Skip to content

chore: Add org workflow callers#16

Merged
rubambiza merged 2 commits into
kagenti:mainfrom
rubambiza:chore/add-workflow-callers
Jun 17, 2026
Merged

chore: Add org workflow callers#16
rubambiza merged 2 commits into
kagenti:mainfrom
rubambiza:chore/add-workflow-callers

Conversation

@rubambiza

@rubambiza rubambiza commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Summary

Replicate the three thin workflow callers from kagenti/kagenti that delegate to org-wide reusable workflows in kagenti/.github:

  • self-assign.yml — issue self-assignment via comment
  • project.yml — add issues/PRs to the Kagenti project board
  • pr-verifier.yml — enforce conventional PR titles

The callers are copied verbatim, with reusable-workflow SHAs pinned identically to the kagenti/kagenti versions. No repo-specific changes.

Addresses the workflow-caller tasks in #14.

Closes #14

Test plan (after merge)

  • Verify pr-verifier runs against new PRs' titles
  • Verify project.yml adds new PRs to the Kagenti project board

Assisted-By: Claude Code

Replicate the thin workflow callers from kagenti/kagenti that delegate
to org-wide reusable workflows in kagenti/.github.

- self-assign.yml: issue self-assignment via comment
- project.yml: add issues/PRs to the Kagenti project board
- pr-verifier.yml: enforce conventional PR titles

SHAs pinned identically to the kagenti/kagenti callers.

Assisted-By: Claude Opus 4.6 <noreply@anthropic.com>

Signed-off-by: Gloire Rubambiza <gloire@ibm.com>
@rubambiza rubambiza self-assigned this Jun 16, 2026
@rubambiza rubambiza added the ready-for-ai-review Request automated AI code review from clawgenti label Jun 16, 2026

@clawgenti clawgenti left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Three thin workflow callers copied verbatim from kagenti/kagenti with reusable-workflow SHAs pinned — straightforward and clean. All checks pass. Ready for human review.


Reviewed by clawgenti using github:pr-review

Comment thread .github/workflows/project.yml Outdated
types: [opened]

permissions:
contents: read

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: The top-level contents: read is redundant — the job-level permissions block overrides it entirely (and already includes contents: read). Consider using permissions: {} at the top level (like pr-verifier.yml does) to make the least-privilege intent explicit.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch — applied permissions: {} at the top level in e48a812. Confirmed the reusable add-to-project.yml declares no permissions, so the caller's job-level block (issues: write, pull-requests: write, contents: read) is the operative least-privilege boundary; the top-level value was a true no-op. Now consistent with pr-verifier.yml.

Comment thread .github/workflows/pr-verifier.yml Outdated
verify-pr-title:
permissions:
pull-requests: read
uses: kagenti/.github/.github/workflows/pr-verifier-required.yml@4e535f2436d167295d39d488ce5c44b5a2d49792

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: The pr-verifier-required.yml SHA (4e535f24…) lacks a date comment. The other two callers include a date comment (e.g. # 2026-05-05). Adding one here aids future auditability.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added # 2026-04-29 in e48a812 (verified commit date of SHA 4e535f24 in kagenti/.github). Now matches the date-comment convention of the other two callers.

- project.yml: top-level permissions: {} instead of redundant
  contents: read (job-level block is the operative least-privilege
  boundary; reusable add-to-project.yml declares no permissions)
- pr-verifier.yml: add # 2026-04-29 date comment to the pinned SHA
  for auditability parity with the other callers

Assisted-By: Claude Opus 4.6 <noreply@anthropic.com>

Signed-off-by: Gloire Rubambiza <gloire@ibm.com>

@clawgenti clawgenti left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Follow-up review on e48a812 — the prior nits (top-level permissions: {} on project.yml, date-comment on pr-verifier SHA) have been addressed cleanly. All checks pass. Ready for human review.


Reviewed by clawgenti using github:pr-review

@rubambiza rubambiza added ready-for-human-review AI review passed, ready for human reviewer and removed ready-for-ai-review Request automated AI code review from clawgenti labels Jun 17, 2026

@pdettori pdettori left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Three thin workflow callers delegating to org-wide reusable workflows.

  • ✅ All reusable workflows pinned to full commit SHA (4e535f2…, 99700eb…) — no floating tags.
  • ✅ Top-level permissions: {} with minimal job-level scopes.
  • project.yml uses secrets: inherit while self-assign.yml scopes to a single ISSUE_ASSIGN_TOKEN. Non-blocking — this matches the verbatim kagenti/kagenti source and the target is an org-owned, SHA-pinned workflow.

DCO passing. LGTM.

Assisted-By: Claude Code

@rubambiza rubambiza merged commit 832dead into kagenti:main Jun 17, 2026
1 check passed
@rubambiza rubambiza deleted the chore/add-workflow-callers branch June 17, 2026 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ready-for-human-review AI review passed, ready for human reviewer

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Replicate CLAUDE.md contribution guidelines and commit-msg hook from kagenti/.github

3 participants