-
Notifications
You must be signed in to change notification settings - Fork 2
168 lines (147 loc) · 6.25 KB
/
compile-agentic-workflows.yml
File metadata and controls
168 lines (147 loc) · 6.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: Compile Agentic Workflows
# Automatically compile .md workflow files to .lock.yml when they change
# This ensures the lock files stay in sync with their markdown sources
on:
workflow_dispatch:
permissions:
contents: write
pull-requests: write
actions: write
jobs:
compile:
name: Compile Agentic Workflows
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
token: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: '25'
- name: Install gh-aw CLI
run: |
echo "Installing gh-aw tool..."
# Try to install the GitHub CLI extension
# Note: This may require authentication
if gh auth status 2>/dev/null; then
gh extension install github/gh-aw || echo "Failed to install gh-aw extension"
else
echo "⚠️ GitHub CLI not authenticated"
echo "Skipping gh-aw installation"
fi
env:
GH_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
- name: Compile Agentic Workflows
id: compile
run: |
echo "Compiling agentic workflows..."
# Find all .md workflow files
md_files=$(find .github/workflows -name "*.md" -type f)
if [ -z "$md_files" ]; then
echo "No .md workflow files found"
exit 0
fi
compiled=false
for md_file in $md_files; do
echo "Processing: $md_file"
# Check if gh aw command is available
if command -v gh >/dev/null 2>&1 && gh aw compile --help >/dev/null 2>&1; then
echo " Compiling with gh aw compile..."
gh aw compile "$md_file" || {
echo " ❌ Failed to compile $md_file"
continue
}
compiled=true
else
echo " ⚠️ gh-aw tool not available"
echo " Please install gh-aw extension: gh extension install github/gh-aw"
echo " Or run 'gh aw compile' locally"
# Set output to indicate manual action needed
echo "needs_manual_compile=true" >> $GITHUB_OUTPUT
exit 1
fi
done
if [ "$compiled" = true ]; then
echo "✅ Workflows compiled successfully"
echo "compiled=true" >> $GITHUB_OUTPUT
else
echo "ℹ️ No workflows were compiled"
fi
env:
GH_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
- name: Check for changes
id: check_changes
run: |
if git diff --quiet .github/workflows/*.lock.yml; then
echo "No changes to lock files"
echo "has_changes=false" >> $GITHUB_OUTPUT
else
echo "Lock files have changes"
echo "has_changes=true" >> $GITHUB_OUTPUT
git diff --stat .github/workflows/*.lock.yml
fi
- name: Commit changes
if: steps.check_changes.outputs.has_changes == 'true'
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add .github/workflows/*.lock.yml
git commit -m "chore: recompile agentic workflow lock files"
git push
- name: Create issue for manual compilation
if: steps.compile.outputs.needs_manual_compile == 'true'
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const issueBody = [
'## Problem',
'',
'The agentic workflow markdown files have been updated, but the lock files could not be automatically compiled.',
'',
'### Action Required',
'',
'Please compile the lock files locally:',
'',
'```bash',
'# Install gh-aw extension (first time only)',
'gh extension install github/gh-aw',
'',
'# Compile all agentic workflows',
'cd .github/workflows',
'gh aw compile news-article-generator.md',
'',
'# Commit and push the updated lock files',
'git add *.lock.yml',
'git commit -m "chore: recompile agentic workflow lock files"',
'git push',
'```',
'',
'### Files Affected',
'',
'- `.github/workflows/news-article-generator.md`',
'- `.github/workflows/news-article-generator.lock.yml`',
'',
'### Why This Happened',
'',
'The gh-aw tool requires GitHub authentication and is not available in the automated workflow environment.',
'',
'### More Information',
'',
'- [GitHub Agentic Workflows Documentation](https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md)',
'- Triggered by: ' + (context.payload.head_commit?.message || 'Manual trigger'),
'- Workflow run: ' + context.serverUrl + '/' + context.repo.owner + '/' + context.repo.repo + '/actions/runs/' + context.runId
].join('\n');
const issue = await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: '⚠️ Agentic Workflow Lock Files Need Manual Compilation',
body: issueBody,
labels: ['infrastructure', 'automated-issue', 'needs-action']
});
console.log(`Created issue #${issue.data.number}`);