mirror of
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
synced 2026-02-12 07:36:35 +00:00
Compare commits
3 Commits
chack-test
...
fix/system
| Author | SHA1 | Date | |
|---|---|---|---|
|
2113c7bf38 | ||
|
|
5ca4115a6b | ||
|
|
c5a77725db |
@@ -1,4 +1,4 @@
|
||||
name: CI-master Failure Chack-Agent PR
|
||||
name: CI-master Failure Codex PR
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
@@ -6,7 +6,7 @@ on:
|
||||
types: [completed]
|
||||
|
||||
jobs:
|
||||
chack_agent_fix_master_failure:
|
||||
codex_fix_master_failure:
|
||||
if: >
|
||||
${{ github.event.workflow_run.conclusion == 'failure' &&
|
||||
github.event.workflow_run.head_branch == 'master' &&
|
||||
@@ -19,8 +19,7 @@ jobs:
|
||||
actions: read
|
||||
env:
|
||||
TARGET_BRANCH: master
|
||||
FIX_BRANCH: chack-agent/ci-master-fix-${{ github.event.workflow_run.id }}
|
||||
CHACK_LOGS_HTTP_URL: ${{ secrets.CHACK_LOGS_HTTP_URL }}
|
||||
FIX_BRANCH: codex/ci-master-fix-${{ github.event.workflow_run.id }}
|
||||
steps:
|
||||
- name: Checkout failing commit
|
||||
uses: actions/checkout@v5
|
||||
@@ -28,12 +27,12 @@ jobs:
|
||||
ref: ${{ github.event.workflow_run.head_sha }}
|
||||
fetch-depth: 0
|
||||
persist-credentials: true
|
||||
token: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
|
||||
token: ${{ secrets.CODEX_FIXER_TOKEN }}
|
||||
|
||||
- name: Configure git author
|
||||
run: |
|
||||
git config user.name "chack-agent"
|
||||
git config user.email "chack-agent@users.noreply.github.com"
|
||||
git config user.name "codex-action"
|
||||
git config user.email "codex-action@users.noreply.github.com"
|
||||
|
||||
- name: Create fix branch
|
||||
run: git checkout -b "$FIX_BRANCH"
|
||||
@@ -43,7 +42,7 @@ jobs:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
RUN_ID: ${{ github.event.workflow_run.id }}
|
||||
run: |
|
||||
failed_logs_file="$(pwd)/chack_failed_steps_logs.txt"
|
||||
failed_logs_file="$(pwd)/codex_failed_steps_logs.txt"
|
||||
if gh run view "$RUN_ID" --repo "${{ github.repository }}" --log-failed > "$failed_logs_file"; then
|
||||
if [ ! -s "$failed_logs_file" ]; then
|
||||
echo "No failed step logs were returned by gh run view --log-failed." > "$failed_logs_file"
|
||||
@@ -71,11 +70,11 @@ jobs:
|
||||
lines.append("")
|
||||
|
||||
summary = "\n".join(lines).strip() or "No failing job details found."
|
||||
with open('chack_failure_summary.txt', 'w') as handle:
|
||||
with open('codex_failure_summary.txt', 'w') as handle:
|
||||
handle.write(summary)
|
||||
PY
|
||||
|
||||
- name: Create Chack Agent prompt
|
||||
- name: Create Codex prompt
|
||||
env:
|
||||
RUN_URL: ${{ github.event.workflow_run.html_url }}
|
||||
HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
|
||||
@@ -87,7 +86,7 @@ jobs:
|
||||
echo "The target branch for the final PR is: ${TARGET_BRANCH}"
|
||||
echo ""
|
||||
echo "Failure summary:"
|
||||
cat chack_failure_summary.txt
|
||||
cat codex_failure_summary.txt
|
||||
echo ""
|
||||
echo "Failed-step logs file absolute path (local runner): ${FAILED_LOGS_PATH}"
|
||||
echo "Read that file to inspect the exact failing logs."
