-
Notifications
You must be signed in to change notification settings - Fork 88
203 lines (159 loc) · 7.61 KB
/
amber-dependency-sync.yml
File metadata and controls
203 lines (159 loc) · 7.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
name: Amber Knowledge Sync - Dependencies
on:
schedule:
# Run daily at 7 AM UTC
- cron: '0 7 * * *'
workflow_dispatch: # Allow manual triggering
permissions:
contents: write # Required to commit changes
issues: write # Required to create constitution violation issues
jobs:
sync-dependencies:
name: Update Amber's Dependency Knowledge
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
ref: main
token: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Python
uses: actions/setup-python@v6
with:
python-version: '3.11'
cache: 'pip'
- name: Install dependencies
run: |
# Install toml parsing library (prefer tomli for Python <3.11 compatibility)
pip install tomli 2>/dev/null || echo "tomli not available, will use manual parsing"
- name: Run dependency sync script
id: sync
run: |
echo "Running Amber dependency sync..."
python scripts/sync-amber-dependencies.py
# Check if agent file was modified
if git diff --quiet agents/amber.md; then
echo "changed=false" >> $GITHUB_OUTPUT
echo "No changes detected - dependency versions are current"
else
echo "changed=true" >> $GITHUB_OUTPUT
echo "Changes detected - will commit update"
fi
- name: Validate sync accuracy
run: |
echo "🧪 Validating dependency extraction..."
# Spot check: Verify K8s version matches
K8S_IN_GOMOD=$(grep "k8s.io/api" components/backend/go.mod | awk '{print $2}' | sed 's/v//')
K8S_IN_AMBER=$(grep "k8s.io/{api" agents/amber.md | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)
if [ "$K8S_IN_GOMOD" != "$K8S_IN_AMBER" ]; then
echo "❌ K8s version mismatch: go.mod=$K8S_IN_GOMOD, Amber=$K8S_IN_AMBER"
exit 1
fi
echo "✅ Validation passed: Kubernetes $K8S_IN_GOMOD"
- name: Validate constitution compliance
id: constitution_check
run: |
echo "🔍 Checking Amber's alignment with ACP Constitution..."
# Check if Amber enforces required principles
VIOLATIONS=""
# Principle III: Type Safety - Check for panic() enforcement
if ! grep -q "FORBIDDEN.*panic()" agents/amber.md; then
VIOLATIONS="${VIOLATIONS}\n- Missing Principle III enforcement: No panic() rule"
fi
# Principle IV: TDD - Check for Red-Green-Refactor mention
if ! grep -qi "Red-Green-Refactor\|Test-Driven Development" agents/amber.md; then
VIOLATIONS="${VIOLATIONS}\n- Missing Principle IV enforcement: TDD requirements"
fi
# Principle VI: Observability - Check for structured logging
if ! grep -qi "structured logging" agents/amber.md; then
VIOLATIONS="${VIOLATIONS}\n- Missing Principle VI enforcement: Structured logging"
fi
# Principle VIII: Context Engineering - CRITICAL
if ! grep -q "200K token\|context budget" agents/amber.md; then
VIOLATIONS="${VIOLATIONS}\n- Missing Principle VIII enforcement: Context engineering"
fi
# Principle X: Commit Discipline
if ! grep -qi "conventional commit" agents/amber.md; then
VIOLATIONS="${VIOLATIONS}\n- Missing Principle X enforcement: Commit discipline"
fi
# Security: User token requirement
if ! grep -q "GetK8sClientsForRequest" agents/amber.md; then
VIOLATIONS="${VIOLATIONS}\n- Missing Principle II enforcement: User token authentication"
fi
if [ -n "$VIOLATIONS" ]; then
echo "constitution_violations<<EOF" >> $GITHUB_OUTPUT
echo -e "$VIOLATIONS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
echo "violations_found=true" >> $GITHUB_OUTPUT
echo "⚠️ Constitution violations detected (will file issue)"
else
echo "violations_found=false" >> $GITHUB_OUTPUT
echo "✅ Constitution compliance verified"
fi
- name: File constitution violation issue
if: steps.constitution_check.outputs.violations_found == 'true'
uses: actions/github-script@v8
with:
script: |
const violations = `${{ steps.constitution_check.outputs.constitution_violations }}`;
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: '🚨 Amber Constitution Compliance Violations Detected',
body: `## Constitution Violations in Amber Agent Definition
**Date**: ${new Date().toISOString().split('T')[0]}
**Agent File**: \`agents/amber.md\`
**Constitution**: \`.specify/memory/constitution.md\` (v1.0.0)
### Violations Detected:
${violations}
### Required Actions:
1. Review Amber's agent definition against the ACP Constitution
2. Add missing principle enforcement rules
3. Update Amber's behavior guidelines to include constitution compliance
4. Verify fix by running: \`gh workflow run amber-dependency-sync.yml\`
### Related Documents:
- ACP Constitution: \`.specify/memory/constitution.md\`
- Amber Agent: \`agents/amber.md\`
- Implementation Plan: \`docs/implementation-plans/amber-implementation.md\`
**Priority**: P1 - Amber must follow and enforce the constitution
**Labels**: amber, constitution, compliance
---
*Auto-filed by Amber dependency sync workflow*`,
labels: ['amber', 'constitution', 'compliance', 'automated']
});
- name: Display changes
if: steps.sync.outputs.changed == 'true'
run: |
echo "📝 Changes to Amber's dependency knowledge:"
git diff agents/amber.md
- name: Commit and push changes
if: steps.sync.outputs.changed == 'true'
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add agents/amber.md
# Generate commit message with timestamp
COMMIT_DATE=$(date +%Y-%m-%d)
git commit -m "chore(amber): sync dependency versions - ${COMMIT_DATE}
🤖 Automated daily knowledge sync
Updated Amber's dependency knowledge with current versions from:
- components/backend/go.mod
- components/operator/go.mod
- components/runners/ambient-runner/pyproject.toml
- components/frontend/package.json
This ensures Amber has accurate knowledge of our dependency stack
for codebase analysis, security monitoring, and upgrade planning.
Co-Authored-By: Amber <noreply@ambient-code.ai>"
git push
- name: Summary
if: always()
run: |
if [ "${{ steps.sync.outputs.changed }}" == "true" ]; then
echo "## ✅ Amber Knowledge Updated" >> $GITHUB_STEP_SUMMARY
echo "Dependency versions synced from go.mod, pyproject.toml, package.json" >> $GITHUB_STEP_SUMMARY
elif [ "${{ job.status }}" == "failure" ]; then
echo "## ⚠️ Sync Failed" >> $GITHUB_STEP_SUMMARY
echo "Check logs above. Common issues: missing dependency files, AUTO-GENERATED markers" >> $GITHUB_STEP_SUMMARY
else
echo "## ✓ No Changes Needed" >> $GITHUB_STEP_SUMMARY
fi