diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 3a56859..1d38dfe 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,6 +1,6 @@ # Security Policy -The maintainers of the Docker `cagent` GitHub Action take security seriously. If you discover a security issue, please bring it to their attention right away! +The maintainers of the Docker docker-agent-action GitHub Action take security seriously. If you discover a security issue, please bring it to their attention right away! ## Reporting a Vulnerability diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bb92bf3..12dcacc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,7 +42,7 @@ jobs: - name: Checkout for composite actions uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - repository: docker/cagent-action + repository: docker/docker-agent-action ref: ${{ github.workflow_sha }} fetch-depth: 0 persist-credentials: false @@ -166,14 +166,14 @@ jobs: # Create staging branch and PREP commit (dist/ only) STAGING_BRANCH="release-staging/${VERSION}" - trap 'gh api -X DELETE "repos/docker/cagent-action/git/refs/heads/${STAGING_BRANCH}" >/dev/null 2>&1 || true' EXIT + trap 'gh api -X DELETE "repos/docker/docker-agent-action/git/refs/heads/${STAGING_BRANCH}" >/dev/null 2>&1 || true' EXIT # NOTE: use `find dist/ -type f` (relative path) NOT `find "$GITHUB_WORKSPACE/dist/" -type f`. # signed-commit uses the paths verbatim as git file paths in the GitHub API, which # requires repo-root-relative paths. Absolute paths cause a cryptic # "A path was requested for deletion which does not exist" GraphQL error. PREP_SHA=$(find dist/ -type f 2>/dev/null | \ GITHUB_TOKEN="${GH_TOKEN}" node "$GITHUB_WORKSPACE/dist/signed-commit.js" \ - --repo docker/cagent-action \ + --repo docker/docker-agent-action \ --branch "$STAGING_BRANCH" \ --base-ref main \ --force \ @@ -184,15 +184,15 @@ jobs: # ── Pass 2: Pin self-refs → PREP_SHA ───────────────────────────────── # TEMP_SHA: YAML files have all self-refs pinned to PREP_SHA. - # Replace all docker/cagent-action*@ refs (SHA, tag, branch, SHA+comment) + # Replace all docker/docker-agent-action*@ refs (SHA, tag, branch, SHA+comment) # with PREP_SHA and the new version. # Uses a capture group so any sub-path (e.g., /review-pr, /review-pr/reply) is preserved. # Automatically covers new sub-actions without needing to update this workflow. # Only targets `uses:` lines to avoid pinning refs in comments or documentation. echo "Pass 2: pinning refs to ${PREP_SHA} # ${VERSION}..." - OLD_PIN_PATTERN='uses: *docker/cagent-action[^@]*@' - PIN_PATTERN_TO_PREP='s|^\([^#]*uses: *docker/cagent-action\)\([^@]*\)@.*|\1\2@'"${PREP_SHA}"' # '"${VERSION}"'|g' + OLD_PIN_PATTERN='uses: *docker/docker-agent-action[^@]*@' + PIN_PATTERN_TO_PREP='s|^\([^#]*uses: *docker/docker-agent-action\)\([^@]*\)@.*|\1\2@'"${PREP_SHA}"' # '"${VERSION}"'|g' PINNED_FILES=() while IFS= read -r file; do sed -i "$PIN_PATTERN_TO_PREP" "$file" @@ -203,12 +203,12 @@ jobs: review-pr/ .github/workflows/ .github/actions/) if [ ${#PINNED_FILES[@]} -eq 0 ]; then - echo "::error::No SHA-pinned self-refs found to update — expected at least one. Check that review-pr/ actions still reference docker/cagent-action with a SHA pin." + echo "::error::No SHA-pinned self-refs found to update — expected at least one. Check that review-pr/ actions still reference docker/docker-agent-action with a SHA pin." exit 1 fi # Verify all refs now point to PREP_SHA (no old refs remain) - REMAINING=$(grep -n '^[^#]*uses: *docker/cagent-action[^@]*@' "${PINNED_FILES[@]}" 2>/dev/null | grep -v "@${PREP_SHA} # ${VERSION}" || true) + REMAINING=$(grep -n '^[^#]*uses: *docker/docker-agent-action[^@]*@' "${PINNED_FILES[@]}" 2>/dev/null | grep -v "@${PREP_SHA} # ${VERSION}" || true) if [ -n "$REMAINING" ]; then echo "::error::Old SHA refs remain after Pass 2 pinning:" echo "$REMAINING" @@ -216,12 +216,12 @@ jobs: fi echo "Pinned refs after Pass 2 (→ PREP_SHA):" - grep -rn "cagent-action@" "${PINNED_FILES[@]}" + grep -rn "docker-agent-action@" "${PINNED_FILES[@]}" # Create TEMP commit on the staging branch (YAML files pinned to PREP_SHA) TEMP_SHA=$(printf '%s\n' "${PINNED_FILES[@]}" DOCKER_AGENT_VERSION | \ GITHUB_TOKEN="${GH_TOKEN}" node "$GITHUB_WORKSPACE/dist/signed-commit.js" \ - --repo docker/cagent-action \ + --repo docker/docker-agent-action \ --branch "$STAGING_BRANCH" \ --message "release(temp): pin self-refs to ${PREP_SHA} for ${VERSION}" \ --add-stdin) @@ -235,14 +235,14 @@ jobs: # PREP_SHA has the updated dist/ and DOCKER_AGENT_VERSION, completing the chain. echo "Pass 3: re-pinning refs from ${PREP_SHA} to ${TEMP_SHA} # ${VERSION}..." - PIN_PATTERN_TO_TEMP='s|^\([^#]*uses: *docker/cagent-action\)\([^@]*\)@'"${PREP_SHA}"'.*|\1\2@'"${TEMP_SHA}"' # '"${VERSION}"'|g' + PIN_PATTERN_TO_TEMP='s|^\([^#]*uses: *docker/docker-agent-action\)\([^@]*\)@'"${PREP_SHA}"'.*|\1\2@'"${TEMP_SHA}"' # '"${VERSION}"'|g' for file in "${PINNED_FILES[@]}"; do sed -i "$PIN_PATTERN_TO_TEMP" "$file" echo " Re-pinned: $file" done # Verify no PREP_SHA refs remain after Pass 3 - REMAINING=$(grep -n '^[^#]*uses: *docker/cagent-action[^@]*@'"${PREP_SHA}" "${PINNED_FILES[@]}" 2>/dev/null || true) + REMAINING=$(grep -n '^[^#]*uses: *docker/docker-agent-action[^@]*@'"${PREP_SHA}" "${PINNED_FILES[@]}" 2>/dev/null || true) if [ -n "$REMAINING" ]; then echo "::error::PREP_SHA refs remain after Pass 3 re-pinning:" echo "$REMAINING" @@ -250,12 +250,12 @@ jobs: fi echo "Pinned refs after Pass 3 (→ TEMP_SHA):" - grep -rn "cagent-action@" "${PINNED_FILES[@]}" + grep -rn "docker-agent-action@" "${PINNED_FILES[@]}" # Create RELEASE commit on the staging branch (YAML files pinned to TEMP_SHA) RELEASE_SHA=$(printf '%s\n' "${PINNED_FILES[@]}" | \ GITHUB_TOKEN="${GH_TOKEN}" node "$GITHUB_WORKSPACE/dist/signed-commit.js" \ - --repo docker/cagent-action \ + --repo docker/docker-agent-action \ --branch "$STAGING_BRANCH" \ --message "release: ${VERSION}" \ --add-stdin) @@ -264,12 +264,12 @@ jobs: echo "Release commit: $RELEASE_SHA" # ── Create tag via API (no git push needed) ────────────────────────── - gh api "repos/docker/cagent-action/git/refs" \ + gh api "repos/docker/docker-agent-action/git/refs" \ -f "ref=refs/tags/${VERSION}" \ -f "sha=${RELEASE_SHA}" > /dev/null # ── Clean up staging branch ────────────────────────────────────────── - gh api -X DELETE "repos/docker/cagent-action/git/refs/heads/${STAGING_BRANCH}" > /dev/null 2>&1 || true + gh api -X DELETE "repos/docker/docker-agent-action/git/refs/heads/${STAGING_BRANCH}" > /dev/null 2>&1 || true echo "✅ Tag ${VERSION} created pointing to ${RELEASE_SHA}" @@ -292,12 +292,14 @@ jobs: VERSION: ${{ steps.version.outputs.version }} GH_TOKEN: ${{ env.GITHUB_APP_TOKEN }} run: | - # Strip the self-referential "chore: update cagent-action to vX.Y.Z" bullet that + # Strip the self-referential "chore: update docker-agent-action to vX.Y.Z" bullet that # the update-self-refs job creates after each release. It always appears in the # *next* release's auto-generated notes and is noise for readers. + # Migration window: the legacy "update cagent-action to v*" phrasing is also stripped + # so the last pre-rename self-ref bullet doesn't leak into the first post-rename notes. # Docker Agent version bumps ("update Docker Agent to v*") are intentionally kept. - NOTES=$(gh release view "$VERSION" --repo docker/cagent-action --json body --jq '.body') - FILTERED=$(printf '%s' "$NOTES" | grep -v 'update cagent-action to v' || true) + NOTES=$(gh release view "$VERSION" --repo docker/docker-agent-action --json body --jq '.body') + FILTERED=$(printf '%s' "$NOTES" | grep -vE 'update (docker-agent-action|cagent-action) to v' || true) if [ -z "$FILTERED" ]; then echo "ℹ️ All lines were self-referential — leaving release notes unchanged to avoid blank notes." exit 0 @@ -307,7 +309,7 @@ jobs: exit 0 fi printf '%s' "$FILTERED" > /tmp/release-notes-filtered.md - gh release edit "$VERSION" --repo docker/cagent-action --notes-file /tmp/release-notes-filtered.md + gh release edit "$VERSION" --repo docker/docker-agent-action --notes-file /tmp/release-notes-filtered.md echo "✅ Release notes filtered and updated." publish-agent: @@ -358,7 +360,7 @@ jobs: TELEMETRY_ENABLED=false docker-agent share push pr-review.yaml "${HUB_ORG}/review-pr" update-self-refs: - name: Update self-refs in cagent-action main + name: Update self-refs in docker-agent-action main needs: release if: success() && !inputs.pre_release runs-on: ubuntu-latest @@ -370,17 +372,17 @@ jobs: - name: Checkout for composite actions uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - repository: docker/cagent-action + repository: docker/docker-agent-action ref: ${{ needs.release.outputs.sha }} persist-credentials: false - name: Setup credentials uses: ./setup-credentials - - name: Checkout cagent-action + - name: Checkout docker-agent-action uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - repository: docker/cagent-action + repository: docker/docker-agent-action token: ${{ env.GITHUB_APP_TOKEN }} - name: Setup pnpm @@ -408,9 +410,9 @@ jobs: exit 1 fi - OLD_PATTERN='docker/cagent-action[^@]*@' + OLD_PATTERN='docker/docker-agent-action[^@]*@' # YAML sed: anchored on `uses:` to avoid false matches in comments - YAML_PIN_PATTERN='s|\(uses: *docker/cagent-action\)\([^@]*\)@.