|
||||
@@ -95,24 +94,71 @@ jobs:
|
||||
echo "Please identify the cause, apply an easy, simple and minimal fix, and update files accordingly."
|
||||
echo "Run any fast checks you can locally (no network)."
|
||||
echo "Leave the repo in a state ready to commit; changes will be committed and pushed automatically."
|
||||
} > chack_prompt.txt
|
||||
} > codex_prompt.txt
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.11"
|
||||
|
||||
- name: Install chack-agent
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
python -m pip install -e chack-agent
|
||||
|
||||
- name: Run Chack Agent
|
||||
id: run_chack
|
||||
uses: carlospolop/chack-agent@master
|
||||
with:
|
||||
provider: openrouter
|
||||
model_primary: CHEAP_BUT_QUALITY
|
||||
main_action: peass-ng
|
||||
sub_action: CI-master Failure Chack-Agent PR
|
||||
system_prompt: |
|
||||
Diagnose the failing gh actions workflow, propose the minimal and effective safe fix, and implement it.
|
||||
Run only fast, local checks (no network). Leave the repo ready to commit.
|
||||
prompt_file: chack_prompt.txt
|
||||
tools_config_json: "{\"exec_enabled\": true}"
|
||||
session_config_json: "{\"long_term_memory_enabled\": false}"
|
||||
agent_config_json: "{\"self_critique_enabled\": false, \"require_task_list_init_first\": true}"
|
||||
openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
|
||||
id: run_codex
|
||||
env:
|
||||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
||||
INPUT_PROVIDER: openai
|
||||
INPUT_MODEL_PRIMARY: gpt-5.2-codex
|
||||
INPUT_SYSTEM_PROMPT: You are an advanced research agent.
|
||||
run: |
|
||||
python - <<'PY' > chack_output.txt
|
||||
import os
|
||||
from chack_agent import (
|
||||
Chack,
|
||||
ChackConfig,
|
||||
ModelConfig,
|
||||
AgentConfig,
|
||||
SessionConfig,
|
||||
ToolsConfig,
|
||||
CredentialsConfig,
|
||||
LoggingConfig,
|
||||
)
|
||||
|
||||
with open("codex_prompt.txt", "r", encoding="utf-8") as handle:
|
||||
user_prompt = handle.read()
|
||||
|
||||
config = ChackConfig(
|
||||
model=ModelConfig(
|
||||
primary=os.environ.get("INPUT_MODEL_PRIMARY", "gpt-5.2-codex"),
|
||||
provider=os.environ.get("INPUT_PROVIDER", "openai"),
|
||||
),
|
||||
agent=AgentConfig(
|
||||
main_action="github_action",
|
||||
sub_action="run",
|
||||
),
|
||||
session=SessionConfig(),
|
||||
tools=ToolsConfig(exec_enabled=True),
|
||||
credentials=CredentialsConfig(
|
||||
openai_api_key=os.environ.get("OPENAI_API_KEY", ""),
|
||||
),
|
||||
logging=LoggingConfig(level="INFO"),
|
||||
system_prompt=os.environ.get("INPUT_SYSTEM_PROMPT", "You are an advanced research agent."),
|
||||
env={},
|
||||
)
|
||||
|
||||
agent = Chack(config)
|
||||
result = agent.run(session_id="github-action", text=user_prompt)
|
||||
print(result.output)
|
||||
PY
|
||||
|
||||
{
|
||||
echo "final-message<<EOF"
|
||||
cat chack_output.txt
|
||||
echo "EOF"
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Commit and push fix branch if changed
|
||||
id: push_fix
|
||||
@@ -123,51 +169,33 @@ jobs:
|
||||
exit 0
|
||||
fi
|
||||
|
||||
rm -f chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
|
||||
rm -f codex_failure_summary.txt codex_prompt.txt codex_failed_steps_logs.txt chack_output.txt
