desirecore/market
2
0
Fork 0
mirror of https://git.openapi.site/https://github.com/desirecore/market.git synced 2026-06-06 05:50:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

ci: 引入分支保护配套工作流(path 过滤 → detect-changes,AI review 自动化) (#5)

Browse Source 
## Summary / 概要

为了让 `main` 分支保护规则在所有 PR 上稳定生效,调整两个现有 i18n workflow 并新增两个 AI review 配套
workflow。

### 已配置的 main ruleset(ID 16298003)

- 只允许 squash merge,禁止 force push / 删除
- 必需 status check:`validate`、`translate`,require
`strict_required_status_checks_policy=true`(必须 rebase 最新)
- PR
rule:`required_approving_review_count=0`、`required_review_thread_resolution=true`、`dismiss_stale_reviews_on_push=true`
- `bypass_actors=[]`:管理员也不能绕过

### 本 PR 改动

1. **i18n-validate / i18n-translate**:移除 `on.pull_request.paths`,把过滤下移到
job 内 `detect-changes` step。路径不相关时跳过实际逻辑但 job 仍 success,避免 required
check 因 path 过滤缺失而卡死非 i18n PR。
2. **auto-request-copilot-review** (新增):PR
opened/reopened/ready_for_review 时自动 `POST
/pulls/{n}/requested_reviewers` 加 Copilot 为 reviewer。
3. **wait-for-copilot-review** (新增):PR
opened/reopened/synchronize/ready_for_review 时启动,轮询 reviews API 等待
`copilot-pull-request-reviewer[bot]` 在当前 head SHA 提交 review。超时 8 分钟则
fail。
- 选择 polling 而不是 `pull_request_review` 事件触发是因为:Copilot bot 触发的
`pull_request_review` 事件被 GitHub 视为 first-time contributor,workflow run
会卡在 `action_required` 状态需 maintainer 在 web UI 手动批准,无法自动化。

合并后会再 PATCH ruleset 16298003,把 `wait-for-copilot-review` 加入 required
status checks 作为强制门槛。

## Test plan

- [x] `i18n-validate` 在本 PR 上跑出 success(PR 仅触及
`.github/workflows/`,relevant=false,走 skip 分支)
- [x] `i18n-translate` 同上
- [x] `auto-request-copilot-review` 跑出 success,Copilot 被自动加为 reviewer
- [x] `wait-for-copilot-review` 在 polling 窗口内捕获到 Copilot review 并 pass
- [ ] 解决 Copilot 提的 conversations 后能 squash merge
- [ ] 合并后用 PATCH ruleset 把 `wait-for-copilot-review` 加入 required checks
This commit is contained in:
yi-ge
2026-05-13 00:21:51 +08:00
committed by GitHub
parent e1b4e69de6
commit b8101406fb
4 changed files with 155 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
.github/workflows/auto-request-copilot-review.yml vendored Normal file
View File

@@ -0,0 +1,39 @@
name: Auto-request Copilot review
on:
pull_request:
types: [opened, reopened, ready_for_review]
permissions:
pull-requests: write
jobs:
request:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
timeout-minutes: 2
steps:
- name: Request Copilot reviewer
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
set -e
if gh api "repos/${{ github.repository }}/pulls/$PR_NUMBER" \
--jq '.requested_reviewers[].login' \
| grep -qE '^(Copilot|copilot-pull-request-reviewer\[bot\])$'; then
echo "Copilot already requested as reviewer."
exit 0
fi
# 422 here usually means Copilot has already submitted a review (so the
# request slot is gone). Treat that as benign.
if ! resp=$(gh api -X POST \
"repos/${{ github.repository }}/pulls/$PR_NUMBER/requested_reviewers" \
-f 'reviewers[]=copilot-pull-request-reviewer[bot]' 2>&1); then
echo "$resp"
if echo "$resp" | grep -q '"status":"422"'; then
echo "POST returned 422; Copilot likely already reviewed."
exit 0
fi
exit 1
fi

