diff --git a/.github/workflows/agent.yml b/.github/workflows/agent.yml index 684f4ed..c5d5707 100644 --- a/.github/workflows/agent.yml +++ b/.github/workflows/agent.yml @@ -40,7 +40,7 @@ concurrency: jobs: agent: - uses: YiAgent/OpenCI/.github/workflows/reusable-agent.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-agent.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: task: ${{ inputs.task }} prompt: ${{ inputs.prompt }} diff --git a/.github/workflows/ci-self-test.yml b/.github/workflows/ci-self-test.yml index b2c207e..953334f 100644 --- a/.github/workflows/ci-self-test.yml +++ b/.github/workflows/ci-self-test.yml @@ -44,7 +44,7 @@ concurrency: jobs: self-test: - uses: YiAgent/OpenCI/.github/workflows/reusable-self-test.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-self-test.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: runner: ubuntu-latest secrets: inherit diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cffcde8..946e17a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,7 +45,7 @@ jobs: ci: needs: guard if: needs.guard.outputs.has-dockerfile == 'true' - uses: YiAgent/OpenCI/.github/workflows/reusable-ci.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-ci.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ github.sha }} registry: ghcr.io diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 144d35d..3d7ce61 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -15,6 +15,6 @@ concurrency: jobs: deps: - uses: YiAgent/OpenCI/.github/workflows/reusable-deps.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-deps.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: runner: blacksmith-2vcpu-ubuntu-2404 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 551f88a..2ab4d9a 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -27,7 +27,7 @@ concurrency: jobs: docs: - uses: YiAgent/OpenCI/.github/workflows/reusable-docs.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-docs.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: build-cmd: ${{ vars.DOCS_BUILD_CMD || '' }} docs-path: ${{ vars.DOCS_DIR || 'docs' }} diff --git a/.github/workflows/issue-ops.yml b/.github/workflows/issue-ops.yml index 7f2b541..34f3bb8 100644 --- a/.github/workflows/issue-ops.yml +++ b/.github/workflows/issue-ops.yml @@ -39,7 +39,7 @@ jobs: && !contains(github.actor, '[bot]')) || (github.event_name == 'issue_comment' && !contains(github.event.comment.user.login, '[bot]')) - uses: YiAgent/OpenCI/.github/workflows/reusable-issue.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-issue.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: mode: lifecycle runner: blacksmith-2vcpu-ubuntu-2404 @@ -52,7 +52,7 @@ jobs: maintenance: if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.mode == 'maintenance') - uses: YiAgent/OpenCI/.github/workflows/reusable-issue.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-issue.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: mode: maintenance runner: blacksmith-2vcpu-ubuntu-2404 @@ -65,7 +65,7 @@ jobs: manual: if: github.event_name == 'workflow_dispatch' && inputs.mode != 'maintenance' - uses: YiAgent/OpenCI/.github/workflows/reusable-issue.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-issue.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: mode: ${{ inputs.mode }} runner: blacksmith-2vcpu-ubuntu-2404 diff --git a/.github/workflows/on-maintenance.yml b/.github/workflows/on-maintenance.yml index 2fb97b4..b876a89 100644 --- a/.github/workflows/on-maintenance.yml +++ b/.github/workflows/on-maintenance.yml @@ -118,7 +118,7 @@ jobs: if: | !contains(fromJSON('["pr-review","flag-audit"]'), needs.resolve-mode.outputs.mode) - uses: YiAgent/OpenCI/.github/workflows/reusable-maintenance.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-maintenance.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: mode: ${{ needs.resolve-mode.outputs.mode }} openci-ref: ${{ needs.resolve-mode.outputs.openci-ref }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index a31095f..f040a43 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -28,7 +28,7 @@ concurrency: jobs: checks: - uses: YiAgent/OpenCI/.github/workflows/reusable-pr.