|
||||
git add -A
|
||||
# Avoid workflow-file pushes with token scopes that cannot write workflows.
|
||||
git reset -- .github/workflows || true
|
||||
git checkout -- .github/workflows || true
|
||||
git clean -fdx -- .github/workflows || true
|
||||
git reset -- chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
|
||||
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
|
||||
echo "Workflow-file changes are still staged; skipping push without workflows permission."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
if git diff --cached --quiet; then
|
||||
echo "No committable changes left after filtering."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
git reset -- codex_failure_summary.txt codex_prompt.txt codex_failed_steps_logs.txt chack_output.txt
|
||||
git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
|
||||
if ! git push origin HEAD:"$FIX_BRANCH"; then
|
||||
echo "Push failed (likely token workflow permission limits); skipping PR creation."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
git push origin HEAD:"$FIX_BRANCH"
|
||||
echo "pushed=true" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Create PR to master
|
||||
if: ${{ steps.push_fix.outputs.pushed == 'true' }}
|
||||
id: create_pr
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
|
||||
GH_TOKEN: ${{ secrets.CODEX_FIXER_TOKEN }}
|
||||
RUN_URL: ${{ github.event.workflow_run.html_url }}
|
||||
run: |
|
||||
pr_url=$(gh pr create \
|
||||
--title "Fix CI-master_test failure (run #${{ github.event.workflow_run.id }})" \
|
||||
--body "Automated Chack Agent fix for failing CI-master_test run: ${RUN_URL}" \
|
||||
--body "Automated Codex fix for failing CI-master_test run: ${RUN_URL}" \
|
||||
--base "$TARGET_BRANCH" \
|
||||
--head "$FIX_BRANCH")
|
||||
echo "url=$pr_url" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Comment on created PR with Chack Agent result
|
||||
if: ${{ steps.push_fix.outputs.pushed == 'true' && steps.run_chack.outputs.final-message != '' }}
|
||||
- name: Comment on created PR with Codex result
|
||||
if: ${{ steps.push_fix.outputs.pushed == 'true' && steps.run_codex.outputs.final-message != '' }}
|
||||
uses: actions/github-script@v7
|
||||
env:
|
||||
PR_URL: ${{ steps.create_pr.outputs.url }}
|
||||
CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
|
||||
CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
|
||||
with:
|
||||
github-token: ${{ github.token }}
|
||||
script: |
|
||||
@@ -181,5 +209,5 @@ jobs:
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: Number(match[1]),
|
||||
body: process.env.CHACK_MESSAGE,
|
||||
body: process.env.CODEX_MESSAGE,
|
||||
});
|
||||
@@ -1,4 +1,4 @@
|
||||
name: Chack-Agent PR Triage
|
||||
name: Codex PR Triage
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
@@ -6,14 +6,12 @@ on:
|
||||
types: [completed]
|
||||
|
||||
jobs:
|
||||
chack_agent_triage:
|
||||
codex_triage:
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
pull-requests: write
|
||||
env:
|
||||
CHACK_LOGS_HTTP_URL: ${{ secrets.CHACK_LOGS_HTTP_URL }}
|
||||
outputs:
|
||||
should_run: ${{ steps.gate.outputs.should_run }}
|
||||
pr_number: ${{ steps.gate.outputs.pr_number }}
|
||||
@@ -82,70 +80,110 @@ jobs:
|
||||
${{ steps.gate.outputs.base_ref }} \
|
||||
+refs/pull/${{ steps.gate.outputs.pr_number }}/head
|
||||
|
||||
- name: Run Chack Agent
|
||||
id: run_chack
|
||||
- name: Set up Python
|
||||
if: ${{ steps.gate.outputs.should_run == 'true' }}
|
||||
uses: carlospolop/chack-agent@master
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
provider: openrouter
|
||||
model_primary: CHEAP_BUT_QUALITY
|
||||
main_action: peass-ng
|
||||
sub_action: Chack-Agent PR Triage
|
||||
system_prompt: |
|
||||
You are Chack Agent, an elite PR reviewer for PEASS-ng.
