fix: blend generation — compile, module org (#61) + fidelity defects (#63) #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Yama PR Review — AI code review on PRs targeting the configured branch(es). | |
| # | |
| # Generated by scripts/setup-github.sh (https://github.com/juspay/yama). Powered | |
| # by the published @juspay/yama action: it reads the PR through the hosted GitHub | |
| # MCP server, walks the diff, and posts inline review comments + a verdict. The | |
| # review RULES come from THIS repo — Yama auto-loads CLAUDE.md and CONTRIBUTING.md | |
| # when present; focus areas / blocking criteria live in yama.config.yaml. | |
| # | |
| # Required repository secrets (Settings → Secrets and variables → Actions): | |
| # YAMA_GITHUB_TOKEN : a REAL GitHub PAT — fine-grained with "Pull requests: | |
| # Read and write" + "Contents: Read", OR a classic PAT with | |
| # `repo`. The hosted GitHub MCP endpoint rejects the | |
| # ephemeral Actions GITHUB_TOKEN, so this is mandatory. | |
| # LITELLM_BASE_URL : LiteLLM proxy base URL (reachable from GitHub runners). | |
| # LITELLM_API_KEY : LiteLLM proxy API key. | |
| # | |
| # Fork PRs (which can't read secrets) and runs with missing secrets are skipped | |
| # cleanly — the check passes so it never deadlocks merges. | |
| name: 'Yama PR Review' | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| branches: [main] | |
| concurrency: | |
| group: yama-review-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| yama-review: | |
| # This job name IS the status-check context. To make Yama a REQUIRED check, | |
| # add a context named exactly "Yama PR Review" to the branch protection rule. | |
| name: 'Yama PR Review' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| # A required check must always report a conclusion, so when it can't run | |
| # (fork / missing secrets) we PASS instead of skipping, to avoid blocking | |
| # merges forever. | |
| - name: Preflight (fork + secrets) | |
| id: gate | |
| env: | |
| PAT: ${{ secrets.YAMA_GITHUB_TOKEN }} | |
| LITELLM_BASE_URL: ${{ secrets.LITELLM_BASE_URL }} | |
| LITELLM_API_KEY: ${{ secrets.LITELLM_API_KEY }} | |
| IS_SAME_REPO: ${{ github.event.pull_request.head.repo.full_name == github.repository }} | |
| run: | | |
| if [ "$IS_SAME_REPO" != "true" ]; then | |
| echo "::notice::Fork PR — repository secrets are unavailable; skipping Yama review (check passes)." | |
| echo "run=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| if [ -z "$PAT" ] || [ -z "$LITELLM_BASE_URL" ] || [ -z "$LITELLM_API_KEY" ]; then | |
| echo "::notice::Missing one or more required secrets (see workflow header); skipping Yama review (check passes)." | |
| echo "run=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| echo "run=true" >> "$GITHUB_OUTPUT" | |
| - name: Checkout | |
| if: steps.gate.outputs.run == 'true' | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| # Yama authenticates with its own PAT; don't leave the ephemeral Actions | |
| # token in .git/config. | |
| persist-credentials: false | |
| - name: Yama Review | |
| if: steps.gate.outputs.run == 'true' | |
| id: yama | |
| # Don't auto-fail the job on the action's exit code — the next step maps | |
| # the verdict to the check result explicitly. | |
| continue-on-error: true | |
| # External consumer → published action. For strict supply-chain | |
| # immutability pin the full commit SHA behind this ref. | |
| uses: juspay/yama@v2.7.1 | |
| with: | |
| github-token: ${{ secrets.YAMA_GITHUB_TOKEN }} | |
| ai-provider: litellm | |
| ai-model: private-large | |
| litellm-base-url: ${{ secrets.LITELLM_BASE_URL }} | |
| litellm-api-key: ${{ secrets.LITELLM_API_KEY }} | |
| config-path: yama.config.yaml | |
| # Review only — post inline comments + a verdict; never rewrite the PR | |
| # description. | |
| skip-description-enhance: "true" | |
| - name: Enforce verdict | |
| if: steps.gate.outputs.run == 'true' | |
| env: | |
| DECISION: ${{ steps.yama.outputs.decision }} | |
| OUTCOME: ${{ steps.yama.outcome }} | |
| run: | | |
| echo "Yama decision: ${DECISION:-<none>} (action outcome: ${OUTCOME})" | |
| # No verdict + failed action = the review couldn't complete (build / MCP | |
| # / provider error), not a code judgement. Fail so it's visible; re-run | |
| # the job to retry transient failures. | |
| if [ "$OUTCOME" != "success" ] && [ -z "$DECISION" ]; then | |
| echo "::error::Yama could not complete the review (infrastructure error, not a code verdict). Re-run this job to retry." | |
| exit 1 | |
| fi | |
| if [ "$DECISION" = "BLOCKED" ]; then | |
| echo "::error::Yama BLOCKED this PR. Resolve the blocking issues flagged in the review, then push an update." | |
| exit 1 | |
| fi | |
| echo "Yama review passed (decision=${DECISION:-APPROVED})." |