YuuMJ1997/clash-verge-rev
1
0
Fork 0
mirror of https://github.com/clash-verge-rev/clash-verge-rev.git synced 2026-04-16 23:40:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow pr ai review on unapproved PRs

Browse Source
This commit is contained in:
Tunglies 2026-03-24 00:19:59 +08:00
parent 670d7bae3b
commit 20aa773339
No known key found for this signature in database
GPG Key ID: B9B01B389469B3E8
2 changed files with 8 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.github/workflows/pr-ai-slop-review.lock.yml generated vendored
View File

@ -24,7 +24,7 @@
# signs of one-shot AI-generated changes, then posts a maintainer-focused # signs of one-shot AI-generated changes, then posts a maintainer-focused
# comment when the risk is high enough to warrant follow-up. # comment when the risk is high enough to warrant follow-up.
# #
# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3d4fd9eaa234e0aad443087c472ec9d7cc64fb0af9698f9acdaa9ced370bf9f5","compiler_version":"v0.62.5","strict":true,"agent_id":"copilot"} # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"0229484736512437359ca62e7d78f88ba090f203e0249982c91a1e04a5512d5a","compiler_version":"v0.62.5","strict":true,"agent_id":"copilot"}
name: "PR AI Slop Review" name: "PR AI Slop Review"
"on": "on":
@ -61,7 +61,7 @@ jobs:
title: ${{ steps.sanitized.outputs.title }} title: ${{ steps.sanitized.outputs.title }}
steps: steps:
- name: Setup Scripts - name: Setup Scripts
uses: github/gh-aw-actions/setup@853312c41e88e0d6f51d0e4e0658f3ad7461366a # v0.62.5 uses: github/gh-aw-actions/setup@dc50be57c94373431b49d3d0927f318ac2bb5c4c # v0.62.5
with: with:
destination: ${{ runner.temp }}/gh-aw/actions destination: ${{ runner.temp }}/gh-aw/actions
- name: Generate agentic run info - name: Generate agentic run info
@ -272,7 +272,7 @@ jobs:
output_types: ${{ steps.collect_output.outputs.output_types }} output_types: ${{ steps.collect_output.outputs.output_types }}
steps: steps:
- name: Setup Scripts - name: Setup Scripts
uses: github/gh-aw-actions/setup@853312c41e88e0d6f51d0e4e0658f3ad7461366a # v0.62.5 uses: github/gh-aw-actions/setup@dc50be57c94373431b49d3d0927f318ac2bb5c4c # v0.62.5
with: with:
destination: ${{ runner.temp }}/gh-aw/actions destination: ${{ runner.temp }}/gh-aw/actions
- name: Set runtime paths - name: Set runtime paths
@ -322,16 +322,6 @@ jobs:
GH_HOST: github.com GH_HOST: github.com
- name: Install AWF binary - name: Install AWF binary
run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.24.5 run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.24.5
- name: Determine automatic lockdown mode for GitHub MCP Server
id: determine-automatic-lockdown
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
env:
GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
with:
script: |
const determineAutomaticLockdown = require('${{ runner.temp }}/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images - name: Download container images
run: bash ${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.24.5 ghcr.io/github/gh-aw-firewall/api-proxy:0.24.5 ghcr.io/github/gh-aw-firewall/squid:0.24.5 ghcr.io/github/gh-aw-mcpg:v0.1.20 ghcr.io/github/github-mcp-server:v0.32.0 node:lts-alpine run: bash ${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.24.5 ghcr.io/github/gh-aw-firewall/api-proxy:0.24.5 ghcr.io/github/gh-aw-firewall/squid:0.24.5 ghcr.io/github/gh-aw-mcpg:v0.1.20 ghcr.io/github/github-mcp-server:v0.32.0 node:lts-alpine
- name: Write Safe Outputs Config - name: Write Safe Outputs Config
@ -477,8 +467,6 @@ jobs:
GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }}
GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }} GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }}
GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }} GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }}
GITHUB_MCP_GUARD_MIN_INTEGRITY: ${{ steps.determine-automatic-lockdown.outputs.min_integrity }}
GITHUB_MCP_GUARD_REPOS: ${{ steps.determine-automatic-lockdown.outputs.repos }}
GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
run: | run: |
set -eo pipefail set -eo pipefail
@ -513,8 +501,8 @@ jobs:
}, },
"guard-policies": { "guard-policies": {
"allow-only": { "allow-only": {
"min-integrity": "$GITHUB_MCP_GUARD_MIN_INTEGRITY", "min-integrity": "unapproved",
"repos": "$GITHUB_MCP_GUARD_REPOS" "repos": "all"
} }
} }
}, },
@ -861,7 +849,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }} total_count: ${{ steps.missing_tool.outputs.total_count }}
steps: steps:
- name: Setup Scripts - name: Setup Scripts
uses: github/gh-aw-actions/setup@853312c41e88e0d6f51d0e4e0658f3ad7461366a # v0.62.5 uses: github/gh-aw-actions/setup@dc50be57c94373431b49d3d0927f318ac2bb5c4c # v0.62.5
with: with:
destination: ${{ runner.temp }}/gh-aw/actions destination: ${{ runner.temp }}/gh-aw/actions
- name: Download agent output artifact - name: Download agent output artifact
@ -972,7 +960,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps: steps:
- name: Setup Scripts - name: Setup Scripts
uses: github/gh-aw-actions/setup@853312c41e88e0d6f51d0e4e0658f3ad7461366a # v0.62.5 uses: github/gh-aw-actions/setup@dc50be57c94373431b49d3d0927f318ac2bb5c4c # v0.62.5
with: with:
destination: ${{ runner.temp }}/gh-aw/actions destination: ${{ runner.temp }}/gh-aw/actions
- name: Download agent output artifact - name: Download agent output artifact

1
.github/workflows/pr-ai-slop-review.md vendored
View File

@ -19,6 +19,7 @@ tools:
github: github:
toolsets: [default] toolsets: [default]
lockdown: false lockdown: false
min-integrity: unapproved
safe-outputs: safe-outputs:
mentions: false mentions: false