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-pr.yml@119c3eab2c613bdcc1fbed9b97535f34955defba with: enable-ai-review: true enable-eval: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fcf45f2..8b9e8e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ concurrency: jobs: release: - uses: YiAgent/OpenCI/.github/workflows/reusable-release.yml@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/.github/workflows/reusable-release.yml@119c3eab2c613bdcc1fbed9b97535f34955defba secrets: inherit with: mode: ${{ inputs.mode || 'marketplace' }} diff --git a/.github/workflows/reusable-ci.yml b/.github/workflows/reusable-ci.yml index a4ebd63..1ff00f8 100644 --- a/.github/workflows/reusable-ci.yml +++ b/.github/workflows/reusable-ci.yml @@ -123,7 +123,7 @@ jobs: - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - name: Probe secrets @@ -149,7 +149,7 @@ jobs: - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - id: detect @@ -173,7 +173,7 @@ jobs: - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - id: build @@ -199,7 +199,7 @@ jobs: - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - id: scan @@ -218,7 +218,7 @@ jobs: - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 @@ -261,7 +261,7 @@ jobs: - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - uses: ./.openci/actions/ci/check-migration @@ -280,7 +280,7 @@ jobs: - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - uses: ./.openci/actions/ci/eval-smoke @@ -303,7 +303,7 @@ jobs: persist-credentials: false fetch-depth: 0 # required so git ls-tree can resolve the self-ref SHA - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - name: Install yq @@ -467,7 +467,7 @@ jobs: - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - name: Download ci-context artifact diff --git a/.github/workflows/reusable-pr.yml b/.github/workflows/reusable-pr.yml index 905daa1..00d2eac 100644 --- a/.github/workflows/reusable-pr.yml +++ b/.github/workflows/reusable-pr.yml @@ -96,7 +96,7 @@ jobs: with: persist-credentials: false - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - name: Probe secrets @@ -128,7 +128,7 @@ jobs: with: persist-credentials: false - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - name: Detect (or honour caller override) @@ -414,7 +414,7 @@ jobs: persist-credentials: false fetch-depth: 0 # required so git ls-tree can resolve the self-ref SHA - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: ${{ inputs.openci-ref }} - name: Install yq diff --git a/.github/workflows/reusable-self-test.yml b/.github/workflows/reusable-self-test.yml index 67f2291..2eb02d1 100644 --- a/.github/workflows/reusable-self-test.yml +++ b/.github/workflows/reusable-self-test.yml @@ -70,7 +70,7 @@ jobs: with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: main @@ -187,7 +187,7 @@ jobs: with: { persist-credentials: false } - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: main @@ -210,7 +210,7 @@ jobs: fetch-depth: 0 - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: main @@ -255,7 +255,7 @@ jobs: persist-credentials: false - name: Resolve OpenCI ref and checkout - uses: YiAgent/OpenCI/actions/_common/resolve-openci@34a93579aac0d1682cc65ab8b7c2c9e2d06b0953 + uses: YiAgent/OpenCI/actions/_common/resolve-openci@119c3eab2c613bdcc1fbed9b97535f34955defba with: openci-ref: main diff --git a/manifest.yml b/manifest.yml index 24d6f62..eead0aa 100644 --- a/manifest.yml +++ b/manifest.yml @@ -101,7 +101,7 @@ deps: softprops/action-gh-release: "b4309332981a82ec1c5618f44dd2e27cc8bfbfda" # v3.0.0 # ── Self (OpenCI vendoring itself via remote action reference) ────────── - YiAgent/OpenCI: "f6d93cbfd9e1a8aa63c45830f1f9f499168549e4" # resolve-openci bootstrap + YiAgent/OpenCI: "119c3eab2c613bdcc1fbed9b97535f34955defba" # resolve-openci bootstrap # ───────────────────────────────────────────────────────────────────────────── # Reusable workflow catalog (consumed via `uses: YiAgent/OpenCI/.github/workflows/.yml@`) diff --git a/scripts/bump-self-sha.sh b/scripts/bump-self-sha.sh index 6cfb298..518c213 100755 --- a/scripts/bump-self-sha.sh +++ b/scripts/bump-self-sha.sh @@ -98,12 +98,19 @@ fi perl -pi -e "s|\Q${old_sha}\E|${new_sha}|g" "$MANIFEST" info "Updated manifest.yml" -# ── 5. Update all workflow files that reference the old SHA ────────────────── +# ── 5. Update all YiAgent/OpenCI SHA references ────────────────────────────── +# Instead of searching only for the manifest.yml SHA (which can diverge from +# workflow files), replace ANY YiAgent/OpenCI@<40-char-hex> reference with +# the new SHA. This works even when workflow files have a different old SHA +# than manifest.yml (e.g., after a revert-workflow-files cycle). updated=0 while IFS= read -r -d '' f; do - if grep -q "$old_sha" "$f" 2>/dev/null; then - perl -pi -e "s|\Q${old_sha}\E|${new_sha}|g" "$f" + # Compare checksums to detect if perl actually changed the file. + before=$(shasum -a 256 "$f" 2>/dev/null || true) + perl -pi -e "s|(YiAgent/OpenCI/[^\s@]+)\@[a-f0-9]{40}|\1\@${new_sha}|g" "$f" + after=$(shasum -a 256 "$f" 2>/dev/null || true) + if [ "$before" != "$after" ]; then info "Updated $f" updated=$((updated + 1)) fi @@ -111,5 +118,5 @@ done < <(find "$REPO_ROOT/.github/workflows" "$REPO_ROOT/actions" \ -name "*.yml" -o -name "*.yaml" 2>/dev/null | tr '\n' '\0') echo "" -echo "Done. Updated manifest.yml + $updated workflow file(s) to $new_sha" +echo "Done. Updated manifest.yml + $updated workflow/action file(s) to $new_sha" echo "Stage and commit: git add manifest.yml .github/workflows actions/ && git commit -m 'chore(manifest): bump YiAgent/OpenCI SHA to $new_sha'"