chore: bump AdCP schemas to beta.5 #222
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AI PR Review (Argus) | |
| # Argus is an LLM PR reviewer that posts an `--approve`, `--comment`, or | |
| # `--request-changes` review on every non-dependabot PR. It reads the diff, | |
| # delegates to subagents when relevant (ad-tech-protocol-expert, | |
| # security-reviewer, code-reviewer, python-expert, etc.), and writes the | |
| # review in bokelley's voice. | |
| # | |
| # Reviews are posted as the AAO release/triage GitHub App, so they count | |
| # toward the "1 review required" branch-protection check the same way a | |
| # human approval does. | |
| # | |
| # Required secrets: | |
| # IPR_APP_ID — GitHub App ID (shared with ipr-agreement.yml) | |
| # IPR_APP_PRIVATE_KEY — GitHub App private key PEM (shared with ipr-agreement.yml) | |
| # ANTHROPIC_API_KEY — Anthropic API key for claude-code-action | |
| # | |
| # Ported from adcontextprotocol/adcp's Argus workflow. | |
| on: | |
| pull_request_target: | |
| types: | |
| - opened | |
| - labeled | |
| - ready_for_review | |
| - synchronize | |
| paths-ignore: | |
| - '.github/workflows/ai-review.yml' | |
| - '.github/ai-review/**' | |
| jobs: | |
| code_review: | |
| if: github.actor != 'dependabot[bot]' && github.event.pull_request.draft == false | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| id-token: write | |
| steps: | |
| # pull_request_target runs with base-repo secrets, so keep the | |
| # workspace on trusted base code. Argus reads the untrusted PR via | |
| # GitHub APIs (`gh pr diff/view`) and never checks out or executes it. | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.base.sha }} | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| # ───────────────────────────────────────────────────────────────────── | |
| # Mint an installation token from the AAO release/triage GitHub App. | |
| # Reviews posted with this token appear as the App's bot user and | |
| # count toward branch-protection's required-approvals check. | |
| # ───────────────────────────────────────────────────────────────────── | |
| - name: Mint App token | |
| id: app-token | |
| uses: actions/create-github-app-token@v3 | |
| with: | |
| app-id: ${{ secrets.IPR_APP_ID }} | |
| private-key: ${{ secrets.IPR_APP_PRIVATE_KEY }} | |
| - name: Build Argus review prompt | |
| id: build-prompt | |
| shell: bash | |
| env: | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| PR_BASE_REF: ${{ github.event.pull_request.base.ref }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| set -euo pipefail | |
| PROMPT_BODY="$(cat .github/ai-review/expert-adcp-reviewer.md)" | |
| { | |
| echo 'ARGUS_PROMPT<<ARGUS_EOF' | |
| echo "$PROMPT_BODY" | |
| echo '' | |
| echo '---' | |
| echo '' | |
| echo '## Pre-computed inputs for this PR' | |
| echo '' | |
| echo "- PR_NUMBER: $PR_NUMBER" | |
| echo "- REPO: $REPO" | |
| echo "- PR_BASE_REF: $PR_BASE_REF" | |
| echo 'ARGUS_EOF' | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Run Argus PR Review | |
| id: ai-review | |
| continue-on-error: true | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| prompt: ${{ steps.build-prompt.outputs.ARGUS_PROMPT }} | |
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | |
| github_token: ${{ steps.app-token.outputs.token }} | |
| use_sticky_comment: false | |
| track_progress: false | |
| claude_args: | | |
| --allowedTools "Bash(gh pr view:*),Bash(gh pr diff:*),Bash(gh pr review:*),Bash(gh api:*),Read,Glob,Grep,Task" | |
| --max-turns 60 | |
| --model claude-opus-4-7 | |
| - name: Verify Argus posted a review | |
| id: verify | |
| if: always() && steps.app-token.outcome == 'success' | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| set -euo pipefail | |
| LATEST="$(gh api "/repos/${REPO}/pulls/${PR_NUMBER}/reviews" \ | |
| --jq '[.[] | select(.user.type == "Bot")] | sort_by(.submitted_at) | last // {}')" | |
| STATE="$(echo "$LATEST" | jq -r '.state // ""')" | |
| AUTHOR="$(echo "$LATEST" | jq -r '.user.login // ""')" | |
| SUBMITTED="$(echo "$LATEST" | jq -r '.submitted_at // ""')" | |
| echo "Latest bot review — author: $AUTHOR, state: $STATE, submitted: $SUBMITTED" | |
| if [ -z "$STATE" ]; then | |
| echo "review_posted=false" >> "$GITHUB_OUTPUT" | |
| echo "::warning::No bot review found on PR #$PR_NUMBER" | |
| exit 0 | |
| fi | |
| SUBMITTED_TS="$(date -u -d "$SUBMITTED" +%s 2>/dev/null || date -u -j -f '%Y-%m-%dT%H:%M:%SZ' "$SUBMITTED" +%s)" | |
| NOW_TS="$(date -u +%s)" | |
| if [ $((NOW_TS - SUBMITTED_TS)) -gt 600 ]; then | |
| echo "review_posted=false" >> "$GITHUB_OUTPUT" | |
| echo "::warning::Latest bot review is older than 10 minutes — Argus didn't post in this run" | |
| exit 0 | |
| fi | |
| echo "review_posted=true" >> "$GITHUB_OUTPUT" | |
| echo "review_state=$STATE" >> "$GITHUB_OUTPUT" | |
| - name: Comment on PR if Argus review failed | |
| if: steps.ai-review.outcome == 'failure' || steps.verify.outputs.review_posted != 'true' | |
| uses: actions/github-script@v8 | |
| env: | |
| RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| with: | |
| github-token: ${{ steps.app-token.outputs.token }} | |
| script: | | |
| const runUrl = process.env.RUN_URL; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: `⚠️ **Argus review could not complete**\n\nThe automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final \`gh pr review\`). A human reviewer should take this PR.\n\n[View workflow run](${runUrl})\n\n<sub>This is an automated message from the Argus AI review workflow.</sub>` | |
| }) |