|
||||
Be conservative: merge only if changes are simple, safe, and valuable accoding to the uers give guidelines.
|
||||
If in doubt, comment with clear questions or concerns.
|
||||
Remember taht you are an autonomouts agent, use the exec tool to run the needed commands to list, read, analyze, modify, test...
|
||||
tools_config_json: "{\"exec_enabled\": true}"
|
||||
session_config_json: "{\"long_term_memory_enabled\": false}"
|
||||
agent_config_json: "{\"self_critique_enabled\": false, \"require_task_list_init_first\": true}"
|
||||
output_schema_file: .github/chack-agent/pr-merge-schema.json
|
||||
user_prompt: |
|
||||
You are reviewing PR #${{ steps.gate.outputs.pr_number }} for ${{ github.repository }}.
|
||||
python-version: "3.11"
|
||||
|
||||
Decide whether to merge or comment. Merge only if all of the following are true:
|
||||
- Changes are simple and safe (no DoS, no long operations, no backdoors).
|
||||
- Changes follow common PEASS syntax and style without breaking anything and add useful checks or value.
|
||||
- Changes simplify code or add new useful checks without breaking anything.
|
||||
- name: Install chack-agent
|
||||
if: ${{ steps.gate.outputs.should_run == 'true' }}
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
python -m pip install -e chack-agent
|
||||
|
||||
If you don't have any doubts, and all the previous conditions are met, decide to merge.
|
||||
If you have serious doubts, choose "comment" and include your doubts or questions.
|
||||
If you decide to merge, include a short rationale.
|
||||
- name: Run Chack Agent
|
||||
id: run_codex
|
||||
if: ${{ steps.gate.outputs.should_run == 'true' }}
|
||||
env:
|
||||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
||||
INPUT_PROVIDER: openai
|
||||
INPUT_MODEL_PRIMARY: gpt-5.2-codex
|
||||
INPUT_SYSTEM_PROMPT: You are an advanced research agent.
|
||||
run: |
|
||||
cat <<'EOF' > chack_prompt.txt
|
||||
You are reviewing PR #${{ steps.gate.outputs.pr_number }} for ${{ github.repository }}.
|
||||
|
||||
Pull request title and body:
|
||||
----
|
||||
${{ steps.gate.outputs.pr_title }}
|
||||
${{ steps.gate.outputs.pr_body }}
|
||||
Decide whether to merge or comment. Merge only if all of the following are true:
|
||||
- Changes are simple and safe (no DoS, no long operations, no backdoors).
|
||||
- Changes follow common PEASS syntax and style without breaking anything and add useful checks or value.
|
||||
- Changes simplify code or add new useful checks without breaking anything.
|
||||
|
||||
Review ONLY the changes introduced by the PR:
|
||||
git log --oneline ${{ steps.gate.outputs.base_sha }}...${{ steps.gate.outputs.head_sha }}
|
||||
If you don't have any doubts, and all the previous conditions are met, decide to merge.
|
||||
If you have serious doubts, choose "comment" and include your doubts or questions.
|
||||
If you decide to merge, include a short rationale.
