Files
awesome-kubernetes/.github/workflows/agentic_v2_builder.yml
Nubenetes Bot 7d6bfd4f83 fix: resolve workflow YAML syntax and implement security safety reset
- Removed conflictive 'workflows: write' permission.
- Added 'Safety Reset for Workflow Files' step to prevent GHA from trying to self-modify configuration files during the PR sync.
- This ensures the PR will only contain technical metadata and V2 documentation, avoiding permission rejections.
2026-05-21 22:04:54 +02:00

139 lines
4.6 KiB
YAML

name: Nubenetes V2 Agentic Builder
on:
workflow_dispatch:
inputs:
force_full_check:
description: 'Force full re-validation (bypasses cache)'
type: boolean
default: false
force_reevaluate:
description: 'Force AI re-evaluation (ignores cache for tags/years)'
type: boolean
default: false
enrich_metadata:
description: 'Enrich GitHub Metadata (fetch stars/license for V2 logic)'
type: boolean
default: false
push:
branches: [ develop ]
paths:
- 'docs/**'
- 'data/inventory.yaml'
- 'src/v2_optimizer.py'
permissions:
contents: write
pull-requests: write
concurrency:
group: v2-builder-${{ github.ref }}
cancel-in-progress: false
jobs:
build-and-pr:
runs-on: ubuntu-latest
if: |
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'push' &&
github.ref == 'refs/heads/develop' &&
!contains(github.event.head_commit.message, '[skip ci]') &&
!contains(github.event.head_commit.message, 'bot/v2-elite-sync'))
steps:
- name: Repository Synchronization
uses: actions/checkout@v6
with:
ref: develop
fetch-depth: 0
- name: Python 3.11 Environment Provisioning
uses: actions/setup-python@v6
with:
python-version: '3.11'
cache: 'pip'
- name: Restore Incremental Inventory Cache (Mandate 22)
uses: actions/cache/restore@v4
id: inventory-cache-restore
with:
path: data/inventory.yaml
key: inventory-v2-${{ github.run_id }}-${{ github.run_attempt }}
restore-keys: |
inventory-v2-
- name: Installation of Dependencies
run: |
python -m pip install --upgrade pip
pip install --no-cache-dir pydantic PyGithub httpx fake-useragent pytz python-dotenv pyyaml tenacity
- name: Run V2 Agentic Optimizer (Sequential Fast-Track)
env:
GEMINI_API_KEY_1: ${{ secrets.GEMINI_API_KEY_1 }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
FORCE_FULL_CHECK: ${{ github.event.inputs.force_full_check || 'false' }}
FORCE_EVAL: ${{ github.event.inputs.force_reevaluate || 'false' }}
ENRICH_METADATA: ${{ github.event.inputs.enrich_metadata || 'false' }}
PYTHONPATH: .
PYTHONUNBUFFERED: "1"
run: |
python -u src/v2_optimizer.py
if [ -f v2_safety_report.md ]; then
cat v2_safety_report.md >> pr_description.md
else
echo "No safety report generated." > pr_description.md
fi
- name: Consolidate README Metrics (Integrated)
env:
PYTHONPATH: .
run: |
python src/readme_updater.py
python src/safety_readme.py
- name: Safety Reset for Workflow Files (Security)
run: |
# Prevent security rejection by ensuring no workflow YAMLs are part of the PR
git checkout HEAD -- .github/workflows/
- name: Create Pull Request for V2 Elite Update
id: cpr
uses: peter-evans/create-pull-request@v8
with:
branch: bot/v2-elite-sync
base: develop
title: "V2 Elite: Agentic Optimization Sync (2026)"
body-path: pr_description.md
commit-message: "feat: sync V2 elite curated edition and README metrics [skip ci]"
labels: "v2-elite, agentic-sync"
- name: Post Supplementary Architecture Audit (Comment)
if: steps.cpr.outputs.pull-request-number != ''
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ steps.cpr.outputs.pull-request-number }}
run: |
if [ -f v2_file_audit.md ]; then
gh pr comment $PR_NUMBER --body-file v2_file_audit.md
fi
- name: Post Elite Decision Matrix (Comment)
if: steps.cpr.outputs.pull-request-number != ''
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ steps.cpr.outputs.pull-request-number }}
run: |
if [ -f v2_decision_matrix.md ]; then
# Split decision matrix if too large for a single comment (approx 60k chars)
split -b 60000 v2_decision_matrix.md matrix_part_
for part in matrix_part_*; do
gh pr comment $PR_NUMBER --body-file $part
done
fi
- name: Persist Incremental Inventory to Cache (Always)
if: always()
uses: actions/cache/save@v4
with:
path: data/inventory.yaml
key: inventory-v2-${{ github.run_id }}-${{ github.run_attempt }}