diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index 71e57eded3..1fa64d2b45 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9b640aae4b997ac32d7320316a5a46f2b3dfbaeda7b58ba5e6148f4ec3745ae8","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"552ca93b3842bb0a918dd28d50014ed527bd5a9c24d27e9e506c257a58f10420","strict":true,"agent_id":"copilot"} # gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"668228422ae6a00e4ad889ee87cd7109ec5666a7","version":"v5.0.4"},{"repo":"actions/cache/save","sha":"668228422ae6a00e4ad889ee87cd7109ec5666a7","version":"v5.0.4"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"ed597411d8f924073f98dfc5c65a23a2325f34cd","version":"v8"},{"repo":"actions/upload-artifact","sha":"bbbca2ddaa5d8feaa63e36b76fdaad77386f024f","version":"v7"}]} # ___ _ _ # / _ \ | | (_) @@ -160,21 +160,21 @@ jobs: run: | bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh { - cat << 'GH_AW_PROMPT_759ab47f5f9bb3f9_EOF' + cat << 'GH_AW_PROMPT_327c7220d08e376d_EOF' - GH_AW_PROMPT_759ab47f5f9bb3f9_EOF + GH_AW_PROMPT_327c7220d08e376d_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/repo_memory_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md" - cat << 'GH_AW_PROMPT_759ab47f5f9bb3f9_EOF' + cat << 'GH_AW_PROMPT_327c7220d08e376d_EOF' Tools: create_pull_request, missing_tool, missing_data, noop - GH_AW_PROMPT_759ab47f5f9bb3f9_EOF + GH_AW_PROMPT_327c7220d08e376d_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md" - cat << 'GH_AW_PROMPT_759ab47f5f9bb3f9_EOF' + cat << 'GH_AW_PROMPT_327c7220d08e376d_EOF' The following GitHub context information is available for this workflow: @@ -202,11 +202,14 @@ jobs: {{#if __GH_AW_GITHUB_RUN_ID__ }} - **workflow-run-id**: __GH_AW_GITHUB_RUN_ID__ {{/if}} + - **checkouts**: The following repositories have been checked out and are available in the workspace: + - `$GITHUB_WORKSPACE` → `__GH_AW_GITHUB_REPOSITORY__` (cwd) [full history, all branches available as remote-tracking refs] + - **Note**: If a branch you need is not in the list above and is not listed as an additional fetched ref, it has NOT been checked out. For private repositories you cannot fetch it without proper authentication. If the branch is required and not available, exit with an error and ask the user to add it to the `fetch:` option of the `checkout:` configuration (e.g., `fetch: ["refs/pulls/open/*"]` for all open PR refs, or `fetch: ["main", "feature/my-branch"]` for specific branches). - GH_AW_PROMPT_759ab47f5f9bb3f9_EOF + GH_AW_PROMPT_327c7220d08e376d_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" - cat << 'GH_AW_PROMPT_759ab47f5f9bb3f9_EOF' + cat << 'GH_AW_PROMPT_327c7220d08e376d_EOF' ## Serena Code Analysis @@ -243,7 +246,7 @@ jobs: {{#runtime-import .github/agents/technical-doc-writer.agent.md}} {{#runtime-import .github/workflows/shared/mcp/serena-go.md}} {{#runtime-import .github/workflows/glossary-maintainer.md}} - GH_AW_PROMPT_759ab47f5f9bb3f9_EOF + GH_AW_PROMPT_327c7220d08e376d_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -335,7 +338,6 @@ jobs: permissions: actions: read contents: read - issues: read pull-requests: read concurrency: group: "gh-aw-copilot-${{ github.workflow }}" @@ -380,6 +382,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false + fetch-depth: 0 - name: Merge remote .github folder uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: @@ -397,6 +400,9 @@ jobs: run: bash ${RUNNER_TEMP}/gh-aw/actions/configure_gh_for_ghe.sh env: GH_TOKEN: ${{ github.token }} + - name: Fetch recent changes + run: "set -euo pipefail\nmkdir -p /tmp/gh-aw/agent\n\n# Determine scan scope: Monday = full