mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-06-27 11:22:03 +00:00
05c896cf52
ci: centralize path-gating behind single orchestrator + all-checks-pass gate Replace the scattered per-workflow detect-changes pattern with a single ci.yml orchestrator that runs the classifier once, then conditionally calls sub-workflows via workflow_call based on lane outputs. A final all-checks-pass job (if: always()) aggregates all results so branch protection only needs to require one check. Changes: - New .github/workflows/ci.yml orchestrator (detect + conditional calls + all-checks-pass gate) - Extend classify_changes.py with scan/deps/mcp_catalog lanes, absorbing supply-chain-audit's internal changes job - Update detect-changes/action.yml to expose the new lane outputs - Convert all 10 PR-gated sub-workflows to workflow_call-only triggers, removing their push/pull_request triggers and per-step detect-changes guards (gating now happens at the orchestrator level) - lint.yml + supply-chain-audit.yml receive event_name as a workflow_call input to replace github.event_name (which is "workflow_call" inside called workflows) - supply-chain-audit.yml: remove internal changes job + *-gate jobs (orchestrator handles gating, booleans arrive as inputs) - contributor-check.yml: remove internal filter step - Update test_classify_changes.py for 6-lane output + new supply-chain test cases
67 lines
2.3 KiB
YAML
67 lines
2.3 KiB
YAML
name: Contributor Attribution Check
|
|
|
|
on:
|
|
workflow_call:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
check-attribution:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0 # Full history needed for git log
|
|
|
|
- name: Check for unmapped contributor emails
|
|
run: |
|
|
# Get the merge base between this PR and main
|
|
MERGE_BASE=$(git merge-base origin/main HEAD)
|
|
|
|
# Find any new author emails in this PR's commits
|
|
NEW_EMAILS=$(git log ${MERGE_BASE}..HEAD --format='%ae' --no-merges | sort -u)
|
|
|
|
if [ -z "$NEW_EMAILS" ]; then
|
|
echo "No new commits to check."
|
|
exit 0
|
|
fi
|
|
|
|
# Check each email against AUTHOR_MAP in release.py
|
|
MISSING=""
|
|
while IFS= read -r email; do
|
|
# Skip teknium and bot emails
|
|
case "$email" in
|
|
*teknium*|*noreply@github.com*|*dependabot*|*github-actions*|*anthropic.com*|*cursor.com*)
|
|
continue ;;
|
|
esac
|
|
|
|
# Check if email is in AUTHOR_MAP (either as a key or matches noreply pattern)
|
|
if echo "$email" | grep -qP '\+.*@users\.noreply\.github\.com'; then
|
|
continue # GitHub noreply emails auto-resolve
|
|
fi
|
|
|
|
if ! grep -qF "\"${email}\"" scripts/release.py 2>/dev/null; then
|
|
AUTHOR=$(git log --author="$email" --format='%an' -1)
|
|
MISSING="${MISSING}\n ${email} (${AUTHOR})"
|
|
fi
|
|
done <<< "$NEW_EMAILS"
|
|
|
|
if [ -n "$MISSING" ]; then
|
|
echo ""
|
|
echo "⚠️ New contributor email(s) not in AUTHOR_MAP:"
|
|
echo -e "$MISSING"
|
|
echo ""
|
|
echo "Please add mappings to scripts/release.py AUTHOR_MAP:"
|
|
echo -e "$MISSING" | while read -r line; do
|
|
email=$(echo "$line" | sed 's/^ *//' | cut -d' ' -f1)
|
|
[ -z "$email" ] && continue
|
|
echo " \"${email}\": \"<github-username>\","
|
|
done
|
|
echo ""
|
|
echo "To find the GitHub username for an email:"
|
|
echo " gh api 'search/users?q=EMAIL+in:email' --jq '.items[0].login'"
|
|
exit 1
|
|
else
|
|
echo "✅ All contributor emails are mapped in AUTHOR_MAP."
|
|
fi
|