|
||||
|
||||
Output JSON only, following the provided schema:
|
||||
.github/chack-agent/pr-merge-schema.json
|
||||
openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
|
||||
Pull request title and body:
|
||||
----
|
||||
${{ steps.gate.outputs.pr_title }}
|
||||
${{ steps.gate.outputs.pr_body }}
|
||||
|
||||
- name: Parse Chack Agent decision
|
||||
Review ONLY the changes introduced by the PR:
|
||||
git log --oneline ${{ steps.gate.outputs.base_sha }}...${{ steps.gate.outputs.head_sha }}
|
||||
|
||||
Output JSON only, following the provided schema:
|
||||
.github/codex/pr-merge-schema.json
|
||||
EOF
|
||||
|
||||
python - <<'PY' > chack_output.txt
|
||||
import os
|
||||
from chack_agent import (
|
||||
Chack,
|
||||
ChackConfig,
|
||||
ModelConfig,
|
||||
AgentConfig,
|
||||
SessionConfig,
|
||||
ToolsConfig,
|
||||
CredentialsConfig,
|
||||
LoggingConfig,
|
||||
)
|
||||
|
||||
with open("chack_prompt.txt", "r", encoding="utf-8") as handle:
|
||||
user_prompt = handle.read()
|
||||
|
||||
config = ChackConfig(
|
||||
model=ModelConfig(
|
||||
primary=os.environ.get("INPUT_MODEL_PRIMARY", "gpt-5.2-codex"),
|
||||
provider=os.environ.get("INPUT_PROVIDER", "openai"),
|
||||
),
|
||||
agent=AgentConfig(
|
||||
main_action="github_action",
|
||||
sub_action="run",
|
||||
),
|
||||
session=SessionConfig(),
|
||||
tools=ToolsConfig(exec_enabled=True),
|
||||
credentials=CredentialsConfig(
|
||||
openai_api_key=os.environ.get("OPENAI_API_KEY", ""),
|
||||
),
|
||||
logging=LoggingConfig(level="INFO"),
|
||||
system_prompt=os.environ.get("INPUT_SYSTEM_PROMPT", "You are an advanced research agent."),
|
||||
env={},
|
||||
)
|
||||
|
||||
agent = Chack(config)
|
||||
result = agent.run(session_id="github-action", text=user_prompt)
|
||||
print(result.output)
|
||||
PY
|
||||
|
||||
{
|
||||
echo "final-message<<EOF"
|
||||
cat chack_output.txt
|
||||
echo "EOF"
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Parse Codex decision
|
||||
id: parse
|
||||
if: ${{ steps.gate.outputs.should_run == 'true' }}
|
||||
env:
|
||||
CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
|
||||
CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
|
||||
run: |
|
||||
python3 - <<'PY'
|
||||
import json
|
||||
import os
|
||||
|
||||
raw = (os.environ.get('CHACK_MESSAGE', '') or '').strip()
|
||||
decision = 'comment'
|
||||
message = 'Chack Agent did not provide details.'
|
||||
try:
|
||||
data = json.loads(raw or '{}')
|
||||
if isinstance(data, dict):
|
||||
decision = data.get('decision', 'comment')
|
||||
message = data.get('message', '').strip() or message
|
||||
else:
|
||||
message = raw or message
|
||||
except Exception:
|
||||
message = raw or message
|
||||
data = json.loads(os.environ.get('CODEX_MESSAGE', '') or '{}')
|
||||
decision = data.get('decision', 'comment')
|
||||
message = data.get('message', '').strip() or 'Codex did not provide details.'
|
||||
with open(os.environ['GITHUB_OUTPUT'], 'a') as handle:
|
||||
handle.write(f"decision={decision}\n")
|
||||
handle.write("message<<EOF\n")
|
||||
@@ -155,31 +193,31 @@ jobs:
|
||||
|
||||
merge_or_comment:
|
||||
runs-on: ubuntu-latest
|
||||
needs: chack_agent_triage
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' && needs.chack_agent_triage.outputs.should_run == 'true' && needs.chack_agent_triage.outputs.decision != '' }}
|
||||
needs: codex_triage
