Skip to content
.github/workflows/trigger-fix-agent.yml

ci: harden agentic workflows and enforce zizmor alerts on PRs #3

Sign in to view logs

ci: harden agentic workflows and enforce zizmor alerts on PRs

ci: harden agentic workflows and enforce zizmor alerts on PRs #3

Workflow file for this run

.github/workflows/trigger-fix-agent.yml at 1042f19
name: Trigger Fix Agent
on:
issues:
types: [labeled]
workflow_dispatch:
inputs:
issue_number:
description: 'Issue number to fix'
required: true
type: number
jobs:
fix:
if: github.event.label.name == 'agent-fix' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
pull-requests: write
env:
DRY_RUN: true
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set Issue Number
id: issue
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
echo "number=${{ github.event.inputs.issue_number }}" >> $GITHUB_OUTPUT
else
echo "number=${{ github.event.issue.number }}" >> $GITHUB_OUTPUT
fi
- name: Get Issue Details
id: issue_details
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
ISSUE_DATA=$(gh issue view ${{ steps.issue.outputs.number }} --json title,body,labels)
echo "title=$(echo "$ISSUE_DATA" | jq -r '.title')" >> $GITHUB_OUTPUT
echo "body=$(echo "$ISSUE_DATA" | jq -r '.body')" >> $GITHUB_OUTPUT
- name: Add Starting Comment
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ "$DRY_RUN" = "true" ]; then
echo "[DRY-RUN] Would add 'Agent Fix Started' comment to issue #${{ steps.issue.outputs.number }}"
exit 0
fi
gh issue comment ${{ steps.issue.outputs.number }} --body "🤖 **Agent Fix Started**
I'm working on this issue. Will update with progress.

Check failure on line 58 in .github/workflows/trigger-fix-agent.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/trigger-fix-agent.yml

Invalid workflow file 

You have an error in your yaml syntax on line 58
- [ ] Analyze issue
- [ ] Locate relevant code
- [ ] Implement fix
- [ ] Run tests
- [ ] Create pull request
*This is an automated fix attempt. Human review will be required before merging.*"
- name: Run Fix Agent
id: fix
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE_NUMBER: ${{ steps.issue.outputs.number }}
ISSUE_TITLE: ${{ steps.issue_details.outputs.title }}
ISSUE_BODY: ${{ steps.issue_details.outputs.body }}
run: |
echo "🤖 Running fix agent for issue #$ISSUE_NUMBER..."
# This is a placeholder for actual agent logic
# When gh-aw is configured, it will execute the markdown workflow
echo "⚠️ Full AI-powered fixing requires gh-aw configuration"
echo "For now, creating a template branch and PR..."
# Create branch (use different prefix in dry-run to be explicit)
if [ "$DRY_RUN" = "true" ]; then
BRANCH_NAME="dryrun/fix/issue-$ISSUE_NUMBER"
else
BRANCH_NAME="fix/issue-$ISSUE_NUMBER"
fi
git checkout -b "$BRANCH_NAME"
# Create a placeholder commit
mkdir -p .github/agent-work
cat > .github/agent-work/fix-$ISSUE_NUMBER.md << FIXEOF
# Fix for Issue #$ISSUE_NUMBER
## Issue Title
$ISSUE_TITLE
## Analysis
This is a placeholder. The actual fix should be implemented here.
## TODO
- [ ] Analyze the issue thoroughly
- [ ] Locate the relevant code
- [ ] Implement the fix
- [ ] Write tests
- [ ] Verify all tests pass
## Next Steps
A human developer should review this issue and implement the fix.
FIXEOF
git add .github/agent-work/fix-$ISSUE_NUMBER.md
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git commit -m "chore: agent fix template for issue #$ISSUE_NUMBER"
if [ "$DRY_RUN" = "true" ]; then
echo "[DRY-RUN] Would push branch '$BRANCH_NAME' to origin"
else
git push -u origin "$BRANCH_NAME"
fi
echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT
- name: Create Pull Request
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRANCH_NAME: ${{ steps.fix.outputs.branch }}
run: |
if [ "$DRY_RUN" = "true" ]; then
echo "[DRY-RUN] Would create draft PR from branch '$BRANCH_NAME' with title:"
echo " fix: ${{ steps.issue_details.outputs.title }} (#${{ steps.issue.outputs.number }})"
exit 0
fi
gh pr create \
--title "fix: ${{ steps.issue_details.outputs.title }} (#${{ steps.issue.outputs.number }})" \
--body "## Description
This PR was automatically created by the fix agent.
## Related Issue
Fixes #${{ steps.issue.outputs.number }}
## Status
⚠️ **This is a template PR**
To enable full automated fixing:
1. Install and configure gh-aw extension
2. Configure Claude API integration
3. Re-run the fix agent workflow
## What to do now
A human developer should:
1. Review the issue
2. Implement the actual fix in this branch
3. Update this PR description
4. Request review when ready
## Checklist
- [ ] Actual fix implemented
- [ ] Tests added/updated
- [ ] All tests passing
- [ ] Documentation updated if needed
- [ ] Ready for review" \
--label automated-fix \
--label needs-human-review \
--draft
- name: Update Issue
if: always()
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ "$DRY_RUN" = "true" ]; then
echo "[DRY-RUN] Would update issue #${{ steps.issue.outputs.number }} with success/failure comment and labels"
exit 0
fi
if [ "${{ job.status }}" == "success" ]; then
gh issue comment ${{ steps.issue.outputs.number }} --body "✅ **Agent Fix Complete**
Created draft PR with branch \`${{ steps.fix.outputs.branch }}\`
⚠️ This is a template. A human developer needs to implement the actual fix.
To enable full AI-powered fixing, configure the gh-aw extension with Claude integration."
else
gh issue comment ${{ steps.issue.outputs.number }} --body "❌ **Agent Fix Failed**
The automated fix attempt encountered an error. A human developer should investigate.
Please review the [workflow run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details."
gh issue edit ${{ steps.issue.outputs.number }} \
--remove-label "agent-fix" \
--add-label "needs-human-review"
fi