*|\1\2@'"${SHA}"' # '"${VERSION}"'|g' + YAML_PIN_PATTERN='s|\(uses: *docker/docker-agent-action\)\([^@]*\)@.*|\1\2@'"${SHA}"' # '"${VERSION}"'|g' UPDATED_FILES=() @@ -442,16 +444,16 @@ jobs: VERSION: ${{ needs.release.outputs.version }} SHA: ${{ needs.release.outputs.sha }} run: | - BRANCH="auto/update-cagent-action" - RELEASE_URL="https://github.com/docker/cagent-action/releases/tag/$VERSION" + BRANCH="auto/update-docker-agent-action" + RELEASE_URL="https://github.com/docker/docker-agent-action/releases/tag/$VERSION" # Create signed commit COMMIT_OID=$(GITHUB_TOKEN="${GH_TOKEN}" node "$GITHUB_WORKSPACE/dist/signed-commit.js" \ - --repo docker/cagent-action \ + --repo docker/docker-agent-action \ --branch "$BRANCH" \ --base-ref main \ --force \ - --message "chore: update cagent-action to $VERSION" \ + --message "chore: update docker-agent-action to $VERSION" \ --add-stdin < /tmp/updated-files.txt) echo "✅ Signed commit: $COMMIT_OID" @@ -460,7 +462,7 @@ jobs: PR_BODY="$(cat < Auto-generated by the [release](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) workflow. @@ -470,14 +472,14 @@ jobs: if [ -n "$EXISTING_PR" ]; then echo "Updating existing PR #$EXISTING_PR" gh pr edit "$EXISTING_PR" \ - --title "chore: update cagent-action to $VERSION" \ + --title "chore: update docker-agent-action to $VERSION" \ --body "$PR_BODY" \ --add-reviewer "derekmisler" else echo "Creating new PR" gh pr create \ --head "$BRANCH" \ - --title "chore: update cagent-action to $VERSION" \ + --title "chore: update docker-agent-action to $VERSION" \ --body "$PR_BODY" \ --reviewer "derekmisler" fi @@ -492,7 +494,7 @@ jobs: - name: Checkout for composite actions uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - repository: docker/cagent-action + repository: docker/docker-agent-action ref: ${{ needs.release.outputs.sha }} persist-credentials: false @@ -505,7 +507,7 @@ jobs: GH_TOKEN: ${{ env.GITHUB_APP_TOKEN }} VERSION: ${{ needs.release.outputs.version }} run: | - if ! NOTES=$(gh release view "$VERSION" --repo docker/cagent-action --json body --jq '.body'); then + if ! NOTES=$(gh release view "$VERSION" --repo docker/docker-agent-action --json body --jq '.body'); then echo "::warning::Failed to fetch release notes, using fallback" NOTES="Release ${VERSION} — see GitHub for details." fi @@ -517,14 +519,14 @@ jobs: id: slack-summary # Pinned to a SHA — automatically updated by the update-self-refs job after each release. # GitHub Actions requires static `uses:` values, so we can't pin dynamically. - uses: docker/cagent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 with: agent: agentcatalog/github-action-release-notes prompt: | Convert these release notes to a SHORT plain text Slack message. VERSION: ${{ needs.release.outputs.version }} - RELEASE URL: https://github.com/docker/cagent-action/releases/tag/${{ needs.release.outputs.version }} + RELEASE URL: https://github.com/docker/docker-agent-action/releases/tag/${{ needs.release.outputs.version }} ORIGINAL RELEASE NOTES: ${{ steps.release-notes.outputs.notes }} @@ -544,7 +546,7 @@ jobs: - Skip the "Platforms" line — this is a GitHub Action, not a binary EXAMPLE FORMAT: - :tada: cagent-action v1.3.0 Released + :tada: docker-agent-action v1.3.0 Released :package: WHAT'S NEW • New feature one @@ -556,7 +558,7 @@ jobs: :bug: BUG FIXES • Fix description - :inbox_tray: Release: https://github.com/docker/cagent-action/releases/tag/v1.3.0 + :inbox_tray: Release: https://github.com/docker/docker-agent-action/releases/tag/v1.3.0 anthropic-api-key: ${{ env.ANTHROPIC_API_KEY_FROM_SSM }} - name: Send Slack notification @@ -570,14 +572,14 @@ jobs: exit 0 fi - RELEASE_URL="https://github.com/docker/cagent-action/releases/tag/${VERSION}" + RELEASE_URL="https://github.com/docker/docker-agent-action/releases/tag/${VERSION}" # Use the AI-generated Slack summary if [ -f "$SLACK_SUMMARY_FILE" ] && [ -s "$SLACK_SUMMARY_FILE" ]; then MESSAGE_TEXT=$(cat "$SLACK_SUMMARY_FILE") else # Fallback message if summary generation failed - MESSAGE_TEXT=$(printf ':tada: cagent-action %s Released\n\n:package: See the full release notes for details.\n\n:inbox_tray: Release: %s' "$VERSION" "$RELEASE_URL") + MESSAGE_TEXT=$(printf ':tada: docker-agent-action %s Released\n\n:package: See the full release notes for details.\n\n:inbox_tray: Release: %s' "$VERSION" "$RELEASE_URL") fi # Create payload with text and release_url fields (matching Slack Workflow Builder webhook) diff --git a/.github/workflows/review-pr.yml b/.github/workflows/review-pr.yml index bde64f9..e0d9b07 100644 --- a/.github/workflows/review-pr.yml +++ b/.github/workflows/review-pr.yml @@ -96,7 +96,7 @@ jobs: comment-author-type: ${{ steps.read.outputs.comment-author-type }} steps: - name: Setup credentials - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Verify token for cross-run artifact download shell: bash @@ -154,6 +154,8 @@ jobs: github.event.comment.user.login != 'docker-agent' && github.event.comment.user.login != 'docker-agent[bot]' && github.event.comment.user.type != 'Bot' && + !contains(github.event.comment.body, '') && + !contains(github.event.comment.body, '') && !contains(github.event.comment.body, '') && !contains(github.event.comment.body, '')) || (github.event_name == 'pull_request' && github.event.action != 'review_requested' && github.event.sender.type != 'Bot' && github.event.sender.login != 'docker-agent' && github.event.sender.login != 'docker-agent[bot]') || @@ -290,7 +292,7 @@ jobs: if: | steps.command.outputs.is_review != 'false' && steps.draft.outputs.skip != 'true' - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Check if org member id: membership @@ -303,7 +305,7 @@ jobs: PR_SOURCE: ${{ steps.pr.outputs.source }} ORG: docker COMMENT_AUTHOR: ${{ github.event.comment.user.login }} - run: node "$CAGENT_ACTION_ROOT/dist/check-org-membership.js" + run: node "$DOCKER_AGENT_ACTION_ROOT/dist/check-org-membership.js" - name: Create check run if: | @@ -352,7 +354,7 @@ jobs: steps.draft.outputs.skip != 'true' id: run-review continue-on-error: true - uses: docker/cagent-action/review-pr@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/review-pr@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 with: pr-number: ${{ steps.pr.outputs.number }} comment-id: ${{ inputs.comment-id || github.event.comment.id }} @@ -413,7 +415,7 @@ jobs: - name: Setup credentials if: inputs.trigger-run-id != '' - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Verify token for cross-run artifact download if: inputs.trigger-run-id != '' @@ -500,8 +502,12 @@ jobs: # contains the review marker but NOT the reply marker (substring overlap). # The login check prevents matching human comments that happen to contain # the marker text (e.g., in discussions about the review system). + # Migration window: tolerate both the new docker-agent-review markers and the + # legacy cagent-review markers, so replies to review comments posted by the old + # action still drive the feedback loop until those PRs close. if [ "$parent_user_login" = "docker-agent" ] && \ - echo "$body" | grep -q "" && \ + { echo "$body" | grep -q "" || echo "$body" | grep -q ""; } && \ + ! echo "$body" | grep -q "" && \ ! echo "$body" | grep -q ""; then echo "is_agent=true" >> $GITHUB_OUTPUT echo "root_comment_id=$PARENT_ID" >> $GITHUB_OUTPUT @@ -532,7 +538,7 @@ jobs: - name: Setup credentials if: steps.check.outputs.is_agent == 'true' - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Check authorization if: steps.check.outputs.is_agent == 'true' @@ -590,7 +596,7 @@ jobs: jq -n \ --arg body "Sorry @$AUTHOR, conversational replies are currently available to repository collaborators only. Your feedback has still been captured and will be used to improve future reviews. - " \ + " \ --argjson reply_to "$ROOT_COMMENT_ID" \ '{body: $body, in_reply_to: $reply_to}' | \ gh api "repos/$REPO/pulls/$PR_NUMBER/comments" --input - @@ -691,7 +697,7 @@ jobs: - name: Run reply if: steps.check.outputs.is_agent == 'true' && steps.auth.outputs.authorized == 'true' continue-on-error: true - uses: docker/cagent-action/review-pr/reply@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/review-pr/reply@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 