36
.github/workflows/i18n-translate.yml vendored
View File

@@ -12,11 +12,6 @@ name: i18n Auto-Translate
on: on:
pull_request: pull_request:
paths:
- "skills/**/SKILL.zh-CN.md"
- "skills/**/SKILL.md"
- "manifest.json"
- "categories.json"
workflow_dispatch: workflow_dispatch:
inputs: inputs:
target_locale: target_locale:
@@ -49,11 +44,32 @@ jobs:
token: ${{ secrets.DESIRECORE_BOT_TOKEN || secrets.GITHUB_TOKEN }} token: ${{ secrets.DESIRECORE_BOT_TOKEN || secrets.GITHUB_TOKEN }}
fetch-depth: 0 fetch-depth: 0
- name: Detect relevant changes
id: changes
env:
BASE_SHA: ${{ github.event.pull_request.base.sha }}
HEAD_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
run: |
set -e
if [ "${{ github.event_name }}" != "pull_request" ]; then
echo "relevant=true" >> "$GITHUB_OUTPUT"
exit 0
fi
git fetch --no-tags --depth=1 origin "$BASE_SHA" 2>/dev/null || true
changed=$(git diff --name-only "${BASE_SHA}...${HEAD_SHA}" || true)
if echo "$changed" | grep -qE '^(skills/.+/SKILL(\.zh-CN)?\.md$|manifest\.json$|categories\.json$)'; then
echo "relevant=true" >> "$GITHUB_OUTPUT"
else
echo "relevant=false" >> "$GITHUB_OUTPUT"
fi
- name: Install uv - name: Install uv
if: steps.changes.outputs.relevant == 'true'
uses: astral-sh/setup-uv@v3 uses: astral-sh/setup-uv@v3
- name: Check for stale translations - name: Check for stale translations
id: precheck id: precheck
if: steps.changes.outputs.relevant == 'true'
run: | run: |
set +e set +e
uv run --quiet scripts/i18n/translate.py --check uv run --quiet scripts/i18n/translate.py --check
@@ -66,7 +82,7 @@ jobs:
exit 0 exit 0
- name: Translate stale locales - name: Translate stale locales
if: steps.precheck.outputs.stale == 'true' if: steps.changes.outputs.relevant == 'true' && steps.precheck.outputs.stale == 'true'
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
@@ -84,12 +100,12 @@ jobs:
uv run --quiet scripts/i18n/translate.py "${ARGS[@]}" uv run --quiet scripts/i18n/translate.py "${ARGS[@]}"
- name: Validate after translation - name: Validate after translation
if: steps.precheck.outputs.stale == 'true' if: steps.changes.outputs.relevant == 'true' && steps.precheck.outputs.stale == 'true'
run: uv run --quiet scripts/i18n/validate-i18n.py run: uv run --quiet scripts/i18n/validate-i18n.py
- name: Detect changes - name: Detect changes
id: diff id: diff
if: steps.precheck.outputs.stale == 'true' if: steps.changes.outputs.relevant == 'true' && steps.precheck.outputs.stale == 'true'
run: | run: |
if git diff --quiet; then if git diff --quiet; then
echo "changed=false" >> "$GITHUB_OUTPUT" echo "changed=false" >> "$GITHUB_OUTPUT"
@@ -154,3 +170,7 @@ jobs:
issue_number: context.issue.number, issue_number: context.issue.number,
labels: ['i18n-translation-failed'], labels: ['i18n-translation-failed'],
}); });
- name: Skip notice
if: steps.changes.outputs.relevant != 'true'
run: echo "No i18n-relevant changes; translation skipped."

