Commit Graph

6 Commits

Author SHA1 Message Date
Aaron Powell 28c3a14af4 Switch skill CI validation workflows to vally lint (#2030)
* Switch skill CI checks to vally lint

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Adding Vally to allowed words

* case sensitivity

* Migrate external plugin quality gates from skill-validator to vally lint

Replace the downloaded skill-validator binary with
px @microsoft/vally-cli lint
in the external plugin quality gates pipeline:

- Remove downloadSkillValidator() and SKILL_VALIDATOR_ARCHIVE_URL constant
- Replace uildSkillValidatorArgs() + 
unSkillValidatorGate() with
  uildVallyLintArgs() + 
unVallyLintGate() that run
px vally-cli lint
  per resolved skill directory (falling back to the full plugin root when no
  specific skill paths can be resolved from plugin.json)
- Rename result keys skill_validator_status / skill_validator_output
  to ally_lint_status / ally_lint_output throughout both
  ng/external-plugin-quality-gates.mjs and ng/external-plugin-intake.mjs
- Update PR comment markdown to show 'vally lint' instead of 'skill-validator'
- Update CONTRIBUTING.md prose references accordingly

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Use @microsoft/vally library directly instead of vally-cli subprocess

Replace the npx-spawned vally-cli process with a direct call to the
@microsoft/vally core library in the external plugin quality gates scripts:

- Add @microsoft/vally as a devDependency in package.json
- Import runLint and LintConsoleReporter from @microsoft/vally
- Replace runVallyLintGate() process spawn with async API call:
  - runLint({ rootPath }) returns structured LintResults
  - LintConsoleReporter with a Writable capture stream collects
    text output without printing to stdout
- Make runExternalPluginQualityGates() async (propagated to
  runExternalPluginPrQualityGates() and both main entry points)
- Use Promise.all in runExternalPluginPrQualityGates() for parallel
  plugin checks
- Fix remaining skill_validator_status reference in pr-quality-gates
  summary string (now vally-lint=...) and YAML workflow table header
- Add 'npm install @microsoft/vally' step to both calling workflows

This removes a layer of indirection (Node -> npx -> CLI -> library)
and replaces it with a direct in-process library call, which is faster,
more reliable, and gives structured access to lint results.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 14:07:45 +10:00
Aaron Powell fae6a92c9d Centralize label management and fix permission issues (#2018)
* fix: Allow label operations on pull requests in external plugin approval workflow

The sync-merged-pr-labels job needs pull-requests: write permission to
add/remove labels on merged PRs. Previously it only had issues: write which
is for issues, not pull requests. This fixes the permission error when
workflows try to modify PR labels from a non-contributor account.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: Handle 403 permission errors when creating external plugin intake labels

When running on PRs from fork contributors, the GitHub token may not have
permission to create labels in the repository. This is expected and should
not cause the workflow to fail. Allow the ensureLabel function to gracefully
handle 403 Forbidden errors in addition to 422 (label already exists) errors.

This fixes the sync-pr-state job failure in external-plugin-pr-quality-gates.yml
when run on PRs from external contributors.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* refactor: Centralize label management into a single workflow_dispatch workflow

Create a new 'setup-labels' workflow that is manually dispatched and handles
all label creation and updates. This workflow:
- Creates all labels used by the repository
- Updates descriptions if labels already exist
- Reports success/failure counts
- Fails if any labels cannot be created

All individual workflows now assume labels exist and will fail (loudly) if
they don't. This makes it clear to maintainers when the setup-labels workflow
needs to be dispatched:

- label-pr-intent.yml
- skill-check-comment.yml
- external-plugin-approval-command.yml
- external-plugin-command-router.yml
- external-plugin-rereview.yml
- external-plugin-rereview-command.yml
- eng/external-plugin-intake-state.mjs

This approach is better because:
- Single source of truth for label definitions
- Avoids permission issues with fork contributors
- Clear failure modes when labels are missing
- Easier to maintain consistent label configuration
- No more scattered label creation logic across workflows

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Remove unused ensureLabel methods and managedLabels constants

Labels are now centrally managed by the setup-labels workflow and
assumed to exist in all other workflows. Removed:

- ensureLabel() methods from all 6 workflows and 1 JS module
- managedLabels constants that were only used by ensureLabel
- Promise.all() calls that invoked ensureLabel for each label
- Updated syncManagedLabels in skill-check-comment.yml to remove ensureLabel call

All workflows now assume labels exist and will fail if they don't,
which is the desired behavior—it signals maintainers to dispatch the
setup-labels workflow when new labels need to be created.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-17 14:12:07 +10:00
Aaron Powell 50854076f2 The new lines weren't working properly as we'd filter them out, whoops (#1951) 2026-06-10 14:44:16 +10:00
Aaron Powell ce516684b5 Add labels for skill check findings (#1627)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-06 10:05:16 +10:00
Jan Krivanek dd3bce4417 Improve skills validation runs (#1387) 2026-04-14 10:39:08 +10:00
Jan Krivanek 1c6002448d Fix eval workflows (#1228)
* Fix eval workflows

* Address review: secure two-phase PR comment & byte-based truncation

- skill-check.yml: Revert to pull_request trigger (read-only token).
  Remove PR comment posting; upload results as artifact instead.
- skill-check-comment.yml: New workflow_run-triggered workflow that
  downloads the artifact and posts/updates the PR comment with
  write permissions, without ever checking out PR code.
- skill-quality-report.yml: Replace character-based truncation with
  byte-based (Buffer.byteLength) limit. Shrink <details> sections
  structurally before falling back to hard byte-trim, keeping
  markdown rendering intact.
2026-03-31 10:47:54 +11:00