-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathaction.yml
More file actions
351 lines (317 loc) · 13.6 KB
/
action.yml
File metadata and controls
351 lines (317 loc) · 13.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
name: 'Holon Runner'
description: 'Run Holon solve to resolve a GitHub Issue or PR'
branding:
icon: 'cpu'
color: 'blue'
inputs:
ref:
description: 'GitHub Issue or PR reference (URL, owner/repo#n, or #n with --repo)'
required: true
repo:
description: 'Repository hint for numeric references (owner/repo format)'
required: false
default: ''
base:
description: 'Base branch for PR creation (default: main)'
required: false
default: 'main'
agent:
description: 'Agent bundle reference (optional, uses builtin if not provided)'
required: false
default: ''
anthropic_auth_token:
description: 'Anthropic Auth Token (legacy: anthropic_api_key is also supported)'
required: false
anthropic_api_key:
description: 'Legacy alias for anthropic_auth_token (deprecated)'
required: false
deprecationMessage: 'Use anthropic_auth_token instead'
anthropic_base_url:
description: 'Anthropic Base URL'
required: false
default: 'https://api.anthropic.com'
github_token:
description: 'Explicit GitHub Token override (highest priority). Leave empty to use Holonbot token (if available) or fall back to github.token.'
required: false
default: ''
holonbot_broker_url:
description: 'URL of the Holonbot Token Broker'
required: false
default: 'https://bot.holon.run/api/exchange-token'
holonbot_oidc_audience:
description: 'OIDC audience for Holonbot token broker exchange'
required: false
default: 'holon-token-broker'
log_level:
description: 'Log level for CI visibility (debug, info, progress, minimal)'
required: false
default: 'progress'
assistant_output:
description: 'Assistant output mode for CI visibility (none, stream)'
required: false
default: 'none'
goal:
description: 'Explicit execution goal passed to holon solve --goal. Empty = solve defaults by target type and PR review signals.'
required: false
default: ''
role:
description: 'Role to assume (e.g. developer, reviewer)'
required: false
default: ''
version:
description: 'Holon version to download from releases (default: latest)'
required: false
default: 'latest'
build_from_source:
description: 'Build holon from source before running (default: false, download from releases). When enabled, this action will set up Go automatically.'
required: false
default: 'false'
holon_repository:
description: 'Holon repository for building from source (default: holon-run/holon)'
required: false
default: 'holon-run/holon'
workspace:
description: 'Optional workspace path (empty by default; set only when caller provides a prepared local workspace)'
required: false
default: ''
input_dir:
description: 'Input directory path for artifact packaging (default: temp dir, auto-cleaned)'
required: false
default: ''
output_dir:
description: 'Output directory path for artifact packaging (preferred; default: temp dir, auto-cleaned)'
required: false
default: ''
state_dir:
description: 'State directory path for cross-run skill caches (default: no state persistence). Use .holon/state for workspace-local caches or an absolute path for persistent caches across runs.'
required: false
default: ''
runs:
using: 'composite'
steps:
- name: Get Holonbot Token
id: get_token
shell: bash
run: |
# Token precedence:
# 1) Explicit user-provided token (inputs.github_token)
# 2) Holonbot App token via broker exchange (requires id-token permission)
# 3) GitHub Actions runtime token (github.token)
if [ -n "${{ inputs.github_token }}" ]; then
echo "Using explicit github_token input."
echo "token=${{ inputs.github_token }}" >> $GITHUB_OUTPUT
# For explicit tokens, don't set actor identity (let API lookup)
exit 0
fi
if [ -n "$ACTIONS_ID_TOKEN_REQUEST_TOKEN" ]; then
echo "Fetching OIDC token from GitHub Actions runtime..."
OIDC_URL="$ACTIONS_ID_TOKEN_REQUEST_URL"
if [ -n "${{ inputs.holonbot_oidc_audience }}" ]; then
if [[ "$OIDC_URL" == *\?* ]]; then
OIDC_URL="${OIDC_URL}&audience=${{ inputs.holonbot_oidc_audience }}"
else
OIDC_URL="${OIDC_URL}?audience=${{ inputs.holonbot_oidc_audience }}"
fi
fi
OIDC_TOKEN=$(curl -s -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$OIDC_URL" | jq -r '.value')
if [ -n "$OIDC_TOKEN" ] && [ "$OIDC_TOKEN" != "null" ]; then
if [ -z "${{ inputs.holonbot_broker_url }}" ]; then
echo "Skipping token exchange: holonbot_broker_url is empty."
else
echo "Sending OIDC token to broker: ${{ inputs.holonbot_broker_url }}"
RESPONSE=$(curl -s -X POST "${{ inputs.holonbot_broker_url }}" \
-H "Authorization: Bearer $OIDC_TOKEN" \
-H "Content-Type: application/json")
# Do not echo full broker response (may contain token).
BOT_TOKEN=$(echo $RESPONSE | jq -r '.token // empty')
if [ -n "$BOT_TOKEN" ]; then
echo "Successfully obtained Holonbot token."
