From 01acf89d3e7d4b3d4227b308ab5af336f2174f49 Mon Sep 17 00:00:00 2001 From: YiWang24 Date: Sun, 3 May 2026 20:53:21 -0400 Subject: [PATCH 1/2] fix(workflows): replace relative reusable paths with full org/repo refs GitHub Actions does not support the ./ relative path syntax for reusable workflows in subdirectories. Replaced all uses of ./.github/workflows/reusable/*.yml with the full YiAgent/OpenCI/.github/workflows/reusable/*.yml@SHA format, which supports subdirectory paths and is valid per GitHub docs. This fixes the broken workflow names (showing file paths instead of name: field values) and the workflow dispatch failures. --- .github/workflows/agent.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/dependencies.yml | 2 +- .github/workflows/deploy.yml | 4 ++-- .github/workflows/docs.yml | 2 +- .github/workflows/issue-ops.yml | 8 ++++---- .github/workflows/observability.yml | 6 +++--- .github/workflows/on-maintenance.yml | 2 +- .github/workflows/pull-request.yml | 2 +- .github/workflows/release.yml | 2 +- 10 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/agent.yml b/.github/workflows/agent.yml index b016fba..f64eb7d 100644 --- a/.github/workflows/agent.yml +++ b/.github/workflows/agent.yml @@ -40,7 +40,7 @@ concurrency: jobs: agent: - uses: ./.github/workflows/reusable/agent.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/agent.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: task: ${{ inputs.task }} prompt: ${{ inputs.prompt }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cec423a..86cd14b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ concurrency: jobs: ci: - uses: ./.github/workflows/reusable/ci.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/ci.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: openci-ref: ${{ github.sha }} registry: ghcr.io diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 6fe5c6e..57dd8b1 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -15,6 +15,6 @@ concurrency: jobs: deps: - uses: ./.github/workflows/reusable/deps.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/deps.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: runner: blacksmith-32vcpu-ubuntu-2404 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a9062a3..614560c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -33,7 +33,7 @@ jobs: && github.event.workflow_run.name == 'ci' && github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch' && inputs.mode == 'stg') - uses: ./.github/workflows/reusable/stg.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/stg.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: app-name: ${{ vars.APP_NAME || github.event.repository.name }} image-name: ${{ vars.IMAGE_NAME || github.event.repository.name }} @@ -54,7 +54,7 @@ jobs: && github.event.workflow_run.name == 'release' && github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch' && inputs.mode == 'prd') - uses: ./.github/workflows/reusable/prd.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/prd.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: app-name: ${{ vars.APP_NAME || github.event.repository.name }} image-name: ${{ vars.IMAGE_NAME || github.event.repository.name }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 73f16cd..a5d70a0 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -22,7 +22,7 @@ concurrency: jobs: docs: - uses: ./.github/workflows/reusable/docs.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/docs.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: build-cmd: ${{ vars.DOCS_BUILD_CMD || '' }} docs-path: ${{ vars.DOCS_DIR || 'docs' }} diff --git a/.github/workflows/issue-ops.yml b/.github/workflows/issue-ops.yml index 9d12156..94eaab5 100644 --- a/.github/workflows/issue-ops.yml +++ b/.github/workflows/issue-ops.yml @@ -32,7 +32,7 @@ concurrency: jobs: lifecycle: if: github.event_name == 'issues' || github.event_name == 'issue_comment' - uses: ./.github/workflows/reusable/issue.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: mode: lifecycle runner: blacksmith-32vcpu-ubuntu-2404 @@ -46,7 +46,7 @@ jobs: ingest: if: github.event_name == 'repository_dispatch' - uses: ./.github/workflows/reusable/issue.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: mode: ingest runner: blacksmith-32vcpu-ubuntu-2404 @@ -60,7 +60,7 @@ jobs: maintenance: if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.mode == 'maintenance') - uses: ./.github/workflows/reusable/issue.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: mode: maintenance runner: blacksmith-32vcpu-ubuntu-2404 @@ -74,7 +74,7 @@ jobs: manual: if: github.event_name == 'workflow_dispatch' && inputs.mode != 'maintenance' - uses: ./.github/workflows/reusable/issue.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: mode: ${{ inputs.mode }} runner: blacksmith-32vcpu-ubuntu-2404 diff --git a/.github/workflows/observability.yml b/.github/workflows/observability.yml index c3b987f..8b61485 100644 --- a/.github/workflows/observability.yml +++ b/.github/workflows/observability.yml @@ -30,7 +30,7 @@ concurrency: jobs: observe-canary: if: ${{ github.event_name == 'schedule' && github.event.schedule == '*/15 * * * *' }} - uses: ./.github/workflows/reusable/observability.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: mode: canary-watch runner: blacksmith-32vcpu-ubuntu-2404 @@ -38,7 +38,7 @@ jobs: observe-drift: if: ${{ github.event_name == 'schedule' && github.event.schedule == '0 4 * * *' }} - uses: ./.github/workflows/reusable/observability.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: mode: terraform-drift infra-dir: ${{ vars.INFRA_DIR || 'infrastructure' }} @@ -50,7 +50,7 @@ jobs: (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || github.event_name == 'repository_dispatch' || (github.event_name == 'workflow_dispatch' && inputs.mode == 'verify-fix') - uses: ./.github/workflows/reusable/observability.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: mode: verify-fix runner: blacksmith-32vcpu-ubuntu-2404 diff --git a/.github/workflows/on-maintenance.yml b/.github/workflows/on-maintenance.yml index fed01ff..76a3e8d 100644 --- a/.github/workflows/on-maintenance.yml +++ b/.github/workflows/on-maintenance.yml @@ -115,7 +115,7 @@ jobs: if: | !contains(fromJSON('["pr-review","flag-audit"]'), needs.resolve-mode.outputs.mode) - uses: ./.github/workflows/reusable/maintenance.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/maintenance.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: mode: ${{ needs.resolve-mode.outputs.mode }} openci-ref: ${{ needs.resolve-mode.outputs.openci-ref }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index e6d26d4..ea2004e 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -28,7 +28,7 @@ concurrency: jobs: checks: - uses: ./.github/workflows/reusable/pr.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/pr.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: enable-ai-review: true enable-eval: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 75bc1b9..1986939 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ concurrency: jobs: release: - uses: ./.github/workflows/reusable/release.yml + uses: YiAgent/OpenCI/.github/workflows/reusable/release.yml@ebe8fca3260dce68d34d51b74703169e776bc72d with: mode: ${{ inputs.mode || 'both' }} image-name: ${{ vars.IMAGE_NAME || github.event.repository.name }} From 8b21871c00c8a0094b671d9eda74dc1be8a3154c Mon Sep 17 00:00:00 2001 From: YiWang24 Date: Sun, 3 May 2026 20:56:05 -0400 Subject: [PATCH 2/2] fix(workflows): use manifest SHA and update routing tests Switch from HEAD SHA to manifest-pinned SHA d280a64 for all YiAgent/OpenCI reusable workflow references, matching the verify-sha hook requirement. Also update two BATS tests that asserted the old ./ relative path pattern, and suppress a SC2016 false positive where $ is intentional grep BRE syntax. --- .github/workflows/agent.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/dependencies.yml | 2 +- .github/workflows/deploy.yml | 4 ++-- .github/workflows/docs.yml | 2 +- .github/workflows/issue-ops.yml | 8 ++++---- .github/workflows/observability.yml | 6 +++--- .github/workflows/on-maintenance.yml | 2 +- .github/workflows/pull-request.yml | 2 +- .github/workflows/release.yml | 2 +- tests/actions/on-issue-routing.bats | 3 ++- tests/actions/on-pr-routing.bats | 2 +- 12 files changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/workflows/agent.yml b/.github/workflows/agent.yml index f64eb7d..723c0e7 100644 --- a/.github/workflows/agent.yml +++ b/.github/workflows/agent.yml @@ -40,7 +40,7 @@ concurrency: jobs: agent: - uses: YiAgent/OpenCI/.github/workflows/reusable/agent.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/agent.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: task: ${{ inputs.task }} prompt: ${{ inputs.prompt }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 86cd14b..1462a3a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ concurrency: jobs: ci: - uses: YiAgent/OpenCI/.github/workflows/reusable/ci.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/ci.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: openci-ref: ${{ github.sha }} registry: ghcr.io diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 57dd8b1..482fe6b 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -15,6 +15,6 @@ concurrency: jobs: deps: - uses: YiAgent/OpenCI/.github/workflows/reusable/deps.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/deps.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: runner: blacksmith-32vcpu-ubuntu-2404 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 614560c..5e59260 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -33,7 +33,7 @@ jobs: && github.event.workflow_run.name == 'ci' && github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch' && inputs.mode == 'stg') - uses: YiAgent/OpenCI/.github/workflows/reusable/stg.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/stg.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: app-name: ${{ vars.APP_NAME || github.event.repository.name }} image-name: ${{ vars.IMAGE_NAME || github.event.repository.name }} @@ -54,7 +54,7 @@ jobs: && github.event.workflow_run.name == 'release' && github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch' && inputs.mode == 'prd') - uses: YiAgent/OpenCI/.github/workflows/reusable/prd.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/prd.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: app-name: ${{ vars.APP_NAME || github.event.repository.name }} image-name: ${{ vars.IMAGE_NAME || github.event.repository.name }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index a5d70a0..72e859c 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -22,7 +22,7 @@ concurrency: jobs: docs: - uses: YiAgent/OpenCI/.github/workflows/reusable/docs.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/docs.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: build-cmd: ${{ vars.DOCS_BUILD_CMD || '' }} docs-path: ${{ vars.DOCS_DIR || 'docs' }} diff --git a/.github/workflows/issue-ops.yml b/.github/workflows/issue-ops.yml index 94eaab5..66e448d 100644 --- a/.github/workflows/issue-ops.yml +++ b/.github/workflows/issue-ops.yml @@ -32,7 +32,7 @@ concurrency: jobs: lifecycle: if: github.event_name == 'issues' || github.event_name == 'issue_comment' - uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: mode: lifecycle runner: blacksmith-32vcpu-ubuntu-2404 @@ -46,7 +46,7 @@ jobs: ingest: if: github.event_name == 'repository_dispatch' - uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: mode: ingest runner: blacksmith-32vcpu-ubuntu-2404 @@ -60,7 +60,7 @@ jobs: maintenance: if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.mode == 'maintenance') - uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: mode: maintenance runner: blacksmith-32vcpu-ubuntu-2404 @@ -74,7 +74,7 @@ jobs: manual: if: github.event_name == 'workflow_dispatch' && inputs.mode != 'maintenance' - uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: mode: ${{ inputs.mode }} runner: blacksmith-32vcpu-ubuntu-2404 diff --git a/.github/workflows/observability.yml b/.github/workflows/observability.yml index 8b61485..2e6dc0b 100644 --- a/.github/workflows/observability.yml +++ b/.github/workflows/observability.yml @@ -30,7 +30,7 @@ concurrency: jobs: observe-canary: if: ${{ github.event_name == 'schedule' && github.event.schedule == '*/15 * * * *' }} - uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: mode: canary-watch runner: blacksmith-32vcpu-ubuntu-2404 @@ -38,7 +38,7 @@ jobs: observe-drift: if: ${{ github.event_name == 'schedule' && github.event.schedule == '0 4 * * *' }} - uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: mode: terraform-drift infra-dir: ${{ vars.INFRA_DIR || 'infrastructure' }} @@ -50,7 +50,7 @@ jobs: (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || github.event_name == 'repository_dispatch' || (github.event_name == 'workflow_dispatch' && inputs.mode == 'verify-fix') - uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: mode: verify-fix runner: blacksmith-32vcpu-ubuntu-2404 diff --git a/.github/workflows/on-maintenance.yml b/.github/workflows/on-maintenance.yml index 76a3e8d..d363da2 100644 --- a/.github/workflows/on-maintenance.yml +++ b/.github/workflows/on-maintenance.yml @@ -115,7 +115,7 @@ jobs: if: | !contains(fromJSON('["pr-review","flag-audit"]'), needs.resolve-mode.outputs.mode) - uses: YiAgent/OpenCI/.github/workflows/reusable/maintenance.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/maintenance.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: mode: ${{ needs.resolve-mode.outputs.mode }} openci-ref: ${{ needs.resolve-mode.outputs.openci-ref }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index ea2004e..90fc0ab 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -28,7 +28,7 @@ concurrency: jobs: checks: - uses: YiAgent/OpenCI/.github/workflows/reusable/pr.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/pr.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: enable-ai-review: true enable-eval: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1986939..5be3dab 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ concurrency: jobs: release: - uses: YiAgent/OpenCI/.github/workflows/reusable/release.yml@ebe8fca3260dce68d34d51b74703169e776bc72d + uses: YiAgent/OpenCI/.github/workflows/reusable/release.yml@d280a64a392b7f1a3e906246286ca983e610f920 with: mode: ${{ inputs.mode || 'both' }} image-name: ${{ vars.IMAGE_NAME || github.event.repository.name }} diff --git a/tests/actions/on-issue-routing.bats b/tests/actions/on-issue-routing.bats index b6e5b1a..bb0c145 100644 --- a/tests/actions/on-issue-routing.bats +++ b/tests/actions/on-issue-routing.bats @@ -88,6 +88,7 @@ setup() { } @test "manual job passes the dispatch input mode dynamically" { + # shellcheck disable=SC2016 # \$ is for grep BRE, not shell expansion grep -q 'mode: \${{ inputs.mode }}' "$ENTRY" } @@ -97,7 +98,7 @@ setup() { @test "all four jobs call the same reusable workflow reusable/issue.yml" { local count - count=$(grep -c 'uses: \.\/\.github\/workflows\/reusable\/issue\.yml' "$ENTRY") + count=$(grep -c 'uses: YiAgent/OpenCI/.github/workflows/reusable/issue\.yml' "$ENTRY") [ "$count" -eq 4 ] } diff --git a/tests/actions/on-pr-routing.bats b/tests/actions/on-pr-routing.bats index 8454a74..3e77222 100644 --- a/tests/actions/on-pr-routing.bats +++ b/tests/actions/on-pr-routing.bats @@ -41,7 +41,7 @@ setup() { # --------------------------------------------------------------------------- @test "single checks job calls reusable pr.yml workflow" { - grep -q 'uses: \.\/\.github\/workflows\/reusable\/pr\.yml' "$ENTRY" + grep -q 'uses: YiAgent/OpenCI/.github/workflows/reusable/pr\.yml' "$ENTRY" } @test "checks job enables AI review" {