weekly scan, other weekdays = daily\nDAY=$(date +%u)\nif [ \"$DAY\" -eq 1 ]; then\n SINCE=\"7 days ago\"\n SCOPE=\"weekly\"\nelse\n SINCE=\"24 hours ago\"\n SCOPE=\"daily\"\nfi\n\necho \"Scan scope: $SCOPE (since: $SINCE)\"\n\n# Fetch recent commits (all files) — includes file names for context\ngit log --since=\"$SINCE\" --oneline --name-only \\\n > /tmp/gh-aw/agent/recent-commits.txt\n\n# Fetch commits that touched docs\ngit log --since=\"$SINCE\" --name-only \\\n --format=\"%H %s\" -- 'docs/**/*.md' 'docs/**/*.mdx' \\\n > /tmp/gh-aw/agent/doc-changes.txt\n\necho \"Recent commits: $(wc -l < /tmp/gh-aw/agent/recent-commits.txt)\"\necho \"Doc file changes: $(wc -l < /tmp/gh-aw/agent/doc-changes.txt)\"\necho \"$SCOPE\" > /tmp/gh-aw/agent/scan-scope.txt\n" + # Cache memory file share configuration from frontmatter processed below - name: Create cache-memory directory run: bash ${RUNNER_TEMP}/gh-aw/actions/create_cache_memory_dir.sh @@ -472,9 +478,9 @@ jobs: mkdir -p ${RUNNER_TEMP}/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_ca6121f62ff23cd2_EOF' + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_5463f626fbb2ba68_EOF' {"create_pull_request":{"draft":false,"expires":48,"labels":["documentation","glossary"],"max":1,"max_patch_size":1024,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS"],"protected_path_prefixes":[".github/",".agents/"],"title_prefix":"[docs] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"push_repo_memory":{"memories":[{"dir":"/tmp/gh-aw/repo-memory/default","id":"default","max_file_count":100,"max_file_size":10240,"max_patch_size":10240}]},"report_incomplete":{}} - GH_AW_SAFE_OUTPUTS_CONFIG_ca6121f62ff23cd2_EOF + GH_AW_SAFE_OUTPUTS_CONFIG_5463f626fbb2ba68_EOF - name: Write Safe Outputs Tools env: GH_AW_TOOLS_META_JSON: | @@ -672,7 +678,7 @@ jobs: export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.16' mkdir -p /home/runner/.copilot - cat << GH_AW_MCP_CONFIG_15f8604ab8db23a8_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh + cat << GH_AW_MCP_CONFIG_b880ec9cf72dc26f_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh { "mcpServers": { "github": { @@ -682,7 +688,7 @@ jobs: "GITHUB_HOST": "\${GITHUB_SERVER_URL}", "GITHUB_PERSONAL_ACCESS_TOKEN": "\${GITHUB_MCP_SERVER_TOKEN}", "GITHUB_READ_ONLY": "1", - "GITHUB_TOOLSETS": "context,repos,issues,pull_requests" + "GITHUB_TOOLSETS": "repos,pull_requests" }, "guard-policies": { "allow-only": { @@ -742,7 +748,7 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_15f8604ab8db23a8_EOF + GH_AW_MCP_CONFIG_b880ec9cf72dc26f_EOF - name: Download activation artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: diff --git a/.github/workflows/glossary-maintainer.md b/.github/workflows/glossary-maintainer.md index cfb6ec8212..7bca6a7158 100644 --- a/.github/workflows/glossary-maintainer.md +++ b/.github/workflows/glossary-maintainer.md @@ -9,7 +9,6 @@ on: permissions: contents: read - issues: read pull-requests: read actions: read @@ -41,12 +40,46 @@ tools: wiki: true description: "Project glossary and terminology reference" github: - toolsets: [default] + toolsets: [repos, pull_requests] # scoped to avoid search_repositories (in default); repos covers commits/files, pull_requests covers PRs edit: bash: true timeout-minutes: 20 +checkout: + fetch-depth: 0 # full history required so git log --since works across all commits + +steps: + - name: Fetch recent changes + run: | + set -euo pipefail + mkdir -p /tmp/gh-aw/agent + + # Determine scan scope: Monday = full weekly scan, other weekdays = daily + DAY=$(date +%u) + if [ "$DAY" -eq 1 ]; then + SINCE="7 days