echo "token=$BOT_TOKEN" >> $GITHUB_OUTPUT
# Set actor identity for holonbot token
echo "actor_login=holonbot[bot]" >> $GITHUB_OUTPUT
echo "actor_type=App" >> $GITHUB_OUTPUT
echo "actor_app_slug=holonbot" >> $GITHUB_OUTPUT
echo "actor_source=token" >> $GITHUB_OUTPUT
exit 0
else
ERROR=$(echo $RESPONSE | jq -r '.error // "Unknown error"')
MSG=$(echo $RESPONSE | jq -r '.message // "No message provided"')
echo "::warning title=Holonbot Auth::Token exchange failed: $ERROR ($MSG). Falling back to github.token."
fi
fi
else
echo "::warning title=Holonbot Auth::Failed to fetch OIDC token. Ensure 'permissions: id-token: write' is set if you want to use Holonbot identity."
fi
else
echo "Skipping token exchange: id-token permission not granted or holonbot_broker_url is empty."
fi
# Fallback to GitHub Actions token
echo "token=${{ github.token }}" >> $GITHUB_OUTPUT
# Set actor identity for GitHub Actions token
echo "actor_login=github-actions[bot]" >> $GITHUB_OUTPUT
echo "actor_type=App" >> $GITHUB_OUTPUT
echo "actor_app_slug=github-actions" >> $GITHUB_OUTPUT
echo "actor_source=token" >> $GITHUB_OUTPUT
- name: Checkout holon repository (for building)
if: inputs.build_from_source == 'true'
shell: bash
run: |
set -euo pipefail
HOLON_SRC_DIR='${{ runner.temp }}/holon-source'
rm -rf "$HOLON_SRC_DIR"
echo "Cloning holon source to $HOLON_SRC_DIR ..."
git clone --depth 1 "https://github.com/${{ inputs.holon_repository }}.git" "$HOLON_SRC_DIR"
- name: Setup Go (for building)
if: inputs.build_from_source == 'true'
uses: actions/setup-go@v5
with:
go-version-file: ${{ runner.temp }}/holon-source/go.mod
cache: true
cache-dependency-path: ${{ runner.temp }}/holon-source/go.sum
- name: Setup Node (for source-built agent bundle)
if: inputs.build_from_source == 'true' && inputs.agent == ''
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Build from source (if enabled)
if: inputs.build_from_source == 'true'
shell: bash
run: |
set -euo pipefail
# Build in separate directory
cd "${{ runner.temp }}/holon-source"
echo "Building holon from source..."
make build
# Copy to temp location
mkdir -p "$RUNNER_TEMP/holon/bin"
cp bin/holon "$RUNNER_TEMP/holon/bin/holon"
echo "✅ Holon built and copied to $RUNNER_TEMP/holon/bin/holon"
- name: Download Holon binary
if: inputs.build_from_source != 'true'
shell: bash
run: |
# Detect platform
PLATFORM=$(uname -s | tr '[:upper:]' '[:lower:]')
ARCH=$(uname -m)
# Map to release naming
if [ "$ARCH" = "x86_64" ]; then
ARCH="amd64"
elif [ "$ARCH" = "arm64" ] || [ "$ARCH" = "aarch64" ]; then
ARCH="arm64"
fi
# Determine version and URL path
VERSION="${{ inputs.version }}"
# GitHub releases URL pattern differs for 'latest' vs specific versions
# Latest: releases/latest/download/...
# Versioned: releases/download/v0.1.0/...
if [ "$VERSION" = "latest" ]; then
RELEASE_PATH="latest/download"
else
RELEASE_PATH="download/$VERSION"
fi
# Create temp directory
mkdir -p "$RUNNER_TEMP/holon/bin"
# Download and extract
echo "Downloading holon $VERSION for $PLATFORM-$ARCH..."
