TechEngine/.github/workflows/techapi-verify-comment.yml at main · GetTechAPI/TechEngine · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: techapi-verify-comment

# On-demand Tier 0 data verification for a TechAPI PR. Triggered by an English
# command comment (`/verify`) on the PR, relayed here as a repository_dispatch by
# TechAPI's verify-command.yml. Checks out the PR head, runs TechAPI's app.verify,
# and posts the green/yellow/red band report back on the PR as TechEngineBot.
on:
  repository_dispatch:
    types: [techapi-verify]
  workflow_dispatch:
    inputs:
      pr_number:
        description: "TechAPI PR number to verify + comment on"
        required: true
      head_sha:
        description: "TechAPI commit SHA to verify"
        required: true

permissions:
  contents: read

concurrency:
  group: techapi-verify-${{ github.event.client_payload.pr_number || inputs.pr_number }}-${{ github.event.client_payload.mode || 'all' }}
  cancel-in-progress: true

jobs:
  verify:
    runs-on: ubuntu-latest
    env:
      PYTHONIOENCODING: utf-8
      TECHAPI_COMMENT_TOKEN: ${{ secrets.TECHENGINEBOT_TOKEN || secrets.TECHAPI_TOKEN }}
      TECHAPI_PR_NUMBER: ${{ github.event.client_payload.pr_number || inputs.pr_number }}
      TECHAPI_HEAD_SHA: ${{ github.event.client_payload.head_sha || inputs.head_sha }}
      REQUESTED_BY: ${{ github.event.client_payload.requested_by || github.actor }}
      TECHAPI_COMMENT_ID: ${{ github.event.client_payload.comment_id }}
      # "tier0" = auto PR report (relayed by TechAPI verify-report.yml); else the
      # on-demand /verify all-tiers run.
      MODE: ${{ github.event.client_payload.mode || 'all' }}
    steps:
      # Acknowledge the /verify command as TechEngineBot (the bot holds the token;
      # the relay side must not react, or it looks like the requester self-reacting).
      - name: Acknowledge command (TechEngineBot 👀)
        if: env.TECHAPI_COMMENT_TOKEN != '' && env.TECHAPI_COMMENT_ID != ''
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.TECHENGINEBOT_TOKEN || secrets.TECHAPI_TOKEN }}
          script: |
            const comment_id = Number(process.env.TECHAPI_COMMENT_ID);
            if (comment_id) {
              try {
                await github.rest.reactions.createForIssueComment({
                  owner: 'GetTechAPI', repo: 'TechAPI', comment_id, content: 'eyes',
                });
              } catch (e) { core.info(`reaction skipped: ${e.message}`); }
            }
        env:
          TECHAPI_COMMENT_ID: ${{ github.event.client_payload.comment_id }}

      - name: Checkout TechEngine
        uses: actions/checkout@v4

      - name: Checkout TechAPI PR head
        uses: actions/checkout@v4
        with:
          repository: GetTechAPI/TechAPI
          ref: ${{ env.TECHAPI_HEAD_SHA }}
          path: TechAPI
          fetch-depth: 0

      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
          cache: pip

      - name: Install TechEngine
        run: pip install -e .

      # app.verify now lives in TechEngine; run it from the engine root with
      # TECHAPI_DATA_DIR pointing at the TechAPI checkout (its `_changed_data_slugs`
      # runs git inside that data repo). mode=tier0 = fast offline Tier 0 (auto PR
      # report); mode=all = `pr` Tiers 0-3 (3 = promotion DRY-RUN).
      - name: Run verification
        id: verify
        env:
          TECHAPI_DATA_DIR: ${{ github.workspace }}/TechAPI/data
        run: |
          git -C TechAPI fetch origin main --depth=1 || true
          {
            echo 'report<<VERIFY_EOF'
            if [ "${MODE}" = "tier0" ]; then
              echo "### Changed records in this PR"
              echo ""
              python -m app.verify score --changed --no-cache --format md || echo "_app.verify unavailable on this ref._"
              echo ""
              echo "### Full-dataset baseline"
              echo ""
              python -m app.verify score --no-cache --format md || true
            else
              python -m app.verify pr || echo "_app.verify unavailable on this ref._"
            fi
            echo VERIFY_EOF
          } >> "$GITHUB_OUTPUT"

      - name: Post verification comment (TechEngineBot)
        if: env.TECHAPI_COMMENT_TOKEN != ''
        uses: actions/github-script@v7
        env:
          REPORT: ${{ steps.verify.outputs.report }}
          PR_NUMBER: ${{ env.TECHAPI_PR_NUMBER }}
          REQUESTED_BY: ${{ env.REQUESTED_BY }}
          MODE: ${{ env.MODE }}
        with:
          github-token: ${{ secrets.TECHENGINEBOT_TOKEN || secrets.TECHAPI_TOKEN }}
          script: |
            const report = (process.env.REPORT || '').trim() || '(no output)';
            const by = process.env.REQUESTED_BY || 'someone';
            const isTier0 = (process.env.MODE || 'all') === 'tier0';
            // Auto report and on-demand /verify use distinct marked comments.
            const marker = isTier0
              ? '<!-- techengine-verify-report -->'
              : '<!-- techengine-verify-command -->';
            const head = isTier0
              ? ['## 🔎 Data verification — Tier 0 (offline existence/trust)', '',
                 'Scored by `app.verify`; posted by **TechEngineBot**. Informational only — the structural gate (`app.validate`) is separate and authoritative for merge.', '',
                 report]
              : [report];  // `pr` emits its own H2 heading + tier sections
            const footer = isTier0
              ? '<sub>green = authoritative source + complete + consistent · yellow = plausible, needs confirmation · red = sparse/weak source or a hard contradiction. Promotion to `verified` runs in the scheduled `verify-network` workflow.</sub>'
              : `<sub>Requested by @${by} via \`/verify\` · scored by \`app.verify\`, posted by **TechEngineBot**. Informational only — the structural gate (\`app.validate\`) is separate; Tier 3 here is dry-run.</sub>`;
            const body = [marker, ...head, '', footer].join('\n');
            const owner = 'GetTechAPI';
            const repo = 'TechAPI';
            const issue_number = Number(process.env.PR_NUMBER);
            const comments = await github.paginate(github.rest.issues.listComments, {
              owner, repo, issue_number, per_page: 100,
            });
            const existing = comments.find((c) => c.body && c.body.includes(marker));
            if (existing) {
              await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body });
            } else {
              await github.rest.issues.createComment({ owner, repo, issue_number, body });
            }

      - name: Dormant when no bot token
        if: env.TECHAPI_COMMENT_TOKEN == ''
        run: echo "::warning::No TECHENGINEBOT_TOKEN/TECHAPI_TOKEN; verification ran but no comment was posted."