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' && needs.codex_triage.outputs.should_run == 'true' && needs.codex_triage.outputs.decision != '' }}
|
||||
permissions:
|
||||
contents: write
|
||||
pull-requests: write
|
||||
steps:
|
||||
- name: Merge PR when approved
|
||||
if: ${{ needs.chack_agent_triage.outputs.decision == 'merge' }}
|
||||
if: ${{ needs.codex_triage.outputs.decision == 'merge' }}
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
PR_NUMBER: ${{ needs.chack_agent_triage.outputs.pr_number }}
|
||||
PR_NUMBER: ${{ needs.codex_triage.outputs.pr_number }}
|
||||
run: |
|
||||
gh api \
|
||||
-X PUT \
|
||||
-H "Accept: application/vnd.github+json" \
|
||||
/repos/${{ github.repository }}/pulls/${PR_NUMBER}/merge \
|
||||
-f merge_method=squash \
|
||||
-f commit_title="Auto-merge PR #${PR_NUMBER} (Chack Agent)"
|
||||
-f commit_title="Auto-merge PR #${PR_NUMBER} (Codex)"
|
||||
|
||||
- name: Comment with doubts
|
||||
if: ${{ needs.chack_agent_triage.outputs.decision == 'comment' }}
|
||||
if: ${{ needs.codex_triage.outputs.decision == 'comment' }}
|
||||
uses: actions/github-script@v7
|
||||
env:
|
||||
PR_NUMBER: ${{ needs.chack_agent_triage.outputs.pr_number }}
|
||||
CHACK_MESSAGE: ${{ needs.chack_agent_triage.outputs.message }}
|
||||
PR_NUMBER: ${{ needs.codex_triage.outputs.pr_number }}
|
||||
CODEX_MESSAGE: ${{ needs.codex_triage.outputs.message }}
|
||||
with:
|
||||
github-token: ${{ github.token }}
|
||||
script: |
|
||||
@@ -187,5 +225,5 @@ jobs:
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: Number(process.env.PR_NUMBER),
|
||||
body: process.env.CHACK_MESSAGE,
|
||||
body: process.env.CODEX_MESSAGE,
|
||||
});
|
||||
@@ -1,4 +1,4 @@
|
||||
name: PR Failure Chack-Agent Dispatch
|
||||
name: PR Failure Codex Dispatch
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
@@ -41,8 +41,8 @@ jobs:
|
||||
pr_labels=$(gh api -H "Accept: application/vnd.github+json" \
|
||||
/repos/${{ github.repository }}/issues/${PR_NUMBER} \
|
||||
--jq '.labels[].name')
|
||||
if echo "$pr_labels" | grep -q "^chack-agent-fix-attempted$"; then
|
||||
echo "chack-agent fix already attempted for PR #${PR_NUMBER}; skipping."
|
||||
if echo "$pr_labels" | grep -q "^codex-fix-attempted$"; then
|
||||
echo "codex fix already attempted for PR #${PR_NUMBER}; skipping."
|
||||
should_run=false
|
||||
else
|
||||
should_run=true
|
||||
@@ -55,7 +55,7 @@ jobs:
|
||||
echo "should_run=${should_run}"
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
chack_agent_on_failure:
|
||||
codex_on_failure:
|
||||
needs: resolve_pr_context
|
||||
if: ${{ needs.resolve_pr_context.outputs.author == 'carlospolop' && needs.resolve_pr_context.outputs.should_run == 'true' }}
|
||||
runs-on: ubuntu-latest
|
||||
@@ -64,8 +64,6 @@ jobs:
|
||||
pull-requests: write
|
||||
issues: write
|
||||
actions: read
|
||||
env:
|
||||
CHACK_LOGS_HTTP_URL: ${{ secrets.CHACK_LOGS_HTTP_URL }}
|
||||
steps:
|
||||
- name: Comment on PR with failure info
|
||||
uses: actions/github-script@v7
|
||||
@@ -77,7 +75,7 @@ jobs:
|
||||
github-token: ${{ github.token }}
|
||||
script: |
|
||||
const prNumber = Number(process.env.PR_NUMBER);
|
||||
const body = `PR #${prNumber} had a failing workflow "${process.env.WORKFLOW_NAME}".\n\nRun: ${process.env.RUN_URL}\n\nLaunching Chack Agent to attempt a fix.`;
|
||||
const body = `PR #${prNumber} had a failing workflow "${process.env.WORKFLOW_NAME}".\n\nRun: ${process.env.RUN_URL}\n\nLaunching Codex to attempt a fix.`;