with: thread-context: ${{ steps.thread.outputs.prompt }} comment-id: ${{ steps.feedback.outputs.comment-id }} @@ -766,7 +772,7 @@ jobs: steps: - name: Setup credentials - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Download trigger context if: inputs.trigger-run-id != '' @@ -832,7 +838,7 @@ jobs: - name: Run mention-reply handler id: mention-context if: steps.resolve-event.outputs.path != '' - uses: docker/cagent-action/.github/actions/mention-reply@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/.github/actions/mention-reply@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 env: GITHUB_EVENT_PATH: ${{ steps.resolve-event.outputs.path }} GITHUB_EVENT_NAME: ${{ steps.resolve-event.outputs.name }} @@ -844,7 +850,7 @@ jobs: if: steps.mention-context.outputs.should-reply == 'true' id: run-reply continue-on-error: true - uses: docker/cagent-action/review-pr/mention-reply@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/review-pr/mention-reply@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 with: mention-context: ${{ steps.mention-context.outputs.prompt }} owner: ${{ steps.mention-context.outputs.owner }} diff --git a/.github/workflows/self-review-pr-trigger.yml b/.github/workflows/self-review-pr-trigger.yml index 6451a45..70ae791 100644 --- a/.github/workflows/self-review-pr-trigger.yml +++ b/.github/workflows/self-review-pr-trigger.yml @@ -16,6 +16,8 @@ jobs: github.event.comment.user.login != 'docker-agent' && github.event.comment.user.login != 'docker-agent[bot]' && github.event.comment.user.type != 'Bot' && + !contains(github.event.comment.body, '') && + !contains(github.event.comment.body, '') && !contains(github.event.comment.body, '') && !contains(github.event.comment.body, '') runs-on: ubuntu-latest diff --git a/.github/workflows/self-review-pr.yml b/.github/workflows/self-review-pr.yml index 55253e5..acb0add 100644 --- a/.github/workflows/self-review-pr.yml +++ b/.github/workflows/self-review-pr.yml @@ -19,6 +19,8 @@ jobs: github.event.comment.user.login != 'docker-agent' && github.event.comment.user.login != 'docker-agent[bot]' && github.event.comment.user.type != 'Bot' && + !contains(github.event.comment.body, '') && + !contains(github.event.comment.body, '') && !contains(github.event.comment.body, '') && !contains(github.event.comment.body, '')) || github.event.workflow_run.conclusion == 'success' diff --git a/.github/workflows/test-e2e-reviewer.yml b/.github/workflows/test-e2e-reviewer.yml index da34717..cedd6a3 100644 --- a/.github/workflows/test-e2e-reviewer.yml +++ b/.github/workflows/test-e2e-reviewer.yml @@ -87,7 +87,7 @@ jobs: - name: Setup credentials if: steps.fork-check.outputs.is_fork != 'true' - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Write synthetic issue_comment event if: steps.fork-check.outputs.is_fork != 'true' @@ -99,7 +99,7 @@ jobs: "action": "created", "issue": { "number": $pr_number, - "pull_request": { "url": ("https://api.github.com/repos/docker/cagent-action/pulls/" + ($pr_number | tostring)) } + "pull_request": { "url": ("https://api.github.com/repos/docker/docker-agent-action/pulls/" + ($pr_number | tostring)) } }, "comment": { "id": 9999999901, @@ -108,7 +108,7 @@ jobs: }, "repository": { "owner": { "login": "docker" }, - "name": "cagent-action" + "name": "docker-agent-action" }, "sender": { "login": $actor, "type": "User" } }' > /tmp/test-event-toplevel.json @@ -191,7 +191,7 @@ jobs: - name: Setup credentials if: steps.fork-check.outputs.is_fork != 'true' - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Create anchor review comment if: steps.fork-check.outputs.is_fork != 'true' @@ -200,10 +200,10 @@ jobs: GH_TOKEN: ${{ env.GITHUB_APP_TOKEN || github.token }} PR_NUMBER: ${{ inputs.pr_number }} run: | - HEAD_SHA=$(gh api "repos/docker/cagent-action/pulls/$PR_NUMBER" --jq '.head.sha') - DIFF_FILE=$(gh api "repos/docker/cagent-action/pulls/$PR_NUMBER/files" --jq '.[0].filename') + HEAD_SHA=$(gh api "repos/docker/docker-agent-action/pulls/$PR_NUMBER" --jq '.head.sha') + DIFF_FILE=$(gh api "repos/docker/docker-agent-action/pulls/$PR_NUMBER/files" --jq '.[0].filename') echo "Using diff file: $DIFF_FILE" - COMMENT_ID=$(gh api "repos/docker/cagent-action/pulls/$PR_NUMBER/comments" \ + COMMENT_ID=$(gh api "repos/docker/docker-agent-action/pulls/$PR_NUMBER/comments" \ -X POST \ --input - <<< $(jq -n \ --arg sha "$HEAD_SHA" \ @@ -235,7 +235,7 @@ jobs: }, "repository": { "owner": { "login": "docker" }, - "name": "cagent-action" + "name": "docker-agent-action" }, "sender": { "login": $actor, "type": "User" } }' > /tmp/test-event-inline.json @@ -283,10 +283,10 @@ jobs: run: | if [ -z "$ANCHOR_ID" ]; then exit 0; fi # Delete thread replies first - gh api "repos/docker/cagent-action/pulls/${{ inputs.pr_number }}/comments" \ + gh api "repos/docker/docker-agent-action/pulls/${{ inputs.pr_number }}/comments" \ | jq --argjson id "$ANCHOR_ID" '[.[] | select(.in_reply_to_id == $id)] | .[].id' \ | while read -r reply_id; do - gh api "repos/docker/cagent-action/pulls/comments/$reply_id" -X DELETE || true + gh api "repos/docker/docker-agent-action/pulls/comments/$reply_id" -X DELETE || true done # Delete anchor - gh api "repos/docker/cagent-action/pulls/comments/$ANCHOR_ID" -X DELETE || true + gh api "repos/docker/docker-agent-action/pulls/comments/$ANCHOR_ID" -X DELETE || true diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index c0507fc..3d07344 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -205,14 +205,14 @@ jobs: run: pnpm install --frozen-lockfile && pnpm build - name: Setup credentials - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Create anchor issue comment on current PR id: create-anchor env: GH_TOKEN: ${{ env.GITHUB_APP_TOKEN || github.token }} run: | - COMMENT_ID=$(gh api repos/docker/cagent-action/issues/$TEST_PR_NUMBER/comments \ + COMMENT_ID=$(gh api repos/docker/docker-agent-action/issues/$TEST_PR_NUMBER/comments \ --method POST \ --raw-field body="@docker-agent this is an automated e2e test — please reply with a brief acknowledgement." \ --jq .id) @@ -230,7 +230,7 @@ jobs: "action": "created", "issue": { "number": $pr_number, - "pull_request": { "url": ("https://api.github.com/repos/docker/cagent-action/pulls/" + ($pr_number | tostring)) } + "pull_request": { "url": ("https://api.github.com/repos/docker/docker-agent-action/pulls/" + ($pr_number | tostring)) } }, "comment": { "id": $comment_id, @@ -239,7 +239,7 @@ jobs: }, "repository": { "owner": { "login": "docker" }, - "name": "cagent-action" + "name": "docker-agent-action" }, "sender": { "login": $actor, "type": "User" } }' > /tmp/test-event-toplevel.json @@ -288,8 +288,8 @@ jobs: env: GH_TOKEN: ${{ env.GITHUB_APP_TOKEN || github.token }} run: | - FOUND=$(gh api repos/docker/cagent-action/issues/$TEST_PR_NUMBER/comments \ - --jq '[.[] | select(.body | contains("")) | select(.created_at > (now - 300 | todate))] | length') + FOUND=$(gh api repos/docker/docker-agent-action/issues/$TEST_PR_NUMBER/comments \ + --jq '[.[] | select(.body | contains("")) | select(.created_at > (now - 300 | todate))] | length') if [ "$FOUND" -eq 0 ]; then echo "❌ No reply comment found within the last 5 minutes" exit 1 @@ -304,15 +304,15 @@ jobs: ANCHOR_ID: ${{ steps.create-anchor.outputs.test_comment_id }} run: | # Delete any test reply comments posted in the last 5 minutes - gh api repos/docker/cagent-action/issues/$TEST_PR_NUMBER/comments \ - --jq '.[] | select(.body | contains("")) | select(.created_at > (now - 300 | todate)) | .id' | \ + gh api repos/docker/docker-agent-action/issues/$TEST_PR_NUMBER/comments \ + --jq '.[] | select(.body | contains("")) | select(.created_at > (now - 300 | todate)) | .id' | \ while read -r comment_id; do - gh api "repos/docker/cagent-action/issues/comments/$comment_id" -X DELETE || true + gh api "repos/docker/docker-agent-action/issues/comments/$comment_id" -X DELETE || true echo "Deleted comment $comment_id" done # Delete the anchor comment itself if [ -n "$ANCHOR_ID" ]; then - gh api "repos/docker/cagent-action/issues/comments/$ANCHOR_ID" -X DELETE || true + gh api "repos/docker/docker-agent-action/issues/comments/$ANCHOR_ID" -X DELETE || true echo "Deleted anchor comment $ANCHOR_ID" fi @@ -345,7 +345,7 @@ jobs: run: pnpm install --frozen-lockfile && pnpm build - name: Setup credentials - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Create anchor review comment on current PR id: create-anchor @@ -353,15 +353,15 @@ jobs: GH_TOKEN: ${{ env.GITHUB_APP_TOKEN || github.token }} run: | # Get the PR head SHA - HEAD_SHA=$(gh api repos/docker/cagent-action/pulls/$TEST_PR_NUMBER --jq '.head.sha') + HEAD_SHA=$(gh api repos/docker/docker-agent-action/pulls/$TEST_PR_NUMBER --jq '.head.sha') echo "PR head SHA: $HEAD_SHA" # Get first file in the diff to use as a safe anchor - DIFF_FILE=$(gh api repos/docker/cagent-action/pulls/$TEST_PR_NUMBER/files --jq '.