4fd5ac7be3
Fixes molecule-core#1957: agent identity collapse where all agents share one GitHub PAT and their writes attribute to the CEO. This plugin takes the pragmatic "wrap, don't multiply identities" path: - Injects MOLECULE_AGENT_ROLE / OWNER / ATTRIBUTION_BADGE per workspace - Ships a shell wrapper for `gh` that: * prepends an attribution badge to issue/PR bodies on publish * rewrites --assignee @me to the role's designated human owner * emits an NDJSON audit log to /var/log/molecule-gh.ndjson - Wrapper is shipped as base64 env var; each workspace template's install.sh decodes and writes it to /usr/local/bin/gh Scales where GitHub Apps / machine users don't: adding a new agent role is one entry in config.yaml, not a GitHub UI roundtrip per role. See README + known-issues.md for the v2-architecture migration plan. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
32 lines
806 B
YAML
32 lines
806 B
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
|
|
jobs:
|
|
go:
|
|
name: Go build + test + vet
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-go@v5
|
|
with: { go-version: "1.25" }
|
|
- run: go mod tidy && git diff --exit-code go.mod go.sum
|
|
- run: go build ./...
|
|
- run: go vet ./...
|
|
- run: go test -race ./...
|
|
|
|
shell:
|
|
name: Shellcheck + wrapper tests
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install shellcheck
|
|
run: sudo apt-get update -qq && sudo apt-get install -y -qq shellcheck
|
|
- name: Shellcheck
|
|
run: shellcheck internal/ghidentity/wrapper.sh scripts/test-wrapper.sh
|
|
- name: Run wrapper tests
|
|
run: bash scripts/test-wrapper.sh
|