Skip to content

feat: add Avenger hourly CI fixer workflow#34322

Merged
pelikhan merged 2 commits into
mainfrom
copilot/avenger-hourly-agentic-workflow
May 24, 2026
Merged

feat: add Avenger hourly CI fixer workflow#34322
pelikhan merged 2 commits into
mainfrom
copilot/avenger-hourly-agentic-workflow

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 23, 2026
edited
Loading

Adds an hourly Claude-powered agentic workflow ("Avenger") that automatically fixes common mechanical build failures on main and opens a PR with the fixes.

Behavior

  • Early exit: A pre-flight check_ci_status job inspects the last completed CI run on main; the agent job is skipped entirely when CI is green
  • Repair sequence (only when CI is failing):
    1. git merge origin/main — sync with latest main before any changes
    2. make recompile — only when *.md workflow files changed; aborts if >50 files are produced
    3. make fmtmake update-wasm-goldenmake lintmake test-unit
  • Creates a [avenger]-prefixed PR with fixes; expires in 2 days
  • .github/workflows/** is unconditionally excluded from the patch via excluded-files — the directory is branch-protected and must never appear in agent-created PRs

Key config

safe-outputs:
  create-pull-request:
    expires: 2d
    title-prefix: "[avenger] "
    excluded-files:
      - ".github/workflows/**"

Compiled with gh aw compile avenger --approve; new secrets (ANTHROPIC_API_KEY, OTLP endpoints) are the same set used by other Claude+OTLP workflows in this repo.

@pelikhan
feat: add Avenger hourly CI fixer workflow
06d2c93 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI requested a review from pelikhan May 23, 2026 23:59
@pelikhan pelikhan marked this pull request as ready for review May 24, 2026 00:06
Copilot AI review requested due to automatic review settings May 24, 2026 00:06
@pelikhan pelikhan merged commit 928cdd6 into main May 24, 2026
17 of 18 checks passed
@pelikhan pelikhan deleted the copilot/avenger-hourly-agentic-workflow branch May 24, 2026 00:06
Copilot AI reviewed May 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new scheduled Agentic Workflow (“Avenger”) intended to run hourly, detect whether main’s CI is failing, and (only when failing) attempt a standardized repair sequence and open a PR with fixes (with .github/workflows/** excluded via safe-outputs).

Changes:

  • Introduces avenger.md workflow definition with an early-exit check_ci_status gate and a prescribed repair/runbook for the agent.
  • Adds the compiled GitHub Actions workflow avenger.lock.yml (safe-outputs PR creation, OTLP wiring, agent execution, threat detection, and conclusion handling).
Show a summary per file
File Description
.github/workflows/avenger.md New Avenger workflow definition + agent runbook (CI status gate, repair steps, safe-outputs configuration).
.github/workflows/avenger.lock.yml Generated compiled workflow implementing the Avenger automation in GitHub Actions.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 4

Comment thread .github/workflows/avenger.md
# Get the last CI workflow run on main branch, excluding pending and cancelled runs
LAST_RUN=$(gh run list --workflow=ci.yml --branch=main --limit 50 --json conclusion,status,databaseId \
| jq -r '[.[] | select(.status == "completed" and (.conclusion == "success" or .conclusion == "failure"))] | .[0]')

Comment thread .github/workflows/avenger.md
Comment on lines +156 to +163
## Step 2: Recompile workflows (only if .md files changed)

**IMPORTANT**: `make recompile` regenerates ALL `.lock.yml` files and can easily produce 40–100 changed files. Run it **only** when `.md` workflow files have changed since the last commit on main.

```bash
git diff --name-only HEAD origin/main | grep '^\.github/workflows/.*\.md$'
```

Comment thread .github/workflows/avenger.lock.yml
Comment on lines +1 to +2
# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"1e6a974b933901e43391219c7244ed5337d481d5280767dee8c791ea1ec05557","compiler_version":"v0.74.8","strict":true,"agent_id":"claude"}
# gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-go","sha":"4a3601121dd01d1626a1e23e37211e3254c1c06c","version":"v6.4.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"v0.74.8","version":"v0.74.8"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.49"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.49"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.49"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.49"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.9","digest":"sha256:64828b42a4482f58fab16509d7f8f495a6d97c972a98a68aff20543531ac0388","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.9@sha256:64828b42a4482f58fab16509d7f8f495a6d97c972a98a68aff20543531ac0388"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4","digest":"sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.4@sha256:e3816a476a977cfb836e7d221510011436c654d11861db66ecfd826601aba6a4"},{"image":"node:lts-alpine","digest":"sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14","pinned_image":"node:lts-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14"}]}
Comment thread .github/workflows/avenger.md
Comment on lines +170 to +171

> **Note**: `.github/workflows/**` files are automatically excluded from the pull request by the safe-outputs configuration, so recompile output will not be included in the PR even when it runs.
@github-actions github-actions Bot mentioned this pull request May 24, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan