[EVI-7]: wire capture-pr into Evidence Action

[riddim-developer-bot]

Summary

• Add first-class capture-pr Action inputs for PR number, plan path, before/after refs, worktree retention, and comment summary mode.
• Default capture-pr runs from pull_request context: repository, PR number, base SHA, head SHA, and token env for gh metadata reads.
• Replace raw artifact-only capture-pr comments with a concise report.md summary and add a copy-paste iOS PR workflow that uploads the output directory.

Reviewer-Boundary: review-only

Verification

• swift build passed.
• swift test passed: 118 tests, 2 skipped, 0 failures.
• actionlint Examples/workflows/*.yml .github/workflows/*.yml passed.
• git diff --check passed.

Notes

• actionlint action.yml Examples/workflows/*.yml .github/workflows/*.yml was attempted, but actionlint only validates workflow files and reports action.yml as missing workflow on and jobs sections. The repo's ActionDefinitionTests validate the composite action manifest instead.

[linear-code]

EVI-7 Wire capture-pr into the Evidence GitHub Action

Context / background

Parent Project: Evidence PR Change Proof MVP (0c4adda0-5d2d-4ee1-b4bd-717499212ec6). Evidence ships as a reusable GitHub Action, so the PR change proof MVP must be runnable in CI without custom shell scaffolding in every consuming repo. The existing action supports subcommands, output directories, artifact counting, and PR comments, but it only lists artifact paths. This issue exposes capture-pr through the action and makes the PR comment useful for before/after evidence.

Acceptance criteria

• action.yml documents capture-pr as a supported subcommand.
• The action accepts explicit inputs for PR evidence use: pr, plan, optional before-ref, optional after-ref, optional keep-worktrees, and optional summary-only unless equivalent coverage through extra-args is intentionally documented.
• The action passes GitHub context defaults to the CLI on pull_request events: repository, PR number, head/base metadata, and token availability where needed.
• The action preserves all existing inputs and outputs for existing subcommands.
• The PR comment for capture-pr includes the report status, before SHA, after SHA, artifact count, and a path/link to report.md; it does not merely list raw file paths.
• The action exposes generated screenshots/videos/report as workflow artifacts through either built-in upload steps or a documented example workflow that uses actions/upload-artifact with the action output directory.
• Example workflows include one copy-pasteable capture-pr-on-pr.yml for iOS PR evidence.
• actionlint action.yml Examples/workflows/*.yml .github/workflows/*.yml passes.
• Swift tests that validate action input wiring are updated.
• Existing web and iOS action examples continue to pass their current tests.

External validation gates

None. Human acceptance for the whole MVP is consolidated in the Project-level human handoff issue.

Out of scope

• Implementing the core capture-pr CLI use case.
• Uploading artifacts to Linear.
• Changing consuming app workflows outside RiddimSoftware/evidence examples.
• Publishing a new marketplace release or tag.

Inputs / dependencies

Blocked by: EVI-6.

Target repository: RiddimSoftware/evidence.

Existing files to inspect:

• action.yml
• Examples/workflows/capture-evidence-on-pr.yml
• Examples/workflows/capture-web-on-pr.yml
• Tests/EvidenceCLIKitTests/ActionDefinitionTests.swift
• Tests/EvidenceCLIKitTests/ExampleWorkflowsTests.swift

The action must continue to work for both iOS and web platform modes. capture-pr MVP is iOS-first; do not break platform: web behavior.

Risks / notes for implementer

• Composite GitHub Actions have constraints around artifact uploads and generated file URLs. If inline artifact links are not reliably available, the PR comment should point to the report path and workflow artifact name rather than pretending the files are public URLs.
• Do not require a token for local CLI usage; token needs apply only to GitHub metadata reads/comments in CI.
• The action currently uses shell word splitting for extra-args; avoid adding quoting-sensitive required behavior through extra-args when first-class inputs are clearer.
• Workflow changes require local actionlint before handoff.

Definition of Done

Done when a consuming repo can use the Evidence GitHub Action to run capture-pr on a pull request, see a useful PR comment, and download the evidence artifact bundle from the workflow run.

Architecture Impact

Adapter-layer change only. The GitHub Action should delegate policy to the CLI and avoid duplicating PR comparison logic in YAML or shell.

Clean Architecture Shape

Use case:

• N/A - this issue wires the existing CapturePullRequestEvidence use case into the GitHub Action adapter.