curl -fsSL "https://github.com/holon-run/holon/releases/$RELEASE_PATH/holon-$PLATFORM-$ARCH.tar.gz" | \
tar -xz -C "$RUNNER_TEMP/holon/bin"
# Handle both new and old tarball layouts:
# New layout: contains 'holon' directly
# Old layout: contains 'holon-<platform>-<arch>'
if [ -f "$RUNNER_TEMP/holon/bin/holon" ]; then
# New layout - binary is already named 'holon'
chmod +x "$RUNNER_TEMP/holon/bin/holon"
elif [ -f "$RUNNER_TEMP/holon/bin/holon-$PLATFORM-$ARCH" ]; then
# Old layout - rename platform-suffixed binary to 'holon'
mv "$RUNNER_TEMP/holon/bin/holon-$PLATFORM-$ARCH" "$RUNNER_TEMP/holon/bin/holon"
chmod +x "$RUNNER_TEMP/holon/bin/holon"
else
echo "❌ Error: Failed to find holon binary after extraction"
ls -la "$RUNNER_TEMP/holon/bin/"
exit 1
fi
echo "✅ Holon binary downloaded to $RUNNER_TEMP/holon/bin/holon"
- name: Run Holon Solve
shell: bash
env:
ANTHROPIC_AUTH_TOKEN: ${{ inputs.anthropic_auth_token || inputs.anthropic_api_key }}
ANTHROPIC_BASE_URL: ${{ inputs.anthropic_base_url }}
GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}
HOLON_ACTOR_LOGIN: ${{ steps.get_token.outputs.actor_login }}
HOLON_ACTOR_TYPE: ${{ steps.get_token.outputs.actor_type }}
HOLON_ACTOR_APP_SLUG: ${{ steps.get_token.outputs.actor_app_slug }}
HOLON_ACTOR_SOURCE: ${{ steps.get_token.outputs.actor_source }}
run: |
set -euo pipefail
# Add holon to PATH
export PATH="$RUNNER_TEMP/holon/bin:$PATH"
# Determine output directory
OUT_DIR="${{ inputs.output_dir }}"
if [ -z "$OUT_DIR" ]; then
# When used directly without reusable workflow, create temp dir to avoid polluting workspace
OUT_DIR=$(mktemp -d -t holon-output-XXXXXX)
echo "⚠️ No output_dir specified - using temp directory: $OUT_DIR"
echo " Consider specifying output_dir to enable artifact uploads"
fi
# Resolve agent reference in one place:
# 1) explicit inputs.agent
# 2) source-built local bundle (when build_from_source=true)
# 3) empty => holon default agent resolution
AGENT_REF="${{ inputs.agent }}"
if [ -z "$AGENT_REF" ] && [ "${{ inputs.build_from_source }}" = "true" ]; then
HOLON_SRC_DIR="${{ runner.temp }}/holon-source"
AGENT_SRC_DIR="$HOLON_SRC_DIR/agents/claude"
if [ ! -d "$AGENT_SRC_DIR" ]; then
echo "::error::expected agent source directory not found: $AGENT_SRC_DIR"
exit 1
fi
if [ ! -f "$AGENT_SRC_DIR/package.json" ]; then
echo "::error::expected agent package.json not found: $AGENT_SRC_DIR/package.json"
exit 1
fi
pushd "$AGENT_SRC_DIR" >/dev/null
npm ci
npm run bundle
BUNDLE_REL="$(ls -t dist/agent-bundles/*.tar.gz | head -n 1)"
popd >/dev/null
if [ -z "$BUNDLE_REL" ]; then
echo "::error::failed to find built agent bundle under $AGENT_SRC_DIR/dist/agent-bundles"
exit 1
fi
AGENT_REF="$AGENT_SRC_DIR/$BUNDLE_REL"
echo "Using source-built agent bundle: $AGENT_REF"
fi
# Build solve command arguments
SOLVE_ARGS=()
if [ -n "${{ inputs.repo }}" ]; then
SOLVE_ARGS+=(--repo "${{ inputs.repo }}")
fi
if [ -n "${{ inputs.base }}" ]; then
SOLVE_ARGS+=(--base "${{ inputs.base }}")
fi
if [ -n "$AGENT_REF" ]; then
SOLVE_ARGS+=(--agent "$AGENT_REF")
fi
if [ -n "${{ inputs.role }}" ]; then
SOLVE_ARGS+=(--role "${{ inputs.role }}")
fi
if [ -n "${{ inputs.workspace }}" ]; then
SOLVE_ARGS+=(--workspace "${{ inputs.workspace }}")
fi
if [ -n "${{ inputs.input_dir }}" ]; then
SOLVE_ARGS+=(--input "${{ inputs.input_dir }}")
fi
if [ -n "${{ inputs.state_dir }}" ]; then
SOLVE_ARGS+=(--state-dir "${{ inputs.state_dir }}")
fi
if [ -n "${{ inputs.goal }}" ]; then
SOLVE_ARGS+=(--goal "${{ inputs.goal }}")
fi
# Always add output directory (either user-specified or temp)
SOLVE_ARGS+=(--output "$OUT_DIR")
# Run holon solve
echo "Running: holon solve ${{ inputs.ref }} ${SOLVE_ARGS[*]} --log-level ${{ inputs.log_level }} --assistant-output ${{ inputs.assistant_output }}"
holon solve "${{ inputs.ref }}" \
"${SOLVE_ARGS[@]}" \
--log-level "${{ inputs.log_level }}" \
--assistant-output "${{ inputs.assistant_output }}"