From 8d21ddb6849c19e525f1bb0eb285fa67d3a41182 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Wed, 1 Apr 2026 20:55:01 +0100 Subject: [PATCH 1/2] fix(ci): restore opencode workflow GitHub interactions --- .github/workflows/opencode-audit.yml | 1 + .github/workflows/opencode-pr.yml | 6 +++++- .github/workflows/opencode-test-writer.yml | 1 + .github/workflows/opencode-triage.yml | 14 ++++++++++++++ .github/workflows/opencode.yml | 2 ++ 5 files changed, 23 insertions(+), 1 deletion(-) diff --git a/.github/workflows/opencode-audit.yml b/.github/workflows/opencode-audit.yml index e897b12..e15c76d 100644 --- a/.github/workflows/opencode-audit.yml +++ b/.github/workflows/opencode-audit.yml @@ -93,6 +93,7 @@ jobs: XDG_CACHE_HOME: /tmp/opencode-cache with: model: kimi-for-coding/k2p5 + use_github_token: true prompt: | You are a senior Zig systems programming auditor performing a deep code audit. diff --git a/.github/workflows/opencode-pr.yml b/.github/workflows/opencode-pr.yml index 97edece..0758146 100644 --- a/.github/workflows/opencode-pr.yml +++ b/.github/workflows/opencode-pr.yml @@ -29,7 +29,7 @@ jobs: id-token: write contents: write pull-requests: write - issues: read + issues: write steps: - name: Resolve PR context @@ -102,15 +102,19 @@ jobs: uses: anomalyco/opencode/github@latest env: GITHUB_TOKEN: ${{ secrets.OPENCODE_PAT }} + GH_TOKEN: ${{ secrets.OPENCODE_PAT }} KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }} with: model: kimi-for-coding/k2p5 + use_github_token: true prompt: | You are reviewing a pull request for the ZigCraft repository. **PR to review:** #${{ steps.resolve-pr.outputs.pr_number }} Use `gh pr diff ${{ steps.resolve-pr.outputs.pr_number }}` and `gh pr view ${{ steps.resolve-pr.outputs.pr_number }}` to examine the changes. + Give full review coverage to PRs created by the automated test writer, especially PRs labeled `automated-test`, and verify whether any linked issues are fully addressed. + ZigCraft is a high-performance Minecraft-style voxel engine built with Zig, SDL3, and Vulkan. It uses Nix for dependency management, a custom RHI (Render Hardware Interface) abstraction layer, and a multithreaded job system for world generation and meshing. **Tech Stack:** diff --git a/.github/workflows/opencode-test-writer.yml b/.github/workflows/opencode-test-writer.yml index 0041da8..1963f43 100644 --- a/.github/workflows/opencode-test-writer.yml +++ b/.github/workflows/opencode-test-writer.yml @@ -199,6 +199,7 @@ jobs: XDG_CACHE_HOME: /tmp/opencode-cache with: model: kimi-for-coding/k2p5 + use_github_token: true prompt: | You are a senior Zig systems programmer writing unit tests for a voxel engine. Your job is to find untested code, write thorough tests, and submit a pull request. diff --git a/.github/workflows/opencode-triage.yml b/.github/workflows/opencode-triage.yml index 08e5843..2b258b8 100644 --- a/.github/workflows/opencode-triage.yml +++ b/.github/workflows/opencode-triage.yml @@ -19,6 +19,16 @@ jobs: uses: actions/github-script@v7 with: script: | + const trustedBots = new Set([ + 'opencode-agent[bot]', + 'github-actions[bot]', + ]); + const labels = (context.payload.issue.labels || []).map(label => label.name); + + if (trustedBots.has(context.payload.issue.user.login) || labels.includes('automated-audit')) { + return true; + } + const user = await github.rest.users.getByUsername({ username: context.payload.issue.user.login }); @@ -42,13 +52,17 @@ jobs: if: steps.check.outputs.result == 'true' env: GITHUB_TOKEN: ${{ secrets.OPENCODE_PAT }} + GH_TOKEN: ${{ secrets.OPENCODE_PAT }} KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }} with: model: kimi-for-coding/k2p5 + use_github_token: true prompt: | Analyze this issue. You have access to the codebase context. **CRITICAL: Your only allowed action is to post a COMMENT on the issue. DO NOT create branches, pull requests, or attempt to modify the codebase.