[0].filename') + DIFF_FILE=$(gh api repos/docker/docker-agent-action/pulls/$TEST_PR_NUMBER/files --jq '.[0].filename') echo "Using diff file: $DIFF_FILE" # Post a test inline comment to get a real comment ID - COMMENT_ID=$(gh api repos/docker/cagent-action/pulls/$TEST_PR_NUMBER/comments \ + COMMENT_ID=$(gh api repos/docker/docker-agent-action/pulls/$TEST_PR_NUMBER/comments \ -X POST \ --input - <<< $(jq -n \ --arg sha "$HEAD_SHA" \ @@ -392,7 +392,7 @@ jobs: }, "repository": { "owner": { "login": "docker" }, - "name": "cagent-action" + "name": "docker-agent-action" }, "sender": { "login": $actor, "type": "User" } }' > /tmp/test-event-inline.json @@ -457,9 +457,9 @@ jobs: GH_TOKEN: ${{ env.GITHUB_APP_TOKEN || github.token }} ANCHOR_ID: ${{ steps.create-anchor.outputs.test_comment_id }} run: | - FOUND=$(gh api repos/docker/cagent-action/pulls/$TEST_PR_NUMBER/comments \ + FOUND=$(gh api repos/docker/docker-agent-action/pulls/$TEST_PR_NUMBER/comments \ | jq --argjson id "$ANCHOR_ID" \ - '[.[] | select(.in_reply_to_id == $id and (.body | contains(""))) ] | length') + '[.[] | select(.in_reply_to_id == $id and (.body | contains(""))) ] | length') if [ "$FOUND" -eq 0 ]; then echo "❌ No inline reply found in thread $ANCHOR_ID" exit 1 @@ -478,13 +478,13 @@ jobs: exit 0 fi # Delete any replies in the thread first - gh api repos/docker/cagent-action/pulls/$TEST_PR_NUMBER/comments \ + gh api repos/docker/docker-agent-action/pulls/$TEST_PR_NUMBER/comments \ | jq --argjson id "$ANCHOR_ID" \ '[.[] | select(.in_reply_to_id == $id)] | .[].id' | \ while read -r reply_id; do - gh api "repos/docker/cagent-action/pulls/comments/$reply_id" -X DELETE || true + gh api "repos/docker/docker-agent-action/pulls/comments/$reply_id" -X DELETE || true echo "Deleted reply comment $reply_id" done # Delete the anchor comment itself - gh api "repos/docker/cagent-action/pulls/comments/$ANCHOR_ID" -X DELETE || true + gh api "repos/docker/docker-agent-action/pulls/comments/$ANCHOR_ID" -X DELETE || true echo "Deleted anchor comment $ANCHOR_ID" diff --git a/.github/workflows/update-consumers.yml b/.github/workflows/update-consumers.yml index 052980f..cecd4ee 100644 --- a/.github/workflows/update-consumers.yml +++ b/.github/workflows/update-consumers.yml @@ -34,18 +34,18 @@ jobs: if [ -n "$INPUT_VERSION" ]; then VERSION="$INPUT_VERSION" else - VERSION=$(gh release view --repo docker/cagent-action --json tagName --jq .tagName) + VERSION=$(gh release view --repo docker/docker-agent-action --json tagName --jq .tagName) fi if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$ ]]; then echo "::error::Invalid version format: '$VERSION' (expected vX.Y.Z)" exit 1 fi - OBJ_TYPE=$(gh api "repos/docker/cagent-action/git/ref/tags/$VERSION" --jq .object.type) + OBJ_TYPE=$(gh api "repos/docker/docker-agent-action/git/ref/tags/$VERSION" --jq .object.type) if [ "$OBJ_TYPE" = "tag" ]; then - SHA=$(gh api "repos/docker/cagent-action/git/ref/tags/$VERSION" --jq '.object.url' \ + SHA=$(gh api "repos/docker/docker-agent-action/git/ref/tags/$VERSION" --jq '.object.url' \ | xargs gh api --jq .object.sha) else - SHA=$(gh api "repos/docker/cagent-action/git/ref/tags/$VERSION" --jq .object.sha) + SHA=$(gh api "repos/docker/docker-agent-action/git/ref/tags/$VERSION" --jq .object.sha) fi echo "version=$VERSION" >> $GITHUB_OUTPUT echo "sha=$SHA" >> $GITHUB_OUTPUT @@ -54,7 +54,7 @@ jobs: - name: Checkout for composite actions uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - repository: docker/cagent-action + repository: docker/docker-agent-action ref: ${{ steps.resolve.outputs.sha }} persist-credentials: false @@ -64,7 +64,7 @@ jobs: - name: Checkout source for build uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - repository: docker/cagent-action + repository: docker/docker-agent-action ref: ${{ github.workflow_sha }} persist-credentials: false @@ -96,12 +96,12 @@ jobs: exit 1 fi - # Discover repos that use the cagent-action reusable workflow. + # Discover repos that use the docker-agent-action reusable workflow. # Uses GitHub code search API — results may have eventual consistency lag # for very recently created repos, but this is fine for release automation. echo "Searching for consumer repos..." REPOS=$(gh api --method GET --paginate '/search/code?per_page=100' \ - -f q='org:docker "docker/cagent-action/.github/workflows/review-pr.yml@" language:YAML path:.github/workflows' \ + -f q='org:docker "docker/docker-agent-action/.github/workflows/review-pr.yml@" language:YAML path:.github/workflows' \ --jq '[.items[] | {repo: .repository.full_name, path: .path}] | unique_by(.repo) | .[] | "\(.repo) \(.path)"') if [ -z "$REPOS" ]; then @@ -113,11 +113,11 @@ jobs: echo "$REPOS" echo "" - # Pattern to match any cagent-action workflow ref (SHA, tag, branch, SHA+comment) - OLD_PATTERN='cagent-action/\.github/workflows/review-pr\.yml@' + # Pattern to match any docker-agent-action workflow ref (SHA, tag, branch, SHA+comment) + OLD_PATTERN='docker-agent-action/\.github/workflows/review-pr\.yml@' - BRANCH="auto/update-cagent-action" - RELEASE_URL="https://github.com/docker/cagent-action/releases/tag/$VERSION" + BRANCH="auto/update-docker-agent-action" + RELEASE_URL="https://github.com/docker/docker-agent-action/releases/tag/$VERSION" while IFS=' ' read -r REPO FILE_PATH; do echo "==========================================" @@ -154,7 +154,7 @@ jobs: # Apply the sed replacement SAFE_VERSION=$(printf '%s' "$VERSION" | sed 's/[|&\]/\\&/g') SAFE_SHA=$(printf '%s' "$SHA" | sed 's/[|&\]/\\&/g') - sed -i 's|\(docker/cagent-action/\.github/workflows/review-pr\.yml@\).*|\1'"${SAFE_SHA}"' # '"${SAFE_VERSION}"'|g' "$FILE_PATH" + sed -i 's|\(docker/docker-agent-action/\.github/workflows/review-pr\.yml@\).*|\1'"${SAFE_SHA}"' # '"${SAFE_VERSION}"'|g' "$FILE_PATH" if git diff --quiet "$FILE_PATH"; then echo "No changes after sed — already up to date" @@ -171,7 +171,7 @@ jobs: --branch "$BRANCH" \ --base-ref main \ --force \ - --message "chore: update cagent-action to $VERSION" \ + --message "chore: update docker-agent-action to $VERSION" \ --add "$FILE_PATH") || { echo "::warning::Failed to create signed commit in $REPO (may lack write access)" cd / @@ -188,7 +188,7 @@ jobs: # FILE_PATH comes from GitHub API and could theoretically contain shell metacharacters printf -v PR_BODY '%s\n%s\n%s\n%s\n%s' \ "## Summary" \ - "Updates \`cagent-action\` reference in \`${FILE_PATH}\` to [${VERSION}](${RELEASE_URL})." \ + "Updates \`docker-agent-action\` reference in \`${FILE_PATH}\` to [${VERSION}](${RELEASE_URL})." \ "- **Commit**: \`${SHA}\`" \ "- **Version**: \`${VERSION}\`" \ "> Auto-generated by the [release](${RUN_URL}) workflow." @@ -196,14 +196,14 @@ jobs: if [ -n "$EXISTING_PR" ]; then echo "Updating existing PR #$EXISTING_PR in $REPO" gh pr edit "$EXISTING_PR" --repo "$REPO" \ - --title "chore: update cagent-action to $VERSION" \ + --title "chore: update docker-agent-action to $VERSION" \ --body "$PR_BODY" \ --add-reviewer "derekmisler" 2>&1 || echo "::warning::Failed to update PR #$EXISTING_PR in $REPO (may be non-fatal)" else echo "Creating new PR in $REPO" gh pr create --repo "$REPO" \ --head "$BRANCH" \ - --title "chore: update cagent-action to $VERSION" \ + --title "chore: update docker-agent-action to $VERSION" \ --body "$PR_BODY" \ --reviewer "derekmisler" || echo "::warning::Failed to create PR in $REPO" fi diff --git a/.github/workflows/update-docker-agent-version.yml b/.github/workflows/update-docker-agent-version.yml index 9147bd5..60cd118 100644 --- a/.github/workflows/update-docker-agent-version.yml +++ b/.github/workflows/update-docker-agent-version.