60
.github/workflows/i18n-validate.yml vendored
View File

@@ -2,20 +2,8 @@ name: i18n Validate
on: on:
pull_request: pull_request:
paths:
- "skills/**"
- "agents/**"
- "manifest.json"
- "categories.json"
- "scripts/i18n/**"
push: push:
branches: [main] branches: [main]
paths:
- "skills/**"
- "agents/**"
- "manifest.json"
- "categories.json"
- "scripts/i18n/**"
workflow_dispatch: workflow_dispatch:
permissions: permissions:
@@ -27,16 +15,58 @@ jobs:
timeout-minutes: 5 timeout-minutes: 5
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect relevant changes
id: changes
env:
EVENT_NAME: ${{ github.event_name }}
BASE_SHA: ${{ github.event.pull_request.base.sha }}
HEAD_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
PUSH_BEFORE: ${{ github.event.before }}
PUSH_AFTER: ${{ github.event.after }}
run: |
set -e
case "$EVENT_NAME" in
pull_request)
git fetch --no-tags --depth=1 origin "$BASE_SHA" 2>/dev/null || true
range="${BASE_SHA}...${HEAD_SHA}"
;;
push)
if [ -n "$PUSH_BEFORE" ] && [ "$PUSH_BEFORE" != "0000000000000000000000000000000000000000" ]; then
range="${PUSH_BEFORE}...${PUSH_AFTER}"
else
# initial push or unknown before — assume relevant
echo "relevant=true" >> "$GITHUB_OUTPUT"
exit 0
fi
;;
*)
echo "relevant=true" >> "$GITHUB_OUTPUT"
exit 0
;;
esac
changed=$(git diff --name-only "$range" || true)
if echo "$changed" | grep -qE '^(skills/|agents/|manifest\.json$|categories\.json$|scripts/i18n/)'; then
echo "relevant=true" >> "$GITHUB_OUTPUT"
else
echo "relevant=false" >> "$GITHUB_OUTPUT"
fi
- name: Install uv - name: Install uv
if: steps.changes.outputs.relevant == 'true'
uses: astral-sh/setup-uv@v3 uses: astral-sh/setup-uv@v3
- name: Validate i18n - name: Validate i18n
if: steps.changes.outputs.relevant == 'true'
run: uv run --quiet scripts/i18n/validate-i18n.py run: uv run --quiet scripts/i18n/validate-i18n.py
- name: Check for stale translations - name: Check for stale translations
if: steps.changes.outputs.relevant == 'true'
run: uv run --quiet scripts/i18n/translate.py --check run: uv run --quiet scripts/i18n/translate.py --check
# --check exits 1 when any locale needs translation. We don't fail the
# PR — translate.py (the i18n-translate workflow) will fix it. We just
# surface the report.
continue-on-error: true continue-on-error: true
- name: Skip notice
if: steps.changes.outputs.relevant != 'true'
run: echo "No i18n-relevant changes; validation skipped."

43
.github/workflows/wait-for-copilot-review.yml vendored Normal file
View File

@@ -0,0 +1,43 @@
name: Wait for Copilot review
on:
pull_request:
types: [opened, reopened, synchronize, ready_for_review]
permissions:
pull-requests: read
jobs:
wait-for-copilot-review:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Wait for Copilot to review the head commit
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
run: |
set -e
# Poll up to ~8 minutes for Copilot to submit a review on the current head.
for i in $(seq 1 48); do
reviews=$(gh api --paginate "repos/${{ github.repository }}/pulls/$PR_NUMBER/reviews")
matching=$(echo "$reviews" | jq -r --arg sha "$HEAD_SHA" '
[ .[] | select(
((.user.login == "Copilot") or (.user.login == "copilot-pull-request-reviewer[bot]"))
and (.commit_id == $sha)
and (.state != "DISMISSED" and .state != "PENDING")
) ] | length
')
if [ "$matching" -gt 0 ]; then
echo "✓ Copilot has reviewed commit $HEAD_SHA ($matching review(s))"
exit 0
fi
echo "Attempt $i/48: Copilot has not reviewed $HEAD_SHA yet — sleeping 10s."
sleep 10
done
echo "✗ Timed out waiting for Copilot review on $HEAD_SHA."
echo "All reviews currently on this PR:"
echo "$reviews" | jq -r '.[] | " - \(.user.login) on \(((.commit_id // "?") | .[0:7])): \(.state)"' || true
exit 1