--- on: workflow_run: workflows: ["Check requirements (deterministic)"] types: [completed] permissions: contents: read actions: read issues: read pull-requests: read network: allowed: - python tools: web-fetch: {} github: toolsets: [default, actions] min-integrity: unapproved safe-outputs: add-comment: max: 1 target: "${{ needs.extract_pr_number.outputs.pr_number }}" needs: - extract_pr_number jobs: extract_pr_number: if: github.event.workflow_run.conclusion == 'success' runs-on: ubuntu-latest permissions: actions: read outputs: pr_number: ${{ steps.extract.outputs.pr_number }} steps: - name: Download deterministic-results artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: check-requirements-deterministic path: /tmp/deterministic run-id: ${{ github.event.workflow_run.id }} github-token: ${{ secrets.GITHUB_TOKEN }} - name: Extract PR number from artifact id: extract run: | PR=$(jq -r '.pr_number' /tmp/deterministic/results.json) echo "pr_number=${PR}" >> "${GITHUB_OUTPUT}" concurrency: group: ${{ github.workflow }}-${{ github.event.workflow_run.head_sha }} cancel-in-progress: true steps: - name: Download deterministic-results artifact if: github.event.workflow_run.conclusion == 'success' uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: check-requirements-deterministic path: /tmp/gh-aw/deterministic run-id: ${{ github.event.workflow_run.id }} github-token: ${{ secrets.GITHUB_TOKEN }} post-steps: - name: Verify agent produced an add_comment safe-output if: always() && github.event.workflow_run.conclusion == 'success' run: | OUTPUT=/tmp/gh-aw/agent_output.json if [ ! -f "${OUTPUT}" ]; then echo "::error::Agent output file ${OUTPUT} is missing; the agent did not run to completion." exit 1 fi if ! grep -q '"add_comment"' "${OUTPUT}"; then echo "::error::Agent did not emit an add_comment safe-output; no review comment was posted to the PR." echo "Agent output:" cat "${OUTPUT}" exit 1 fi description: > Resolves the deterministic-stage artifact's NEEDS_AGENT checks for changed Python package requirements on PRs targeting the core repo, then posts the final review comment. Triggered by completion of the deterministic workflow. Reads the uploaded artifact from disk, replaces placeholders for any check whose status is `needs_agent`, and posts the merged comment using the PR number recorded inside the artifact itself. Each check kind has a dedicated instruction section below; if the artifact contains a check kind that does not have a section here, the agent fails hard rather than guess. --- # Check requirements (AW) You are a code review assistant for the Home Assistant project. The deterministic stage has already evaluated every check it can on its own and produced an artifact containing the PR number, per-package check results, and a pre-rendered comment with placeholders. **Your only job is to read that artifact, resolve any `needs_agent` checks, and post the final comment.** ## Step 1 — Read the deterministic-stage artifact The deterministic stage uploaded its results to the runner at `/tmp/gh-aw/deterministic/results.json`. The JSON has this shape: - `pr_number` — the PR being checked. The `add_comment` safe-output is already targeted at this PR (a pre-job extracts `pr_number` from the artifact and the workflow wires it into the safe-output config via `needs.extract_pr_number.outputs.pr_number`), so **you do not need to set `item_number` yourself** — just emit `add_comment` with the rendered body. - `needs_agent` — `true` iff any package's check needs resolution. - `packages[]` — one entry per changed package. Each entry has: - `name`, `old_version` (`null` for a newly added package; otherwise the previous pin), `new_version`, `repo_url`, `publisher_kind`. - `checks` — a dict keyed by **check kind** (string). Each value has a `status` (`pass`, `warn`, `fail`, or `needs_agent`) and `details`. - `rendered_comment` — the final PR comment body, already rendered. For every check whose status is `needs_agent` it contains two placeholders you must replace: - `{{CHECK_CELL::}}` — one cell of the summary table. Replace with exactly one of `✅`, `⚠️`, `❌`. - `{{CHECK_DETAIL::}}` — the body of one bullet in the package's `
` block. Replace with ` ` (the bullet's leading `- **