Weekly Repo Review #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Weekly Repo Review | |
| on: | |
| schedule: | |
| # Every Monday at 09:00 UTC | |
| - cron: '0 9 * * 1' | |
| workflow_dispatch: {} | |
| jobs: | |
| weekly-review: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| issues: write | |
| steps: | |
| - name: Create and assign review issue to Copilot | |
| env: | |
| GH_TOKEN: ${{ secrets.COPILOT_PAT }} | |
| REPO: ${{ github.repository }} | |
| BASE_BRANCH: ${{ github.event.repository.default_branch }} | |
| ISSUE_BODY: | | |
| @copilot Review commits and PRs merged or opened in the last 7 days and open issues in stanfish06/my-configs. For each change, check for: | |
| 1. Information leaks — secrets, API keys, tokens, personal emails/paths, private hostnames, or anything that shouldn't be public. | |
| 2. Compatibility breaks — config syntax that may be obsolete, deprecated flags, broken references between files, or changes that could break dotfile/script consumers. | |
| 3. Improvement opportunities — new features, config options, or fixes worth adopting based on upstream tool updates. | |
| For each finding, open a GitHub issue (try to send a PR with the fix if low-risk and you are confident about the patch). Never commit directly to master — always open a PR. Group related findings into a single issue/PR when sensible. If nothing actionable is found, do nothing. | |
| If PRs fix issues, auto-close the issues. | |
| Files to ignore: | |
| 1. .emacs (all emacs configs in the repo can be ignored as they are actively maintained) | |
| run: | | |
| if [ -z "${GH_TOKEN:-}" ]; then | |
| echo "::error::Missing COPILOT_PAT secret. Add a user token that can assign Copilot in ${REPO}." | |
| exit 1 | |
| fi | |
| WEEK=$(date -u '+%Y-W%V') | |
| if [ -z "${BASE_BRANCH:-}" ]; then | |
| BASE_BRANCH=master | |
| fi | |
| jq -nc \ | |
| --arg title "Weekly repo review – ${WEEK}" \ | |
| --arg body "$ISSUE_BODY" \ | |
| '{ | |
| title: $title, | |
| body: $body | |
| }' > issue-create.json | |
| CREATE_STATUS=$(curl -sS \ | |
| -o issue-create-response.json \ | |
| -w "%{http_code}" \ | |
| -X POST \ | |
| -H "Authorization: Bearer ${GH_TOKEN}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "https://api.github.com/repos/${REPO}/issues" \ | |
| --data @issue-create.json) | |
| if [ "${CREATE_STATUS}" -lt 200 ] || [ "${CREATE_STATUS}" -ge 300 ]; then | |
| echo "::error::Issue creation failed with HTTP ${CREATE_STATUS}." | |
| cat issue-create-response.json | |
| exit 1 | |
| fi | |
| ISSUE_NUMBER=$(jq -r '.number // empty' issue-create-response.json) | |
| ISSUE_URL=$(jq -r '.html_url // empty' issue-create-response.json) | |
| if [ -z "${ISSUE_NUMBER}" ]; then | |
| echo "::error::Issue creation succeeded but the response did not include an issue number." | |
| cat issue-create-response.json | |
| exit 1 | |
| fi | |
| jq -nc \ | |
| --arg repo "$REPO" \ | |
| --arg base_branch "$BASE_BRANCH" \ | |
| '{ | |
| assignees: ["copilot-swe-agent[bot]"], | |
| agent_assignment: { | |
| target_repo: $repo, | |
| base_branch: $base_branch, | |
| custom_instructions: "", | |
| custom_agent: "", | |
| model: "" | |
| } | |
| }' > issue-assign.json | |
| ASSIGN_STATUS=$(curl -sS \ | |
| -o issue-assign-response.json \ | |
| -w "%{http_code}" \ | |
| -X POST \ | |
| -H "Authorization: Bearer ${GH_TOKEN}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "https://api.github.com/repos/${REPO}/issues/${ISSUE_NUMBER}/assignees" \ | |
| --data @issue-assign.json) | |
| if [ "${ASSIGN_STATUS}" -lt 200 ] || [ "${ASSIGN_STATUS}" -ge 300 ]; then | |
| echo "::error::Issue was created (${ISSUE_URL}), but Copilot assignment failed with HTTP ${ASSIGN_STATUS}." | |
| cat issue-assign-response.json | |
| exit 1 | |
| fi | |
| echo "${ISSUE_URL}" |