Skip to content

Updated auto eval improve skill #229

Updated auto eval improve skill

Updated auto eval improve skill #229

# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
# Source repo request workflow for NVSkills CI (signing pipeline).
# Triggered by a maintainer/admin commenting `/nvskills-ci` on a PR
# that changes skills/, OR by the signature-push back from
# nv-skills-ci[bot].
#
# Inlined version (provided by NVCARPS team) — no `uses:` reusable
# workflow call to avoid the public→internal access restriction.
# Instead, dispatches NVIDIA/nvskills-ci:nvskills-ci.yml via the GitHub
# REST API with the NVSKILLS_CI_DISPATCH_TOKEN secret.
#
# Onboarding tracked in NVBug 6209970.
name: Request NVSkills CI
on:
issue_comment:
types: [created]
push:
permissions:
contents: read
pull-requests: read
jobs:
request:
if: >
(github.event_name == 'issue_comment' &&
github.event.issue.pull_request &&
startsWith(github.event.comment.body, '/nvskills-ci')) ||
(github.event_name == 'push' &&
github.actor == (vars.NVSKILLS_SIGNATURE_PUSH_ACTOR || 'nv-skills-ci[bot]') &&
startsWith(github.event.head_commit.message, vars.NVSKILLS_SIGNATURE_COMMIT_TITLE || 'Attach NVSkills validation signatures'))
runs-on: ubuntu-latest
concurrency:
group: nvskills-ci-request-${{ github.repository }}-${{ github.event.issue.number || github.sha }}
cancel-in-progress: true
steps:
- name: Validate requester permission
if: ${{ github.event_name == 'issue_comment' }}
env:
GH_TOKEN: ${{ github.token }}
REPO: ${{ github.repository }}
ACTOR: ${{ github.actor }}
run: |
set -euo pipefail
permission_response="$(curl -fsSL \
-H "Authorization: Bearer ${GH_TOKEN}" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/${REPO}/collaborators/${ACTOR}/permission")"
allowed="$(printf '%s' "${permission_response}" | jq -r '
(.permission == "admin") or
(.role_name == "admin") or
(.role_name == "maintain") or
(.user.permissions.admin == true) or
(.user.permissions.maintain == true)
')"
if [ "${allowed}" != "true" ]; then
echo "Requester must have maintain or admin permission"
exit 1
fi
- name: Resolve request context
id: context
env:
GH_TOKEN: ${{ github.token }}
EVENT_NAME: ${{ github.event_name }}
REPO: ${{ github.repository }}
ISSUE_PR_NUMBER: ${{ github.event.issue.number || '' }}
HEAD_SHA: ${{ github.sha }}
HEAD_COMMIT_MESSAGE: ${{ github.event.head_commit.message || '' }}
SIGNATURE_COMMIT_TITLE: ${{ vars.NVSKILLS_SIGNATURE_COMMIT_TITLE || 'Attach NVSkills validation signatures' }}
SIGNATURE_PUSH_ACTOR: ${{ vars.NVSKILLS_SIGNATURE_PUSH_ACTOR || 'nv-skills-ci[bot]' }}
ACTOR: ${{ github.actor }}
run: |
set -euo pipefail
owner="${REPO%%/*}"
repo="${REPO#*/}"
pr_number="${ISSUE_PR_NUMBER}"
commit_title="$(printf '%s' "${HEAD_COMMIT_MESSAGE}" | sed -n '1p')"
if [ "${EVENT_NAME}" = "push" ]; then
if [ "${commit_title}" != "${SIGNATURE_COMMIT_TITLE}" ]; then
echo "Push is not the configured NVSkills signature commit; skipping dispatch."
exit 0
fi
if [ "${ACTOR}" != "${SIGNATURE_PUSH_ACTOR}" ]; then
echo "Push actor ${ACTOR} is not the configured NVSkills signing actor; skipping dispatch."
exit 0
fi
prs_json="$(curl -fsSL \
-H "Authorization: Bearer ${GH_TOKEN}" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/${owner}/${repo}/commits/${HEAD_SHA}/pulls")"
pr_number="$(printf '%s' "${prs_json}" | jq -r '[.[] | select(.state == "open")][0].number // empty')"
