From 74a57760493d44d1121f8686e71f325c69046ccb Mon Sep 17 00:00:00 2001 From: SIN-Agent Date: Thu, 4 Jun 2026 13:53:06 +0200 Subject: [PATCH 1/3] test: trigger workflow for App commenter verification --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 412c1f0..56bb88c 100644 --- a/README.md +++ b/README.md @@ -197,3 +197,4 @@ sin sin-code agents-md --output AGENTS.md ## License MIT — see [LICENSE](./LICENSE). +# Test change From 851341290f4d7d68f496156b5bb48704137c3bb3 Mon Sep 17 00:00:00 2001 From: SIN-Agent Date: Thu, 4 Jun 2026 13:54:50 +0200 Subject: [PATCH 2/3] fix(ci): App commenter finds score.json via find score.json is written to ~/ceo-audits/-ceo-audit-/ not to ceo-audit-output/. Use find to locate it. If no score.json found, skip App commenter (Action comment above still works). continue-on-error: true ensures we never block the workflow on App issues. --- .github/workflows/ceo-audit.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ceo-audit.yml b/.github/workflows/ceo-audit.yml index 0b723de..59652d5 100644 --- a/.github/workflows/ceo-audit.yml +++ b/.github/workflows/ceo-audit.yml @@ -174,10 +174,18 @@ jobs: SIN_GITHUB_APP_CLIENT_ID: Iv23livllaHIBTdQdyhY run: | # post_audit_pr.py lives in the cloned Infra repo (see 'Install ceo-audit skill' step) + # score.json is written by audit.sh to ~/ceo-audits/-ceo-audit-/score.json + # We search both ceo-audit-output/ and ~/ceo-audits/ to be robust. + SCORE_FILE=$(find $HOME/ceo-audits ceo-audit-output -name 'score.json' 2>/dev/null | head -1) + if [ -z "$SCORE_FILE" ]; then + echo "::warning::No score.json found — skipping App commenter (Action comment above still posts)" + exit 0 + fi + echo "Using score.json: $SCORE_FILE" python3 ${{ github.workspace }}/infra/skills/ceo-audit/scripts/post_audit_pr.py \ --repo ${{ github.repository }} \ --pr ${{ github.event.pull_request.number }} \ - --score-json ceo-audit-output/score.json \ + --score-json "$SCORE_FILE" \ --artifact-url ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} \ --run-id ${{ github.run_id }} From 58c71fa17fcba232f15f27b795a29206f4768571 Mon Sep 17 00:00:00 2001 From: SIN-Agent Date: Thu, 4 Jun 2026 13:57:29 +0200 Subject: [PATCH 3/3] fix(ci): pass GITHUB_TOKEN through to App commenter step post_audit_pr.py needs a token to authenticate with the GitHub API. The default GITHUB_TOKEN is auto-blocked by GitHub Actions unless explicitly passed through to subshell env. Fix: pass via env block. Falls back to SIN_GITHUB_INSTALLATION_TOKEN (org secret) if set. --- .github/workflows/ceo-audit.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ceo-audit.yml b/.github/workflows/ceo-audit.yml index 59652d5..f0d09d4 100644 --- a/.github/workflows/ceo-audit.yml +++ b/.github/workflows/ceo-audit.yml @@ -172,6 +172,9 @@ jobs: env: PYTHONPATH: ${{ github.workspace }}/infra/skills/ceo-audit/lib SIN_GITHUB_APP_CLIENT_ID: Iv23livllaHIBTdQdyhY + # Pass through the built-in GITHUB_TOKEN (always present in CI). + # Will be used as fallback if SIN_GITHUB_INSTALLATION_TOKEN is unset. + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | # post_audit_pr.py lives in the cloned Infra repo (see 'Install ceo-audit skill' step) # score.json is written by audit.sh to ~/ceo-audits/-ceo-audit-/score.json