techapi-verify #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: techapi-verify-comment | |
| # On-demand Tier 0 data verification for a TechAPI PR. Triggered by an English | |
| # command comment (`/verify`) on the PR, relayed here as a repository_dispatch by | |
| # TechAPI's verify-command.yml. Checks out the PR head, runs TechAPI's app.verify, | |
| # and posts the green/yellow/red band report back on the PR as TechEngineBot. | |
| on: | |
| repository_dispatch: | |
| types: [techapi-verify] | |
| workflow_dispatch: | |
| inputs: | |
| pr_number: | |
| description: "TechAPI PR number to verify + comment on" | |
| required: true | |
| head_sha: | |
| description: "TechAPI commit SHA to verify" | |
| required: true | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: techapi-verify-${{ github.event.client_payload.pr_number || inputs.pr_number }} | |
| cancel-in-progress: true | |
| jobs: | |
| verify: | |
| runs-on: ubuntu-latest | |
| env: | |
| PYTHONIOENCODING: utf-8 | |
| TECHAPI_COMMENT_TOKEN: ${{ secrets.TECHENGINEBOT_TOKEN || secrets.TECHAPI_TOKEN }} | |
| TECHAPI_PR_NUMBER: ${{ github.event.client_payload.pr_number || inputs.pr_number }} | |
| TECHAPI_HEAD_SHA: ${{ github.event.client_payload.head_sha || inputs.head_sha }} | |
| REQUESTED_BY: ${{ github.event.client_payload.requested_by || github.actor }} | |
| TECHAPI_COMMENT_ID: ${{ github.event.client_payload.comment_id }} | |
| steps: | |
| # Acknowledge the /verify command as TechEngineBot (the bot holds the token; | |
| # the relay side must not react, or it looks like the requester self-reacting). | |
| - name: Acknowledge command (TechEngineBot 👀) | |
| if: env.TECHAPI_COMMENT_TOKEN != '' && env.TECHAPI_COMMENT_ID != '' | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.TECHENGINEBOT_TOKEN || secrets.TECHAPI_TOKEN }} | |
| script: | | |
| const comment_id = Number(process.env.TECHAPI_COMMENT_ID); | |
| if (comment_id) { | |
| try { | |
| await github.rest.reactions.createForIssueComment({ | |
| owner: 'GetTechAPI', repo: 'TechAPI', comment_id, content: 'eyes', | |
| }); | |
| } catch (e) { core.info(`reaction skipped: ${e.message}`); } | |
| } | |
| env: | |
| TECHAPI_COMMENT_ID: ${{ github.event.client_payload.comment_id }} | |
| - name: Checkout TechAPI PR head | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: GetTechAPI/TechAPI | |
| ref: ${{ env.TECHAPI_HEAD_SHA }} | |
| path: TechAPI | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| # app.verify is a stdlib-only TechAPI module; run it from the checkout. | |
| # `pr` runs all tiers (0 offline score, 1 source-URL liveness, 2 external | |
| # cross-reference, 3 promotion DRY-RUN) over the PR's changed records, plus | |
| # a full-dataset Tier 0 baseline. Network tiers are capped and never write. | |
| - name: Run all-tiers verification | |
| id: verify | |
| run: | | |
| cd TechAPI | |
| git fetch origin main --depth=1 || true | |
| { | |
| echo 'report<<VERIFY_EOF' | |
| python -m app.verify pr || echo "_app.verify unavailable on this ref._" | |
| echo VERIFY_EOF | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Post verification comment (TechEngineBot) | |
| if: env.TECHAPI_COMMENT_TOKEN != '' | |
| uses: actions/github-script@v7 | |
| env: | |
| REPORT: ${{ steps.verify.outputs.report }} | |
| PR_NUMBER: ${{ env.TECHAPI_PR_NUMBER }} | |
| REQUESTED_BY: ${{ env.REQUESTED_BY }} | |
| with: | |
| github-token: ${{ secrets.TECHENGINEBOT_TOKEN || secrets.TECHAPI_TOKEN }} | |
| script: | | |
| const marker = '<!-- techengine-verify-command -->'; | |
| const report = (process.env.REPORT || '').trim() || '(no output)'; | |
| const by = process.env.REQUESTED_BY || 'someone'; | |
| // `pr` already emits its own H2 heading + tier sections; just frame it. | |
| const body = [ | |
| marker, | |
| report, | |
| '', | |
| `<sub>Requested by @${by} via \`/verify\` · scored by \`app.verify\`, posted by **TechEngineBot**. Informational only — the structural gate (\`app.validate\`) is separate; Tier 3 here is dry-run.</sub>`, | |
| ].join('\n'); | |
| const owner = 'GetTechAPI'; | |
| const repo = 'TechAPI'; | |
| const issue_number = Number(process.env.PR_NUMBER); | |
| const comments = await github.paginate(github.rest.issues.listComments, { | |
| owner, repo, issue_number, per_page: 100, | |
| }); | |
| const existing = comments.find((c) => c.body && c.body.includes(marker)); | |
| if (existing) { | |
| await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body }); | |
| } else { | |
| await github.rest.issues.createComment({ owner, repo, issue_number, body }); | |
| } | |
| - name: Dormant when no bot token | |
| if: env.TECHAPI_COMMENT_TOKEN == '' | |
| run: echo "::warning::No TECHENGINEBOT_TOKEN/TECHAPI_TOKEN; verification ran but no comment was posted." |