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup credentials - uses: docker/cagent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action/setup-credentials@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/AGENTS.md b/AGENTS.md index 2f920e7..e1522a1 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -4,7 +4,7 @@ Guide for AI agents and LLMs working in this repository. Read this before explor ## What this repo is -**`docker/cagent-action`** — a GitHub Action (and a family of sub-actions) that runs [Docker Agent](https://github.com/docker/docker-agent) AI agents inside GitHub Actions workflows. It is published to the GitHub Marketplace and consumed by other repos as `uses: docker/cagent-action@vX.Y.Z`. +**`docker/docker-agent-action`** — a GitHub Action (and a family of sub-actions) that runs [Docker Agent](https://github.com/docker/docker-agent) AI agents inside GitHub Actions workflows. It is published to the GitHub Marketplace and consumed by other repos as `uses: docker/docker-agent-action@vX.Y.Z`. The repo ships **three things**: @@ -18,7 +18,7 @@ Anything else here (workflows under `.github/workflows/`, scripts, tests) exists ``` . -├── action.yml # ← Root action ("cagent Runner"). Composite. Source of truth for inputs/outputs. +├── action.yml # ← Root action ("Docker Agent Runner"). Composite. Source of truth for inputs/outputs. ├── DOCKER_AGENT_VERSION # Pinned docker-agent version (currently v1.54.0). Read at runtime by action.yml. ├── package.json # pnpm workspace root. Scripts: build, test, lint, format, actionlint. ├── tsup.config.ts # Bundles src//index.ts → dist/.js (ESM, Node 24, fully bundled). @@ -76,17 +76,17 @@ Anything else here (workflows under `.github/workflows/`, scripts, tests) exists │ ├── README.md # User-facing docs for the PR review feature. │ ├── reply/action.yml # Sub-action: replies to feedback on review comments. │ └── agents/ -│ ├── pr-review.yaml # Root reviewer agent (cagent YAML). +│ ├── pr-review.yaml # Root reviewer agent (docker-agent YAML). │ ├── pr-review-feedback.yaml # Processes captured feedback into memory. │ ├── pr-review-mention-reply.yaml # Handles @docker-agent mention-reply responses. │ ├── pr-review-reply.yaml # Replies in-thread to reviewer comments. │ ├── refs/ # Reference docs passed to agents (posting format, code-review style). -│ └── evals/ # cagent eval JSON files (success-*, security-*, marlin-*, etc.). +│ └── evals/ # docker-agent eval JSON files (success-*, security-*, marlin-*, etc.). │ ├── setup-credentials/ # Composite action: fetches AWS creds via OIDC, exports GITHUB_APP_TOKEN + │ └── action.yml # ORG_MEMBERSHIP_TOKEN. At root so consumers can use -│ # docker/cagent-action/setup-credentials@VERSION directly. -│ # Also exports CAGENT_ACTION_ROOT (repo root of the downloaded action copy) +│ # docker/docker-agent-action/setup-credentials@VERSION directly. +│ # Also exports DOCKER_AGENT_ACTION_ROOT (repo root of the downloaded action copy) │ # for subsequent run: steps that need to invoke dist/ bundles. │ ├── .github/ @@ -111,9 +111,9 @@ Anything else here (workflows under `.github/workflows/`, scripts, tests) exists ### Versioning & releases -- This action is consumed via `uses: docker/cagent-action@vX.Y.Z`. **The committed `dist/` directory is the runtime artifact** that consumers download — it must be checked in for tagged releases. +- This action is consumed via `uses: docker/docker-agent-action@vX.Y.Z`. **The committed `dist/` directory is the runtime artifact** that consumers download — it must be checked in for tagged releases. - `DOCKER_AGENT_VERSION` is the **single source of truth** for the docker-agent binary version. `action.yml` reads it with `cat`. Update via `.github/workflows/update-docker-agent-version.yml`. -- Internal `uses:` references to this action (e.g. `review-pr/action.yml` → `docker/cagent-action@`) are pinned to **commit SHAs with version comments**, not tags. Bumping requires updating both the SHA and the comment. +- Internal `uses:` references to this action (e.g. `review-pr/action.yml` → `docker/docker-agent-action@`) are pinned to **commit SHAs with version comments**, not tags. Bumping requires updating both the SHA and the comment. ### TypeScript / `src` rules @@ -157,12 +157,12 @@ The action runs untrusted input (PR titles, bodies, comments, diffs) through an - Uses a **best-effort cache lock** (`pr-review-lock---*` cache key) to avoid concurrent reviews on the same PR. Lock TTL is 600s; the agent execution timeout is 1800s (30 min) — these are intentionally decoupled. Reviews are idempotent so the small race window is acceptable. - **Memory persistence** uses `actions/cache` keyed by `pr-review-memory---` with prefix-based restore. The DB lives at `${{ github.workspace }}/.cache/pr-review-memory.db`. - **Feedback loop**: the `reply-to-feedback` job in `.github/workflows/review-pr.yml` (which runs the `pr-review-reply.yaml` agent) uploads a `pr-review-feedback` artifact on every reply via its "Upload feedback artifact" step. The next review run downloads all such artifacts, runs `pr-review-feedback.yaml` to call `add_memory(...)` for each, then deletes the artifacts. -- **Bot reply detection** uses HTML markers: `` on review comments, `` on agent replies (including mention-reply responses). **Don't change these strings** — workflows in consumer repos grep for them. +- **Bot reply detection** uses HTML markers: `` on review comments, `` on agent replies (including mention-reply responses). **Don't change these strings** — workflows in consumer repos grep for them. - **Copilot-style triggers**: in addition to the original `pull_request_review` / `issue_comment /review` paths, `review-pr.yml` now also fires on: - `pull_request` action `review_requested` when `github.event.requested_reviewer.login == 'docker-agent'` - `@docker-agent` mentions on PR/issue comments — these run the `.github/actions/mention-reply` handler (sets `should-reply` and builds the context prompt) and then the `review-pr/mention-reply` sub-action (referenced from a pinned SHA, not present as a local path on every commit). The `pr-review-mention-reply.yaml` agent handles the actual reply. - Diffs over 1500 lines are **chunked at file boundaries** in `review-pr/action.yml` (see "Split diff into chunks"). Per-file **risk scoring** (security paths, line counts, error-handling patterns) prioritizes verifier attention. -- Stale review threads on lines no longer in the diff are auto-resolved via GraphQL `resolveReviewThread`. Threads with no `` marker are never touched. +- Stale review threads on lines no longer in the diff are auto-resolved via GraphQL `resolveReviewThread`. Threads with no `` marker are never touched. ### Workflows (`.github/workflows/`) @@ -171,7 +171,7 @@ The action runs untrusted input (PR titles, bodies, comments, diffs) through an | `test.yml` | Unit + integration tests on push/PR. | | `test-e2e.yml` | End-to-end action invocation against a real agent. | | `release.yml` | Publishes tagged releases (must include a built `dist/`). | -| `review-pr.yml` | **Reusable workflow** consumers call as `docker/cagent-action/.github/workflows/review-pr.yml@v…`. | +| `review-pr.yml` | **Reusable workflow** consumers call as `docker/docker-agent-action/.github/workflows/review-pr.yml@v…`. | | `self-review-pr.yml` + `-trigger.yml` | Dogfooding: the repo reviews its own PRs. | | `reply-to-feedback.yml` | Handles replies to bot review comments. | | `pr-describe.yml` | Generates PR descriptions from diffs. | @@ -223,7 +223,7 @@ When you change something, verify: - [ ] Did you change a bash block in any `action.yml`? Run `pnpm actionlint` and the relevant `tests/*.sh`. - [ ] Did you change anything under `src/security/`? Re-run `pnpm test` (covers `src/security/__tests__/security.test.ts`) and confirm the threat model above is still covered. - [ ] Did you bump a pinned `uses:` SHA? Update the trailing version comment too. -- [ ] Did you change a `` marker, an output name, or an env var name? Search the repo (and consumer documentation) for references first — these are public contracts. +- [ ] Did you change a `` marker, an output name, or an env var name? Search the repo (and consumer documentation) for references first — these are public contracts. ## Things to avoid @@ -232,7 +232,7 @@ When you change something, verify: - **Don't** introduce env-var fallbacks for API keys — explicit inputs only. - **Don't** remove `if: always()` from sanitize-output / upload-artifact / summary steps. - **Don't** commit changes to `review-pr/agents/.cache/*.db*` files (they're local memory artifacts). -- **Don't** rename markers (``, ``) without a versioned migration plan. +- **Don't** rename markers (``, ``) without a versioned migration plan. - **Don't** loosen authorization checks — comment-triggered events are the primary abuse vector for this action. ## Where to look for more context diff --git a/README.md b/README.md index b6c564f..a56bc22 100644 --- a/README.md +++ b/README.md @@ -145,7 +145,8 @@ add-prompt-files: "STYLE_GUIDE.md" # Found via hierarchy search | ----------------------- | ---------------------------------------------------------------- | | `exit-code` | Exit code from docker agent run | | `output-file` | Path to the output log file | -| `cagent-version` | Version of Docker Agent that was used | +| `docker-agent-version` | Version of Docker Agent that was used | +| `cagent-version` | Version of Docker Agent that was used (deprecated: use `docker-agent-version`) | | `mcp-gateway-installed` | Whether mcp-gateway was installed (`true`/`false`) | | `execution-time` | Agent execution time in seconds | | `verbose-log-file` | Path to the full verbose agent log (includes tool calls) | @@ -263,8 +264,8 @@ Please also read our [Code of Conduct](CODE_OF_CONDUCT.md). ## Support - 📖 [Documentation](README.md) -- 🐛 [Report Issues](https://github.com/docker/cagent-action/issues) -- 💬 [Discussions](https://github.com/docker/cagent-action/discussions) +- 🐛 [Report Issues](https://github.com/docker/docker-agent-action/issues) +- 💬 [Discussions](https://github.com/docker/docker-agent-action/discussions) - 🔒 [Security Policy](SECURITY.md) ## License diff --git a/SECURITY.md b/SECURITY.md index 5300cb2..4f53f98 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,6 @@ # Security Documentation -This document describes the security hardening built into the cagent-action GitHub Action. +This document describes the security hardening built into the docker-agent-action GitHub Action. ## 🔒 Security Features @@ -281,7 +281,7 @@ names verbatim for easy cross-referencing. ```yaml - name: Run Agent id: agent - uses: docker/cagent-action@VERSION + uses: docker/docker-agent-action@VERSION with: agent: my-agent prompt: "Analyze the logs" @@ -309,7 +309,7 @@ All executions automatically include: ```yaml - name: Run Agent (with org-membership auth) - uses: docker/cagent-action@VERSION + uses: docker/docker-agent-action@VERSION with: agent: my-agent prompt: "Review this PR" diff --git a/action.yml b/action.yml index 05b8308..ddebf68 100644 --- a/action.yml +++ b/action.yml @@ -1,8 +1,8 @@ # Copyright The Docker Agent Action authors # SPDX-License-Identifier: Apache-2.0 -name: "cagent Runner" -description: "Run a cagent AI agent with a single line" +name: "Docker Agent Runner" +description: "Run a Docker Agent AI agent with a single line" author: "Docker" branding: icon: "cpu" @@ -101,8 +101,10 @@ outputs: description: "Exit code from docker agent run" output-file: description: "Path to the output log file" - cagent-version: + docker-agent-version: description: "Version of Docker Agent that was used" + cagent-version: + description: "Version of Docker Agent that was used (deprecated: use docker-agent-version)" mcp-gateway-installed: description: "Whether mcp-gateway was installed (true/false)" execution-time: diff --git a/review-pr/README.md b/review-pr/README.md index 2c656ce..cbf9efd 100644 --- a/review-pr/README.md +++ b/review-pr/README.md @@ -27,7 +27,7 @@ permissions: jobs: review: - uses: docker/cagent-action/.github/workflows/review-pr.yml@VERSION + uses: docker/docker-agent-action/.github/workflows/review-pr.yml@VERSION permissions: contents: read # Read repository files and PR diffs pull-requests: write # Post review comments @@ -60,8 +60,8 @@ jobs: github.event.comment.user.login != 'docker-agent' && github.event.comment.user.login != 'docker-agent[bot]' && github.event.comment.user.type != 'Bot' && - !contains(github.event.comment.body, '') && - !contains(github.event.comment.body, '') + !contains(github.event.comment.body, '') && + !contains(github.event.comment.body, '') runs-on: ubuntu-latest steps: - name: Save event context @@ -107,10 +107,10 @@ jobs: github.event.comment.user.login != 'docker-agent' && github.event.comment.user.login != 'docker-agent[bot]' && github.event.comment.user.type != 'Bot' && - !contains(github.event.comment.body, '') && - !contains(github.event.comment.body, '')) || + !contains(github.event.comment.body, '') && + !contains(github.event.comment.body, '')) || github.event.workflow_run.conclusion == 'success' - uses: docker/cagent-action/.github/workflows/review-pr.yml@VERSION + uses: docker/docker-agent-action/.github/workflows/review-pr.yml@VERSION permissions: contents: read # Read repository files and PR diffs pull-requests: write # Post review comments @@ -224,7 +224,7 @@ docker agent run agentcatalog/review-pr --prompt-file CONTRIBUTING.md "Review my ### Reusable Workflow -When using `docker/cagent-action/.github/workflows/review-pr.yml`: +When using `docker/docker-agent-action/.github/workflows/review-pr.yml`: | Input | Description | Default | | ------------------- | ---------------------------------------------------------------------- | ------- | @@ -273,7 +273,7 @@ but the error check happens after this line accesses `user.ID`. Consider moving the nil check before accessing user properties. - + ``` When no issues are found: @@ -294,7 +294,7 @@ AGENTS.md + PR Diff → Drafter (hypotheses) → Verifier (confirm) → Post Com When you reply to a review comment: -1. The `reply-to-feedback` job checks if the reply is to an agent comment (via `` marker) +1. The `reply-to-feedback` job checks if the reply is to an agent comment (via `` marker) 2. Verifies the author is an org member/collaborator (authorization gate) 3. Builds the full thread context (original comment + all replies in chronological order) 4. Runs a Sonnet-powered reply agent that posts a contextual response in the same thread @@ -318,7 +318,7 @@ The reviewer supports true multi-turn conversation in PR review threads. When yo - **Disagree** — the agent engages thoughtfully, discusses trade-offs, and considers your perspective - **Add context** — the agent thanks you, reassesses its finding, and stores the insight -Agent replies are marked with `` (distinct from `` on original review comments) to prevent infinite loops. Multi-turn threading works automatically because GitHub's `in_reply_to_id` always points to the root comment. +Agent replies are marked with `` (distinct from `` on original review comments) to prevent infinite loops. Multi-turn threading works automatically because GitHub's `in_reply_to_id` always points to the root comment. **Memory persistence:** The memory database is stored in GitHub Actions cache. Each review run restores the previous cache, processes any pending feedback, runs the review, and saves with a unique key. Old caches are automatically cleaned up (keeping the 5 most recent). @@ -331,7 +331,7 @@ Evals verify that the reviewer produces consistent, correct results across multi ### Run all evals ```bash -cd cagent-action +cd docker-agent-action docker agent eval review-pr/agents/pr-review.yaml review-pr/agents/evals/ \ -e GITHUB_TOKEN -e GH_TOKEN ``` diff --git a/review-pr/action.yml b/review-pr/action.yml index a2419d7..1f03591 100644 --- a/review-pr/action.yml +++ b/review-pr/action.yml @@ -503,11 +503,14 @@ runs: TOTAL_THREADS=$(echo "$ALL_THREADS" | jq 'length') echo "📋 Fetched $TOTAL_THREADS review threads (across $PAGE page(s))" - # C. Filter to unresolved bot threads (containing marker) + # C. Filter to unresolved bot threads (containing the review marker). + # Match both the new and the legacy + # marker so threads opened by the old action are + # still recognized — and auto-resolved when stale — during the migration window. BOT_THREADS=$(echo "$ALL_THREADS" | jq '[ .[] | select( .isResolved == false and - (.comments.nodes | any(.body | contains(""))) + (.comments.nodes | any(.body | (contains("") or contains("")))) ) ]') @@ -642,7 +645,7 @@ runs: - name: Process pending feedback if: steps.lock-check.outputs.skip != 'true' && steps.pending-feedback.outputs.has_feedback == 'true' continue-on-error: true - uses: docker/cagent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 env: ACTION_PATH: ${{ github.action_path }} with: @@ -751,12 +754,12 @@ runs: cp "$ACTION_PATH"/agents/refs/*.md /tmp/refs/ # ======================================== - # RUN REVIEW using root cagent-action + # RUN REVIEW using root docker-agent-action # ======================================== - name: Run PR Review if: steps.lock-check.outputs.skip != 'true' id: run-review - uses: docker/cagent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 env: ACTION_PATH: ${{ github.action_path }} with: diff --git a/review-pr/agents/pr-review-mention-reply.yaml b/review-pr/agents/pr-review-mention-reply.yaml index da7a407..2998464 100644 --- a/review-pr/agents/pr-review-mention-reply.yaml +++ b/review-pr/agents/pr-review-mention-reply.yaml @@ -67,7 +67,7 @@ agents: ## Posting Your Reply - Write your reply as your final text output. End with `` on + Write your reply as your final text output. End with `` on its own line, separated by a blank line. Do NOT call `gh api` — the framework will post your reply to the correct thread automatically. @@ -76,7 +76,7 @@ agents: ``` Your helpful reply here. - + ``` ## Response Guidelines @@ -87,7 +87,7 @@ agents: - If asked about a review finding, explain your reasoning clearly - If asked to clarify something, provide a concrete explanation - If the question is outside your scope, say so briefly and politely - - Always end your reply with `` on its own line, separated by a blank