Entities / value objects:

• N/A - action inputs and outputs only.

Ports:

• N/A - the CLI owns ports; the action invokes the built CLI.

Adapters:

• GitHub Actions composite action.
• GitHub PR comment adapter already present in action.yml shell.

Boundary rule:

• Do not implement revision resolution, capture sequencing, or report generation in action.yml; keep that policy in the CLI.

Catalog update:

• No use-case catalog update required beyond the architecture issue.

Mergeability / change ownership

Single reason to change: expose PR evidence capture through the reusable GitHub Action. Primary code owner: action.yml and example workflows. Expected hot files/modules: action.yml, Examples/workflows/, action definition tests. Sibling collisions: docs/examples issue will also edit examples and README, so sequence this before documentation polish. Conflict risk: medium. Sequencing lane: integration after EVI-6.

Review in Linear

[riddim-reviewer-bot]

ReviewAutonomousPR

• Verdict: approve
• Reviewer boundary: review_only
• Acceptance criteria coverage: covered=9, missing=0, unclear=1

Summary

No blocking issues found. The PR wires capture-pr through the composite action, adds the requested inputs/defaults/comment behavior, documents artifact upload via the new example workflow, and keeps existing tests green.

Actionable findings

• None.

Acceptance criteria coverage

• covered — action.yml documents capture-pr as a supported subcommand.
  • The subcommand input description and README include capture-pr.
  • Actionability: none
  • Evidence: action.yml input description; README action usage section
• covered — The action accepts explicit PR evidence inputs: pr, plan, before-ref, after-ref, keep-worktrees, summary-only.
  • All requested inputs are declared and validated by ActionDefinitionTests.
  • Actionability: none
  • Evidence: action.yml inputs; Tests/EvidenceCLIKitTests/ActionDefinitionTests.swift
• covered — The action passes GitHub context defaults to the CLI on pull_request events.
  • Repository, PR number, base/head SHA, GH_TOKEN, and GITHUB_TOKEN are wired into the run step, with explicit input override support.
  • Actionability: none
  • Evidence: action.yml Run evidence env and capture-pr args
• covered — The action preserves existing inputs and outputs for existing subcommands.
  • Existing public inputs/outputs remain present; swift test passed.
  • Actionability: none
  • Evidence: swift test: 118 tests, 2 skipped, 0 failures
• covered — The PR comment for capture-pr includes report status, before SHA, after SHA, artifact count, and report path/link.
  • The capture-pr comment branch parses report.md and emits the requested summary fields.
  • Actionability: none
  • Evidence: action.yml Comment on PR step; ActionDefinitionTests capture-pr comment assertions
• covered — The action exposes generated screenshots/videos/report as workflow artifacts through upload steps or documented example workflow.
  • The new copy-paste workflow uploads the action output directory with actions/upload-artifact.
  • Actionability: none
  • Evidence: Examples/workflows/capture-pr-on-pr.yml
• covered — Example workflows include one copy-pasteable capture-pr-on-pr.yml for iOS PR evidence.
  • The new macOS pull_request workflow checks out with fetch-depth 0, invokes capture-pr, comments, and uploads artifacts.
  • Actionability: none
  • Evidence: Examples/workflows/capture-pr-on-pr.yml; ExampleWorkflowsTests
• unclear — actionlint action.yml Examples/workflows/.yml .github/workflows/.yml passes.
  • actionlint passes for workflow files, but actionlint treats composite action.yml as a workflow and fails on missing on/jobs. The PR notes document this and the repo uses ActionDefinitionTests for action.yml validation.
  • Actionability: follow_up
  • Evidence: actionlint Examples/workflows/.yml .github/workflows/.yml passed; actionlint action.yml ... fails because action.yml is a composite action manifest
  • Suggested follow-up: Clarify composite-action linting standard for action.yml
• covered — Swift tests that validate action input wiring are updated.
  • New ActionDefinitionTests cover capture-pr inputs, GitHub context defaults, CLI args, token wiring, and comment summary content.
  • Actionability: none
  • Evidence: Tests/EvidenceCLIKitTests/ActionDefinitionTests.swift
• covered — Existing web and iOS action examples continue to pass their current tests.
  • Example workflow tests passed; full Swift suite passed with only pre-existing Node-dependent web integration tests skipped.
  • Actionability: none
  • Evidence: swift test: 118 tests, 2 skipped, 0 failures