From 65ddb4ee8eac5052b1200d776ca90ecb65b41201 Mon Sep 17 00:00:00 2001 From: Seungpyo1007 Date: Mon, 1 Jun 2026 18:32:22 +0900 Subject: [PATCH 1/2] feat(ci): notify TechAPI to bump submodule on push to main Add notify-techapi.yml: on every push to main, send a repository_dispatch (engine-updated) to Seungpyo1007/TechAPI so its bump-engine.yml advances the TechEngine submodule pointer to the new commit. Uses the existing TECHAPI_TOKEN (Contents:write is sufficient for the dispatches API). Also rename TECHAPI_PR_TOKEN -> TECHAPI_TOKEN in weekly-ingest.yml to match the actual secret; the mismatch was silently skipping the ingest PR step. coverage-report.yml is left untouched (its issue-posting needs Issues:write, decided separately). --- .github/workflows/notify-techapi.yml | 27 +++++++++++++++++++++++++++ .github/workflows/weekly-ingest.yml | 8 ++++---- 2 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/notify-techapi.yml diff --git a/.github/workflows/notify-techapi.yml b/.github/workflows/notify-techapi.yml new file mode 100644 index 0000000..32450d5 --- /dev/null +++ b/.github/workflows/notify-techapi.yml @@ -0,0 +1,27 @@ +name: notify-techapi + +# On every push to main, ping TechAPI so it bumps its TechEngine submodule +# pointer to the new commit. The bump itself happens in TechAPI's bump-engine.yml +# (triggered by this repository_dispatch); TechEngine only fires the signal. +# +# No loop: TechAPI's bump commit lands in TechAPI, never pushed back here. +# Requires TECHAPI_TOKEN (Contents: write on Seungpyo1007/TechAPI) — already set. +on: + push: + branches: [main] + +permissions: + contents: read + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Dispatch engine-updated to TechAPI + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.TECHAPI_TOKEN }} + repository: Seungpyo1007/TechAPI + event-type: engine-updated + client-payload: | + {"sha": "${{ github.sha }}", "ref": "${{ github.ref }}"} diff --git a/.github/workflows/weekly-ingest.yml b/.github/workflows/weekly-ingest.yml index 5ab6695..bb63928 100644 --- a/.github/workflows/weekly-ingest.yml +++ b/.github/workflows/weekly-ingest.yml @@ -31,7 +31,7 @@ jobs: CATEGORY: ${{ inputs.category || 'cpu' }} LIMIT: ${{ inputs.limit || '50' }} INCLUDE_DRAFTS: ${{ inputs.include_drafts || 'false' }} - TECHAPI_PR_TOKEN: ${{ secrets.TECHAPI_PR_TOKEN }} + TECHAPI_TOKEN: ${{ secrets.TECHAPI_TOKEN }} steps: - uses: actions/checkout@v4 @@ -41,7 +41,7 @@ jobs: with: repository: Seungpyo1007/TechAPI path: TechAPI - token: ${{ secrets.TECHAPI_PR_TOKEN || secrets.GITHUB_TOKEN }} + token: ${{ secrets.TECHAPI_TOKEN || secrets.GITHUB_TOKEN }} - uses: actions/setup-python@v5 with: @@ -112,11 +112,11 @@ jobs: - name: Open PR against TechAPI if: steps.changes.outputs.has_changes == 'true' env: - GH_TOKEN: ${{ secrets.TECHAPI_PR_TOKEN }} + GH_TOKEN: ${{ secrets.TECHAPI_TOKEN }} run: | set -euo pipefail if [ -z "${GH_TOKEN:-}" ]; then - echo "::warning::Ingest produced additions but TECHAPI_PR_TOKEN is unset; skipping PR. Summary attached as artifact." + echo "::warning::Ingest produced additions but TECHAPI_TOKEN is unset; skipping PR. Summary attached as artifact." exit 0 fi cd TechAPI From c7b5a5eba47fb07ba77f5723476465f471d10b4a Mon Sep 17 00:00:00 2001 From: Seungpyo1007 Date: Tue, 2 Jun 2026 01:53:50 +0900 Subject: [PATCH 2/2] feat(ci): post coverage gap issue to both TechEngine and TechAPI Finish the token-name cleanup in coverage-report.yml (TECHAPI_PR_TOKEN -> TECHAPI_TOKEN) and post the sticky coverage issue to BOTH repos: TechEngine via GITHUB_TOKEN (works today) and TechAPI via TECHAPI_TOKEN. The TechAPI post is best-effort and warns instead of failing when the PAT lacks Issues:write, so the weekly run never breaks. --- .github/workflows/coverage-report.yml | 42 ++++++++++++++++++--------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/.github/workflows/coverage-report.yml b/.github/workflows/coverage-report.yml index de4e78c..ff20d83 100644 --- a/.github/workflows/coverage-report.yml +++ b/.github/workflows/coverage-report.yml @@ -41,21 +41,35 @@ jobs: name: coverage-report path: coverage-report.md - # Sticky issue: search for an open issue with the well-known title and - # update it; create one if missing. Defaults to this repo; if a PAT - # scoped to TechAPI is provided as TECHAPI_PR_TOKEN, posts there instead. - - name: Sync sticky coverage issue + # Sticky issue: keep one open issue with the well-known title per repo, + # updating it in place. Posts to BOTH TechEngine (default GITHUB_TOKEN) and + # TechAPI (TECHAPI_TOKEN). The TechAPI post is best-effort: it needs the PAT + # to carry Issues:write, so a missing permission warns instead of failing. + - name: Sync sticky coverage issue (TechEngine + TechAPI) env: - GH_TOKEN: ${{ secrets.TECHAPI_PR_TOKEN || secrets.GITHUB_TOKEN }} - TARGET_REPO: ${{ secrets.TECHAPI_PR_TOKEN && 'Seungpyo1007/TechAPI' || github.repository }} + SELF_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TECHAPI_TOKEN: ${{ secrets.TECHAPI_TOKEN }} run: | - set -euo pipefail + set -uo pipefail TITLE="Coverage gaps (auto-generated)" BODY="$(cat coverage-report.md)" - NUMBER=$(gh issue list --repo "$TARGET_REPO" --state open \ - --search "in:title \"$TITLE\"" --json number --jq '.[0].number // empty') - if [ -z "${NUMBER:-}" ]; then - gh issue create --repo "$TARGET_REPO" --title "$TITLE" --body "$BODY" - else - gh issue edit "$NUMBER" --repo "$TARGET_REPO" --body "$BODY" - fi + sync_issue() { + repo="$1"; token="$2" + if [ -z "$token" ]; then + echo "::warning::no token for $repo; skipping coverage issue" + return 0 + fi + NUMBER=$(GH_TOKEN="$token" gh issue list --repo "$repo" --state open \ + --search "in:title \"$TITLE\"" --json number --jq '.[0].number // empty') || return 1 + if [ -z "${NUMBER:-}" ]; then + GH_TOKEN="$token" gh issue create --repo "$repo" --title "$TITLE" --body "$BODY" + else + GH_TOKEN="$token" gh issue edit "$NUMBER" --repo "$repo" --body "$BODY" + fi + } + # TechEngine: default token has issues:write on this repo. + sync_issue "${{ github.repository }}" "$SELF_TOKEN" \ + || echo "::warning::TechEngine coverage issue sync failed" + # TechAPI: best-effort — requires Issues:write on TECHAPI_TOKEN. + sync_issue "Seungpyo1007/TechAPI" "$TECHAPI_TOKEN" \ + || echo "::warning::TechAPI coverage issue sync failed — TECHAPI_TOKEN likely lacks Issues:write"