** + If this issue has the `automated-audit` label, treat it as a trusted machine-generated finding and focus on validating the report, checking for duplicates or related PRs, and suggesting the clearest next implementation steps. + 1. **Classify**: Determine if this is a Bug, Feature Request, or Question. 2. **Validate & Request Info**: - **Missing Data**: If critical information is needed to understand or reproduce the issue (e.g., reproduction steps, crash logs, version numbers, screenshots), explicitly ask the user to provide it. diff --git a/.github/workflows/opencode.yml b/.github/workflows/opencode.yml index 9840a3c..db5bb0c 100644 --- a/.github/workflows/opencode.yml +++ b/.github/workflows/opencode.yml @@ -44,6 +44,8 @@ jobs: uses: anomalyco/opencode/github@latest env: GITHUB_TOKEN: ${{ secrets.OPENCODE_PAT }} + GH_TOKEN: ${{ secrets.OPENCODE_PAT }} KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }} with: model: kimi-for-coding/k2p5 + use_github_token: true From 28c7d8b849afe751b394139abb6bdbd5d8725daf Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Wed, 1 Apr 2026 20:59:42 +0100 Subject: [PATCH 2/2] fix(ci): use GitHub token for opencode review flows --- .github/workflows/opencode-pr.yml | 8 ++++---- .github/workflows/opencode-triage.yml | 6 +++--- .github/workflows/opencode.yml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/opencode-pr.yml b/.github/workflows/opencode-pr.yml index 0758146..7870cc2 100644 --- a/.github/workflows/opencode-pr.yml +++ b/.github/workflows/opencode-pr.yml @@ -48,7 +48,7 @@ jobs: with: ref: ${{ steps.resolve-pr.outputs.pr_head_sha }} fetch-depth: 0 - token: ${{ secrets.OPENCODE_PAT }} + token: ${{ github.token }} - name: Configure git run: | @@ -90,7 +90,7 @@ jobs: echo "Previous reviews fetched and formatted for context" env: - GH_TOKEN: ${{ secrets.OPENCODE_PAT }} + GH_TOKEN: ${{ github.token }} - name: Setup Nix uses: ./.github/actions/setup-nix @@ -101,8 +101,8 @@ jobs: - name: Run opencode uses: anomalyco/opencode/github@latest env: - GITHUB_TOKEN: ${{ secrets.OPENCODE_PAT }} - GH_TOKEN: ${{ secrets.OPENCODE_PAT }} + GITHUB_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ github.token }} KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }} with: model: kimi-for-coding/k2p5 diff --git a/.github/workflows/opencode-triage.yml b/.github/workflows/opencode-triage.yml index 2b258b8..7831ba1 100644 --- a/.github/workflows/opencode-triage.yml +++ b/.github/workflows/opencode-triage.yml @@ -40,7 +40,7 @@ jobs: - uses: actions/checkout@v4 if: steps.check.outputs.result == 'true' with: - token: ${{ secrets.OPENCODE_PAT }} + token: ${{ github.token }} - name: Configure git if: steps.check.outputs.result == 'true' @@ -51,8 +51,8 @@ jobs: - uses: anomalyco/opencode/github@latest if: steps.check.outputs.result == 'true' env: - GITHUB_TOKEN: ${{ secrets.OPENCODE_PAT }} - GH_TOKEN: ${{ secrets.OPENCODE_PAT }} + GITHUB_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ github.token }} KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }} with: model: kimi-for-coding/k2p5 diff --git a/.github/workflows/opencode.yml b/.github/workflows/opencode.yml index db5bb0c..4c33b9c 100644 --- a/.github/workflows/opencode.yml +++ b/.github/workflows/opencode.yml @@ -27,7 +27,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 with: - token: ${{ secrets.OPENCODE_PAT }} + token: ${{ github.token }} - name: Configure git run: | @@ -43,8 +43,8 @@ jobs: - name: Run opencode uses: anomalyco/opencode/github@latest env: - GITHUB_TOKEN: ${{ secrets.OPENCODE_PAT }} - GH_TOKEN: ${{ secrets.OPENCODE_PAT }} + GITHUB_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ github.token }} KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }} with: model: kimi-for-coding/k2p5