if [ -z "${pr_number}" ]; then
echo "No open pull request is associated with the signature commit; skipping dispatch."
exit 0
fi
fi
if [ -z "${pr_number}" ]; then
echo "Pull request number could not be resolved."
exit 1
fi
pr_json="$(curl -fsSL \
-H "Authorization: Bearer ${GH_TOKEN}" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/${owner}/${repo}/pulls/${pr_number}")"
head_sha="$(printf '%s' "${pr_json}" | jq -r '.head.sha')"
base_ref="$(printf '%s' "${pr_json}" | jq -r '.base.ref')"
if [ "${EVENT_NAME}" != "push" ]; then
commit_json="$(curl -fsSL \
-H "Authorization: Bearer ${GH_TOKEN}" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/${owner}/${repo}/commits/${head_sha}")"
commit_title="$(printf '%s' "${commit_json}" | jq -r '.commit.message | split("\n")[0]')"
fi
has_watched_change=false
page=1
while true; do
files_json="$(curl -fsSL \
-H "Authorization: Bearer ${GH_TOKEN}" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/${owner}/${repo}/pulls/${pr_number}/files?per_page=100&page=${page}")"
if printf '%s' "${files_json}" | jq -e '
any(.[]; .filename |
startswith("skills/") or
startswith("team-skills/") or
startswith("rules/team-rules/") or
startswith("plugins/")
)
' >/dev/null; then
has_watched_change=true
break
fi
if [ "$(printf '%s' "${files_json}" | jq 'length')" -lt 100 ]; then
break
fi
page=$((page + 1))
done
if [ "${has_watched_change}" != "true" ]; then
{
echo "## NVSkills CI request"
echo
echo "Skipped: no changes under \`skills/\`, \`team-skills/\`, \`rules/team-rules/\`, or \`plugins/\`."
} >> "${GITHUB_STEP_SUMMARY}"
exit 0
fi
{
echo "should_dispatch=true"
echo "pr_number=${pr_number}"
echo "head_sha=${head_sha}"
echo "base_ref=${base_ref}"
echo "commit_title=${commit_title}"
} >> "${GITHUB_OUTPUT}"
- name: Dispatch NVSkills CI
if: steps.context.outputs.should_dispatch == 'true'
env:
DISPATCH_TOKEN: ${{ secrets.NVSKILLS_CI_DISPATCH_TOKEN }}
REPO: ${{ github.repository }}
PR_NUMBER: ${{ steps.context.outputs.pr_number }}
REQUEST_HEAD_SHA: ${{ steps.context.outputs.head_sha }}
REQUEST_BASE_REF: ${{ steps.context.outputs.base_ref }}
REQUEST_COMMIT_TITLE: ${{ steps.context.outputs.commit_title }}
REQUEST_COMMENT_ID: ${{ github.event.comment.id || '' }}
REQUEST_RUN_ID: ${{ github.run_id }}
REQUESTED_BY: ${{ github.actor }}
run: |
set -euo pipefail
if [ -z "${DISPATCH_TOKEN}" ]; then
echo "Missing NVSKILLS_CI_DISPATCH_TOKEN secret."
exit 1
fi
owner="${REPO%%/*}"
repo="${REPO#*/}"
curl -fsSL -X POST \
-H "Authorization: Bearer ${DISPATCH_TOKEN}" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/NVIDIA/nvskills-ci/actions/workflows/nvskills-ci.yml/dispatches" \
-d "$(jq -n \
--arg ref "main" \
--arg source_owner "${owner}" \
--arg source_repo "${repo}" \
--arg pr_number "${PR_NUMBER}" \
--arg request_run_id "${REQUEST_RUN_ID}" \
--arg request_head_sha "${REQUEST_HEAD_SHA}" \
--arg request_base_ref "${REQUEST_BASE_REF}" \
--arg request_commit_title "${REQUEST_COMMIT_TITLE}" \
--arg request_comment_id "${REQUEST_COMMENT_ID}" \
--arg requested_by "${REQUESTED_BY}" \
'{ref: $ref, inputs: {
source_owner: $source_owner,
source_repo: $source_repo,
pr_number: $pr_number,
request_run_id: $request_run_id,
request_head_sha: $request_head_sha,
request_base_ref: $request_base_ref,
request_commit_title: $request_commit_title,
request_comment_id: $request_comment_id,
requested_by: $requested_by
}}')"