|
||||
await github.rest.issues.createComment({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
@@ -92,7 +90,7 @@ jobs:
|
||||
run: |
|
||||
gh api -X POST -H "Accept: application/vnd.github+json" \
|
||||
/repos/${{ github.repository }}/issues/${PR_NUMBER}/labels \
|
||||
-f labels[]=chack-agent-fix-attempted
|
||||
-f labels[]=codex-fix-attempted
|
||||
|
||||
- name: Checkout PR head
|
||||
uses: actions/checkout@v5
|
||||
@@ -101,12 +99,12 @@ jobs:
|
||||
ref: ${{ github.event.workflow_run.head_sha }}
|
||||
fetch-depth: 0
|
||||
persist-credentials: true
|
||||
token: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
|
||||
token: ${{ secrets.CODEX_FIXER_TOKEN }}
|
||||
|
||||
- name: Configure git author
|
||||
run: |
|
||||
git config user.name "chack-agent"
|
||||
git config user.email "chack-agent@users.noreply.github.com"
|
||||
git config user.name "codex-action"
|
||||
git config user.email "codex-action@users.noreply.github.com"
|
||||
|
||||
- name: Fetch failure summary
|
||||
env:
|
||||
@@ -131,11 +129,11 @@ jobs:
|
||||
lines.append("")
|
||||
|
||||
summary = "\n".join(lines).strip() or "No failing job details found."
|
||||
with open('chack_failure_summary.txt', 'w') as handle:
|
||||
with open('codex_failure_summary.txt', 'w') as handle:
|
||||
handle.write(summary)
|
||||
PY
|
||||
|
||||
- name: Create Chack Agent prompt
|
||||
- name: Create Codex prompt
|
||||
env:
|
||||
PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
|
||||
RUN_URL: ${{ github.event.workflow_run.html_url }}
|
||||
@@ -147,30 +145,76 @@ jobs:
|
||||
echo "The PR branch is: ${HEAD_BRANCH}"
|
||||
echo ""
|
||||
echo "Failure summary:"
|
||||
cat chack_failure_summary.txt
|
||||
cat codex_failure_summary.txt
|
||||
echo ""
|
||||
echo "Please identify the cause, apply a easy, simple and minimal fix, and update files accordingly."
|
||||
echo "Run any fast checks you can locally (no network)."
|
||||
echo "Leave the repo in a state ready to commit as when you finish, it'll be automatically committed and pushed."
|
||||
} > chack_prompt.txt
|
||||
} > codex_prompt.txt
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.11"
|
||||
|
||||
- name: Install chack-agent
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
python -m pip install -e chack-agent
|
||||
|
||||
- name: Run Chack Agent
|
||||
id: run_chack
|
||||
uses: carlospolop/chack-agent@master
|
||||
with:
|
||||
provider: openrouter
|
||||
model_primary: CHEAP_BUT_QUALITY
|
||||
main_action: peass-ng
|
||||
sub_action: PR Failure Chack-Agent Dispatch
|
||||
system_prompt: |
|
||||
You are Chack Agent, an elite CI-fix engineer.
|
||||
Diagnose the failing workflow, propose the minimal safe fix, and implement it.
|
||||
Run only fast, local checks (no network). Leave the repo ready to commit.
|
||||
prompt_file: chack_prompt.txt
|
||||
tools_config_json: "{\"exec_enabled\": true}"
|
||||
session_config_json: "{\"long_term_memory_enabled\": false}"
|
||||
agent_config_json: "{\"self_critique_enabled\": false, \"require_task_list_init_first\": true}"
|
||||
openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
|
||||
id: run_codex
|
||||
env:
|
||||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
||||
INPUT_PROVIDER: openai
|
||||
INPUT_MODEL_PRIMARY: gpt-5.2-codex
|
||||
INPUT_SYSTEM_PROMPT: You are an advanced research agent.