line + - Always end your reply with `` on its own line, separated by a blank line ## Learning diff --git a/review-pr/agents/pr-review-reply.yaml b/review-pr/agents/pr-review-reply.yaml index 7e0cdd1..5f5fda2 100644 --- a/review-pr/agents/pr-review-reply.yaml +++ b/review-pr/agents/pr-review-reply.yaml @@ -70,7 +70,7 @@ agents: jq -n \ --arg body "YOUR RESPONSE - " \ + " \ --argjson reply_to ROOT_COMMENT_ID \ '{body: $body, in_reply_to_id: $reply_to}' | \ gh api repos/{owner}/{repo}/pulls/{pr}/comments --input - @@ -87,7 +87,7 @@ agents: - Reference specific code when it helps (use `read_file` to check source files) - When discussing trade-offs, present both sides fairly - Never repeat the original finding verbatim — the developer already read it - - End with `` marker (distinct from ``) + - End with `` marker (distinct from ``) for identification. This marker MUST be on its own line, separated by a blank line ## Learning diff --git a/review-pr/agents/pr-review.yaml b/review-pr/agents/pr-review.yaml index 459c481..4f8c7bf 100644 --- a/review-pr/agents/pr-review.yaml +++ b/review-pr/agents/pr-review.yaml @@ -301,7 +301,7 @@ agents: Use `jq` (never raw `echo`) to build JSON. Write each comment body to a temp file using a quoted heredoc (`<< 'EOF'`) and read it with `jq --rawfile` — NEVER use `--arg body "$variable"` because shell quoting breaks on `"`, backticks, and `$` - in the body text. Each finding becomes an inline comment with `` + in the body text. Each finding becomes an inline comment with `` marker on its own line. Do NOT include the marker in console mode. ## Domain-Specific Review Output diff --git a/review-pr/agents/refs/posting-format.md b/review-pr/agents/refs/posting-format.md index ec2f61d..e1c008b 100644 --- a/review-pr/agents/refs/posting-format.md +++ b/review-pr/agents/refs/posting-format.md @@ -3,11 +3,11 @@ Convert each CONFIRMED/LIKELY finding to an inline comment object for the `comments` array: - **Added/context lines** (`+` or ` ` in diff) — use `line` with the new-file line number: ```json - {"path": "file.go", "line": 123, "body": "**ISSUE**\n\nDETAILS\n\n"} + {"path": "file.go", "line": 123, "body": "**ISSUE**\n\nDETAILS\n\n"} ``` - **Deleted lines** (`-` in diff) — use `side: "LEFT"` with the old-file line number: ```json - {"path": "file.go", "line": 45, "side": "LEFT", "body": "**ISSUE**\n\nDETAILS\n\n"} + {"path": "file.go", "line": 45, "side": "LEFT", "body": "**ISSUE**\n\nDETAILS\n\n"} ``` The `line` field normally refers to the new file (right side of the diff). Deleted lines @@ -39,7 +39,7 @@ cat > /tmp/comment_body.md << 'COMMENT_BODY_EOF' Detailed explanation of the bug, trigger path, and impact. - + COMMENT_BODY_EOF jq --arg path "$file_path" --argjson line "$line_number" \ @@ -69,7 +69,7 @@ jq -n \ | gh api repos/{owner}/{repo}/pulls/{pr}/reviews --input - ``` -The `` marker MUST be on its own line, separated by a blank line +The `` marker MUST be on its own line, separated by a blank line from the content. Do NOT include it in console output mode. # Comment Scope (REQUIRED) diff --git a/review-pr/mention-reply/action.yml b/review-pr/mention-reply/action.yml index 5956472..146ae0f 100644 --- a/review-pr/mention-reply/action.yml +++ b/review-pr/mention-reply/action.yml @@ -85,7 +85,7 @@ runs: - name: Run mention reply agent id: run-mention-reply continue-on-error: true - uses: docker/cagent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 env: ACTION_PATH: ${{ github.action_path }} with: diff --git a/review-pr/reply/action.yml b/review-pr/reply/action.yml index 4f1cbdf..58919c5 100644 --- a/review-pr/reply/action.yml +++ b/review-pr/reply/action.yml @@ -76,7 +76,7 @@ runs: - name: Run reply agent id: run-reply continue-on-error: true - uses: docker/cagent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 + uses: docker/docker-agent-action@367a30ddb41e0156459d03750f508eac03f3c38a # v1.5.5 env: ACTION_PATH: ${{ github.action_path }} with: diff --git a/setup-credentials/action.yml b/setup-credentials/action.yml index b473956..f9c129c 100644 --- a/setup-credentials/action.yml +++ b/setup-credentials/action.yml @@ -22,5 +22,5 @@ runs: echo "::error::GITHUB_APP_TOKEN was not set — setup-credentials failed silently." exit 1 fi - # Export the repo root so callers can reach dist/ bundles via $CAGENT_ACTION_ROOT - echo "CAGENT_ACTION_ROOT=$(cd "$GITHUB_ACTION_PATH/.." && pwd)" >> "$GITHUB_ENV" + # Export the repo root so callers can reach dist/ bundles via $DOCKER_AGENT_ACTION_ROOT + echo "DOCKER_AGENT_ACTION_ROOT=$(cd "$GITHUB_ACTION_PATH/.." && pwd)" >> "$GITHUB_ENV" diff --git a/src/main/__tests__/binary.test.ts b/src/main/__tests__/binary.test.ts index 7630a84..6669116 100644 --- a/src/main/__tests__/binary.test.ts +++ b/src/main/__tests__/binary.test.ts @@ -148,7 +148,7 @@ describe('setupBinaries — local tool-cache hit', () => { expect(mockDownloadTool).not.toHaveBeenCalled(); expect(mockRestoreCache).not.toHaveBeenCalled(); expect(result.dockerAgentPath).toContain('docker-agent'); - expect(result.cagentVersion).toBe('v1.54.0'); + expect(result.dockerAgentVersion).toBe('v1.54.0'); expect(result.mcpInstalled).toBe(false); }); }); @@ -182,7 +182,7 @@ describe('setupBinaries — remote cache restore', () => { expect(mockDownloadTool).not.toHaveBeenCalled(); expect(mockCacheDir).toHaveBeenCalled(); // populates local cache - expect(result.cagentVersion).toBe('v1.54.0'); + expect(result.dockerAgentVersion).toBe('v1.54.0'); }); }); @@ -212,7 +212,7 @@ describe('setupBinaries — full download (no cache)', () => { expect(mockDownloadTool.mock.calls[0][2]).toBe('token ghs_token'); expect(mockSaveCache).toHaveBeenCalledOnce(); expect(mockCacheDir).toHaveBeenCalledOnce(); - expect(result.cagentVersion).toBe('v1.54.0'); + expect(result.dockerAgentVersion).toBe('v1.54.0'); expect(result.dockerAgentPath).toContain('docker-agent'); }); @@ -234,7 +234,7 @@ describe('setupBinaries — full download (no cache)', () => { mcpGatewayVersion: 'v0.22.0', }); - expect(result.cagentVersion).toBe('v1.54.0'); + expect(result.dockerAgentVersion).toBe('v1.54.0'); // warning was emitted (not a failure) const { warning } = await import('@actions/core'); expect(vi.mocked(warning)).toHaveBeenCalledWith( diff --git a/src/main/__tests__/main.integration.test.ts b/src/main/__tests__/main.integration.test.ts index 98026af..54da199 100644 --- a/src/main/__tests__/main.integration.test.ts +++ b/src/main/__tests__/main.integration.test.ts @@ -250,7 +250,7 @@ beforeEach(async () => { process.env.GITHUB_RUN_ID = '12345'; process.env.GITHUB_RUN_ATTEMPT = '1'; process.env.GITHUB_JOB = 'test-job'; - process.env.GITHUB_REPOSITORY = 'docker/cagent-action'; + process.env.GITHUB_REPOSITORY = 'docker/docker-agent-action'; process.env.GITHUB_WORKFLOW = 'Test'; // Reset all mock state @@ -292,7 +292,8 @@ describe('happy path — agent succeeds', () => { expect(outputCalls.authorized).toBe('skipped-by-caller'); expect(outputCalls['prompt-suspicious']).toBe('false'); expect(outputCalls['input-risk-level']).toBe('low'); - expect(outputCalls['cagent-version']).toBe(DOCKER_AGENT_VERSION); + expect(outputCalls['docker-agent-version']).toBe(DOCKER_AGENT_VERSION); + expect(outputCalls['cagent-version']).toBe(DOCKER_AGENT_VERSION); // backward compat alias expect(outputCalls['mcp-gateway-installed']).toBe('false'); expect(outputCalls['exit-code']).toBe('0'); expect(outputCalls['secrets-detected']).toBe('false'); diff --git a/src/main/__tests__/summary.test.ts b/src/main/__tests__/summary.test.ts index 70ae996..bde7395 100644 --- a/src/main/__tests__/summary.test.ts +++ b/src/main/__tests__/summary.test.ts @@ -51,7 +51,7 @@ const BASE_OPTS = { agent: 'docker/test-agent', exitCode: 0, executionTime: 42, - cagentVersion: 'v1.54.0', + dockerAgentVersion: 'v1.54.0', mcpInstalled: false, timeout: 0, }; diff --git a/src/main/binary.ts b/src/main/binary.ts index 0f790ba..1b66750 100644 --- a/src/main/binary.ts +++ b/src/main/binary.ts @@ -27,7 +27,7 @@ import * as tc from '@actions/tool-cache'; export interface BinarySetupResult { /** Version string of docker-agent that was installed/found. */ - cagentVersion: string; + dockerAgentVersion: string; /** Whether mcp-gateway was successfully installed. */ mcpInstalled: boolean; /** Absolute path to the docker-agent binary. */ @@ -286,5 +286,5 @@ export async function setupBinaries(opts: { core.info(`✅ mcp-gateway ${mcpGatewayVersion} installed`); } - return { cagentVersion: version, mcpInstalled, dockerAgentPath }; + return { dockerAgentVersion: version, mcpInstalled, dockerAgentPath }; } diff --git a/src/main/index.ts b/src/main/index.ts index 563e398..71382ef 100644 --- a/src/main/index.ts +++ b/src/main/index.ts @@ -138,7 +138,7 @@ async