agentic-ops/.github/workflows/ci.yml at main · githubnext/agentic-ops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: CI

on:
  push:
  pull_request:

jobs:
  compile:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

      - name: Set up gh-aw CLI
        uses: github/gh-aw-actions/setup-cli@f8495a686e66770ae977f82732f34d7340ee42a4 # setup-cli action pin (installs CLI v0.72.1 below)
        with:
          version: v0.72.1
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Compile workflows
        run: |
          gh aw compile
          gh aw compile --dir workflows
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Verify compiled workflows are committed
        run: git diff --exit-code -- .github/workflows workflows

  add-local-source:
    runs-on: ubuntu-latest
    needs: [compile]
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

      - name: Set up gh-aw CLI
        uses: github/gh-aw-actions/setup-cli@f8495a686e66770ae977f82732f34d7340ee42a4 # setup-cli action pin (installs CLI v0.72.1 below)
        with:
          version: v0.72.1
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Test gh aw add from local sources
        run: |
          set -euo pipefail
          TARGET_REPO=$(mktemp -d)
          git init "$TARGET_REPO"
          cd "$TARGET_REPO"
          gh aw add "${{ github.workspace }}/workflows/agentic-token-audit.md" "${{ github.workspace }}/workflows/agentic-token-optimizer.md" "${{ github.workspace }}/workflows/daily-subagent-optimizer.md"
          gh aw compile --validate --no-emit
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  add-named-source:
    runs-on: ubuntu-latest
    needs: [compile]
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

      - name: Set up gh-aw CLI
        uses: github/gh-aw-actions/setup-cli@f8495a686e66770ae977f82732f34d7340ee42a4 # setup-cli action pin (installs CLI v0.72.1 below)
        with:
          version: v0.72.1
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Test gh aw add from named sources
        run: |
          set -euo pipefail
          TARGET_REPO=$(mktemp -d)
          git init "$TARGET_REPO"
          cd "$TARGET_REPO"
          gh aw add "${{ github.repository }}/agentic-token-audit" "${{ github.repository }}/agentic-token-optimizer" "${{ github.repository }}/daily-subagent-optimizer"
          gh aw compile --validate --no-emit
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  run:
    runs-on: ubuntu-latest
    needs: [add-local-source, add-named-source]
    permissions:
      actions: write
      contents: read
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
          fetch-depth: 0

      - name: Set up gh-aw CLI
        uses: github/gh-aw-actions/setup-cli@f8495a686e66770ae977f82732f34d7340ee42a4 # setup-cli action pin (installs CLI v0.72.1 below)
        with:
          version: v0.72.1
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Detect installed workflows on main
        id: detect-workflows
        run: |
          set -euo pipefail

          installed=true
          for path in \
            .github/workflows/agentic-token-audit.md \
            .github/workflows/agentic-token-audit.lock.yml \
            .github/workflows/agentic-token-optimizer.md \
            .github/workflows/agentic-token-optimizer.lock.yml \
            .github/workflows/daily-subagent-optimizer.md \
            .github/workflows/daily-subagent-optimizer.lock.yml; do
            if [[ ! -f "$path" ]]; then
              echo "Missing installed workflow file: $path"
              installed=false
            fi
          done

          echo "installed=$installed" >> "$GITHUB_OUTPUT"

          if [[ "$installed" != "true" ]]; then
            {
              echo "### Run Result"
              echo
              echo "- Installed workflow files are not present on this main branch checkout yet."
              echo "- The install job must merge them into main before the real workflow dispatch can happen."
            } >> "$GITHUB_STEP_SUMMARY"
          fi

      - name: Run installed workflows from main
        if: steps.detect-workflows.outputs.installed == 'true'
        run: |
          set -euo pipefail
          gh aw run agentic-token-audit agentic-token-optimizer daily-subagent-optimizer --ref main
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}