|
||||
run: |
|
||||
python - <<'PY' > chack_output.txt
|
||||
import os
|
||||
from chack_agent import (
|
||||
Chack,
|
||||
ChackConfig,
|
||||
ModelConfig,
|
||||
AgentConfig,
|
||||
SessionConfig,
|
||||
ToolsConfig,
|
||||
CredentialsConfig,
|
||||
LoggingConfig,
|
||||
)
|
||||
|
||||
with open("codex_prompt.txt", "r", encoding="utf-8") as handle:
|
||||
user_prompt = handle.read()
|
||||
|
||||
config = ChackConfig(
|
||||
model=ModelConfig(
|
||||
primary=os.environ.get("INPUT_MODEL_PRIMARY", "gpt-5.2-codex"),
|
||||
provider=os.environ.get("INPUT_PROVIDER", "openai"),
|
||||
),
|
||||
agent=AgentConfig(
|
||||
main_action="github_action",
|
||||
sub_action="run",
|
||||
),
|
||||
session=SessionConfig(),
|
||||
tools=ToolsConfig(exec_enabled=True),
|
||||
credentials=CredentialsConfig(
|
||||
openai_api_key=os.environ.get("OPENAI_API_KEY", ""),
|
||||
),
|
||||
logging=LoggingConfig(level="INFO"),
|
||||
system_prompt=os.environ.get("INPUT_SYSTEM_PROMPT", "You are an advanced research agent."),
|
||||
env={},
|
||||
)
|
||||
|
||||
agent = Chack(config)
|
||||
result = agent.run(session_id="github-action", text=user_prompt)
|
||||
print(result.output)
|
||||
PY
|
||||
|
||||
{
|
||||
echo "final-message<<EOF"
|
||||
cat chack_output.txt
|
||||
echo "EOF"
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Commit and push if changed
|
||||
env:
|
||||
@@ -181,33 +225,18 @@ jobs:
|
||||
echo "No changes to commit."
|
||||
exit 0
|
||||
fi
|
||||
rm -f chack_failure_summary.txt chack_prompt.txt
|
||||
rm -f codex_failure_summary.txt codex_prompt.txt chack_output.txt
|
||||
git add -A
|
||||
# Avoid workflow-file pushes with token scopes that cannot write workflows.
|
||||
git reset -- .github/workflows || true
|
||||
git checkout -- .github/workflows || true
|
||||
git clean -fdx -- .github/workflows || true
|
||||
git reset -- chack_failure_summary.txt chack_prompt.txt
|
||||
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
|
||||
echo "Workflow-file changes are still staged; skipping push without workflows permission."
|
||||
exit 0
|
||||
fi
|
||||
if git diff --cached --quiet; then
|
||||
echo "No committable changes left after filtering."
|
||||
exit 0
|
||||
fi
|
||||
git reset -- codex_failure_summary.txt codex_prompt.txt chack_output.txt
|
||||
git commit -m "Fix CI failures for PR #${PR_NUMBER}"
|
||||
if ! git push origin HEAD:${TARGET_BRANCH}; then
|
||||
echo "Push failed (likely token workflow permission limits); leaving run successful without push."
|
||||
exit 0
|
||||
fi
|
||||
git push origin HEAD:${TARGET_BRANCH}
|
||||
|
||||
- name: Comment with Chack Agent result
|
||||
if: ${{ steps.run_chack.outputs.final-message != '' }}
|
||||
- name: Comment with Codex result
|
||||
if: ${{ steps.run_codex.outputs.final-message != '' }}
|
||||
uses: actions/github-script@v7
|
||||
env:
|
||||
PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
|
||||
CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
|
||||
CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
|
||||
with:
|
||||
github-token: ${{ github.token }}
|
||||
script: |
|
||||
@@ -215,5 +244,5 @@ jobs:
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: Number(process.env.PR_NUMBER),
|
||||
body: process.env.CHACK_MESSAGE,
|
||||
body: process.env.CODEX_MESSAGE,
|
||||
});
|
||||
Reference in New Issue
Block a user