function run(): Promise { let verboseLogArtifactName = ''; let exitCode = 1; let executionTime = 0; - let cagentVersion = ''; + let dockerAgentVersion = ''; let mcpInstalled = false; let promptBlocked = false; let promptStripped = false; @@ -159,8 +159,8 @@ async function run(): Promise { // __DOCKER_AGENT_VERSION__ is a build-time constant injected by tsup (see // tsup.config.ts). This avoids a filesystem read at runtime that would // fail when ACTION_PATH resolves to a sub-directory (e.g. review-pr/). - cagentVersion = __DOCKER_AGENT_VERSION__; - core.debug(`Docker Agent version: ${cagentVersion}`); + dockerAgentVersion = __DOCKER_AGENT_VERSION__; + core.debug(`Docker Agent version: ${dockerAgentVersion}`); // ── Step 2: Validate inputs ─────────────────────────────────────────── const agent = core.getInput('agent', { required: true }); @@ -169,9 +169,9 @@ async function run(): Promise { return; } - if (!isValidVersion(cagentVersion)) { + if (!isValidVersion(dockerAgentVersion)) { core.setFailed( - `Invalid Docker Agent version format '${cagentVersion}'. Expected format: v1.2.3`, + `Invalid Docker Agent version format '${dockerAgentVersion}'. Expected format: v1.2.3`, ); return; } @@ -227,7 +227,7 @@ async function run(): Promise { if (debug) { core.debug(`agent: ${agent}`); - core.debug(`Docker Agent version: ${cagentVersion}`); + core.debug(`Docker Agent version: ${dockerAgentVersion}`); core.debug(`mcp-gateway: ${mcpGateway}, version: ${mcpGatewayVersion}`); } @@ -289,16 +289,17 @@ async function run(): Promise { // ── Step 6: Setup binaries ──────────────────────────────────────────── const binaryResult = await setupBinaries({ - version: cagentVersion, + version: dockerAgentVersion, mcpGateway, mcpGatewayVersion, githubToken: resolvedToken, debug, }); mcpInstalled = binaryResult.mcpInstalled; - cagentVersion = binaryResult.cagentVersion; + dockerAgentVersion = binaryResult.dockerAgentVersion; - core.setOutput('cagent-version', cagentVersion); + core.setOutput('docker-agent-version', dockerAgentVersion); + core.setOutput('cagent-version', dockerAgentVersion); // backward compat alias core.setOutput('mcp-gateway-installed', String(mcpInstalled)); // ── Step 7: Run docker-agent ────────────────────────────────────────── @@ -432,7 +433,7 @@ async function run(): Promise { agent: core.getInput('agent') || '', exitCode, executionTime, - cagentVersion, + dockerAgentVersion, mcpInstalled, timeout: parseInt(core.getInput('timeout') || '0', 10), outputFile: outputFile || undefined, diff --git a/src/main/summary.ts b/src/main/summary.ts index a35ce1b..6c7d00f 100644 --- a/src/main/summary.ts +++ b/src/main/summary.ts @@ -21,7 +21,7 @@ export interface WriteSummaryOptions { agent: string; exitCode: number; executionTime: number; - cagentVersion: string; + dockerAgentVersion: string; mcpInstalled: boolean; timeout: number; /** Path to the cleaned output file (may not exist if agent failed early). */ @@ -35,7 +35,8 @@ export interface WriteSummaryOptions { * Safe to call when outputFile is absent — will skip the output section. */ export async function writeJobSummary(opts: WriteSummaryOptions): Promise { - const { agent, exitCode, executionTime, cagentVersion, mcpInstalled, timeout, outputFile } = opts; + const { agent, exitCode, executionTime, dockerAgentVersion, mcpInstalled, timeout, outputFile } = + opts; let statusLine: string; if (exitCode === 0) { @@ -50,7 +51,7 @@ export async function writeJobSummary(opts: WriteSummaryOptions): Promise `| Agent | \`${agent}\` |`, `| Exit Code | ${exitCode} |`, `| Execution Time | ${executionTime}s |`, - `| Docker Agent Version | ${cagentVersion} |`, + `| Docker Agent Version | ${dockerAgentVersion} |`, `| MCP Gateway | ${mcpInstalled} |`, ]; if (timeout > 0) { diff --git a/src/mention-reply/__tests__/mention-reply.test.ts b/src/mention-reply/__tests__/mention-reply.test.ts index 11fc54b..fb0cca4 100644 --- a/src/mention-reply/__tests__/mention-reply.test.ts +++ b/src/mention-reply/__tests__/mention-reply.test.ts @@ -523,7 +523,7 @@ describe('run() — non-member', () => { 'docker', 'myrepo', 42, - expect.stringContaining(''), + expect.stringContaining(''), ); expect(core.setOutput).toHaveBeenCalledWith('should-reply', 'false'); expect(core.setFailed).not.toHaveBeenCalled(); @@ -727,7 +727,7 @@ describe('run() — pull_request_review_comment', () => { 'myrepo', 42, 77, - expect.stringContaining(''), + expect.stringContaining(''), ); expect(mockPostComment).not.toHaveBeenCalled(); expect(core.setOutput).toHaveBeenCalledWith('should-reply', 'false'); diff --git a/src/mention-reply/index.ts b/src/mention-reply/index.ts index 5ac164d..e6b3dd8 100644 --- a/src/mention-reply/index.ts +++ b/src/mention-reply/index.ts @@ -2,7 +2,7 @@ // SPDX-License-Identifier: Apache-2.0 /** - * Mention-reply handler for the cagent-action review pipeline. + * Mention-reply handler for the docker-agent-action review pipeline. * * Invoked by `.github/actions/mention-reply/action.yml` once per * issue_comment or pull_request_review_comment event that mentions @@ -263,7 +263,7 @@ export async function run(): Promise { const isMember = await checkOrgMembership(orgToken, 'docker', ctx.commentAuthor); if (!isMember) { core.info(`⏭️ ${ctx.commentAuthor} is not a docker org member — posting rejection`); - const rejectionBody = `Sorry @${ctx.commentAuthor}, I can only respond to Docker org members.\n\n`; + const rejectionBody = `Sorry @${ctx.commentAuthor}, I can only respond to Docker org members.\n\n`; try { // Reply in the same inline thread when triggered from an inline comment; // fall back to a PR-level Issues comment otherwise. diff --git a/src/post-comment/__tests__/post-comment.test.ts b/src/post-comment/__tests__/post-comment.test.ts index 6fdf19d..72a73f8 100644 --- a/src/post-comment/__tests__/post-comment.test.ts +++ b/src/post-comment/__tests__/post-comment.test.ts @@ -27,7 +27,7 @@ const TOKEN = 'fake-token'; const OWNER = 'docker'; const REPO = 'myrepo'; const ISSUE_NUMBER = 42; -const BODY = 'Hello from the agent.\n\n'; +const BODY = 'Hello from the agent.\n\n'; describe('postComment', () => { it('calls createComment with the correct parameters', async () => { diff --git a/src/post-mention-reply/__tests__/post-mention-reply.test.ts b/src/post-mention-reply/__tests__/post-mention-reply.test.ts index a62f21f..832155b 100644 --- a/src/post-mention-reply/__tests__/post-mention-reply.test.ts +++ b/src/post-mention-reply/__tests__/post-mention-reply.test.ts @@ -6,7 +6,7 @@ import { tmpdir } from 'node:os'; import { join } from 'node:path'; import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'; -const MARKER = ''; +const MARKER = ''; // --------------------------------------------------------------------------- // Hoist mock functions and MockOctokit class before vi.mock() calls @@ -112,7 +112,7 @@ describe('guard: output file missing', () => { // --------------------------------------------------------------------------- describe('guard: marker absent from output file', () => { - it('skips when output file has no marker', async () => { + it('skips when output file has no marker', async () => { writeFileSync(outputFile, 'Some agent content with no marker.'); await run({ ...BASE_CONFIG, outputFile }); diff --git a/src/post-mention-reply/index.ts b/src/post-mention-reply/index.ts index e596be7..abcc126 100644 --- a/src/post-mention-reply/index.ts +++ b/src/post-mention-reply/index.ts @@ -20,7 +20,7 @@ import { existsSync, readFileSync } from 'node:fs'; import { Octokit } from '@octokit/rest'; -export const MARKER = ''; +export const MARKER = ''; export interface PostMentionReplyConfig { secretsDetected: string; @@ -69,7 +69,7 @@ export async function run(config: PostMentionReplyConfig): Promise { // Guard 3: output file must contain the reply marker const fileContent = readFileSync(outputFile, 'utf-8'); if (!fileContent.includes(MARKER)) { - log('⏭️ Output file does not contain marker — skipping'); + log('⏭️ Output file does not contain marker — skipping'); return; } diff --git a/tsup.config.ts b/tsup.config.ts index 56e459f..3bb1665 100644 --- a/tsup.config.ts +++ b/tsup.config.ts @@ -53,7 +53,7 @@ export default defineConfig({ // Keep .js extension so the action can `node dist/credentials.js` directly. // Without this tsup would emit .mjs for ESM format. outExtension: () => ({ js: '.js' }), - // Sourcemaps disabled: this action is consumed via `uses: docker/cagent-action@v1`, + // Sourcemaps disabled: this action is consumed via `uses: docker/docker-agent-action@v1`, // which clones the tagged release including dist/. Sourcemaps would add ~10MB to every // consumer clone with no runtime benefit (Node doesn't load them by default). sourcemap: false,