ago" + SCOPE="weekly" + else + SINCE="24 hours ago" + SCOPE="daily" + fi + + echo "Scan scope: $SCOPE (since: $SINCE)" + + # Fetch recent commits (all files) — includes file names for context + git log --since="$SINCE" --oneline --name-only \ + > /tmp/gh-aw/agent/recent-commits.txt + + # Fetch commits that touched docs + git log --since="$SINCE" --name-only \ + --format="%H %s" -- 'docs/**/*.md' 'docs/**/*.mdx' \ + > /tmp/gh-aw/agent/doc-changes.txt + + echo "Recent commits: $(wc -l < /tmp/gh-aw/agent/recent-commits.txt)" + echo "Doc file changes: $(wc -l < /tmp/gh-aw/agent/doc-changes.txt)" + echo "$SCOPE" > /tmp/gh-aw/agent/scan-scope.txt + --- # Glossary Maintainer @@ -96,20 +129,19 @@ Use Serena to: ### 1. Determine Scan Scope -Check what day it is: -- **Monday**: Full scan (review changes from last 7 days) -- **Other weekdays**: Incremental scan (review changes from last 24 hours) - -Use bash commands to check recent activity: +The pre-step has already determined the scan scope. Read it from the file: ```bash -# For incremental (daily) scan -git log --since='24 hours ago' --oneline - -# For full (weekly) scan on Monday -git log --since='7 days ago' --oneline +cat /tmp/gh-aw/agent/scan-scope.txt # "daily" or "weekly" +cat /tmp/gh-aw/agent/recent-commits.txt # pre-fetched commit list +cat /tmp/gh-aw/agent/doc-changes.txt # commits that touched docs ``` +- **`weekly`** (Monday): Full scan — review changes from the last 7 days +- **`daily`** (other weekdays): Incremental scan — review changes from the last 24 hours + +Do not run additional `git log` commands to re-fetch this data; the files above are already populated. + ### 2. Load Cache Memory You have access to cache-memory to track: @@ -129,10 +161,10 @@ Based on the scope (daily or weekly): - e.g., `search("cache-memory workflow persistence")` to check for existing docs before adding a term - e.g., `search("MCP server configuration tools")` to find all documentation on a concept -**Use GitHub tools to:** -- List recent commits using `list_commits` for the appropriate timeframe -- Get detailed commit information using `get_commit` for commits that might introduce new terminology -- Search for merged pull requests using `search_pull_requests` +**Use GitHub tools sparingly** — prefer the pre-fetched files above: +- Use `get_commit` for detailed diff of specific commit SHAs from `recent-commits.txt` (at most 20 commits) +- Use `search_pull_requests` to find merged PRs from the timeframe (at most 10 PRs) +- Use `pull_request_read` to inspect specific PR changes — pass `method: get_files` or `method: get_diff` as the operation **Look for new terminology in `docs/**/*.{md,mdx}` (and nowhere else)** - New configuration fields in frontmatter (YAML keys) @@ -310,6 +342,16 @@ If you made any changes to the glossary: - **Use Cache**: Track your work to avoid duplicates - **Link Appropriately**: Add references to related documentation +## Constraints + +To keep this workflow efficient, adhere to these hard limits: + +- **Do not use `search_repositories`** — it searches GitHub globally and is irrelevant to this task +- **Do not read issues** — terminology should come from commits, PRs, and documentation files, not issue discussions +- **Analyze at most 20 commits** — use the pre-fetched `recent-commits.txt` file and pick the most relevant ones +- **Read at most 10 pull requests** — focus on PRs that clearly introduce new features or terminology +- **The only repository that matters is the current one** — do not query or search other repositories + ## Important Notes - You have edit tool access to modify the glossary