRs in the Undecided state to start structured
81-
discussion around a specific choice.
69+
- Contributors propose ADRs via pull requests for discussion before merging.
8270
- The linting ensures ADRs follow the expected format, catching mistakes early.
8371
- We inherit a proven format from the broader konflux-ci organization, making it
8472
familiar to contributors who work across repos.

0 commit comments

Comments
 (0)