Skip to content
TedTheBot (draft + approval)

bug: flet_map.Marker/CircleMarker updating behavior #35

Sign in to view logs

bug: flet_map.Marker/CircleMarker updating behavior

bug: flet_map.Marker/CircleMarker updating behavior #35

Workflow file for this run

.github/workflows/ted.yml at 0fefe8c
name: TedTheBot (draft + approval)
on:
issues:
types: [opened, edited, reopened]
issue_comment:
types: [created]
permissions:
contents: read
issues: write
jobs:
draft:
runs-on: ubuntu-latest
# Skip PRs (issue_comment fires on PRs too)
if: >
(github.event_name != 'issue_comment') ||
(github.event.issue.pull_request == null)
outputs:
should_post: ${{ steps.readout.outputs.should_post }}
steps:
- uses: actions/checkout@v4
# Optional: only act on trusted commenters
- name: Guard - trusted commenters only
if: github.event_name == 'issue_comment'
run: |
set -euo pipefail
assoc="${{ github.event.comment.author_association }}"
case "$assoc" in
OWNER|MEMBER|COLLABORATOR) exit 0 ;;
*) echo "Untrusted author_association=$assoc; skipping."; exit 0 ;;
esac
# IMPORTANT: read comment body safely from $GITHUB_EVENT_PATH (no inline expansion)
- name: Guard - skip bots and /ted commands (safe)
if: github.event_name == 'issue_comment'
run: |
set -euo pipefail
actor="${{ github.actor }}"
body="$(jq -r '.comment.body // ""' "$GITHUB_EVENT_PATH")"
if [[ "$actor" == *"[bot]" ]] || [[ "$actor" == "github-actions" ]] || [[ "$actor" == "github-actions[bot]" ]]; then
echo "Bot actor ($actor); skipping."
exit 0
fi
- name: Install Codex CLI
run: |
set -euo pipefail
curl -L -o /tmp/codex.tgz \
https://github.com/openai/codex/releases/latest/download/codex-x86_64-unknown-linux-musl.tar.gz
tar -xzf /tmp/codex.tgz -C /tmp
mv /tmp/codex-x86_64-unknown-linux-musl /usr/local/bin/codex
chmod +x /usr/local/bin/codex
codex --version
# IAT for MCP reads during drafting
- name: Create GitHub App token (IAT)
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.TED_APP_ID }}
private-key: ${{ secrets.TED_APP_PRIVATE_KEY }}
- name: Configure Codex MCP (remote GitHub MCP)
run: |
set -euo pipefail
mkdir -p ~/.codex
cat > ~/.codex/config.toml <<'TOML'
[mcp_servers.github]
url = "https://api.githubcopilot.com/mcp/"
bearer_token_env_var = "GITHUB_MCP_BEARER"
http_headers = { "X-MCP-Toolsets" = "context,issues,repos" }
startup_timeout_sec = 20
tool_timeout_sec = 60
enabled = true
TOML
- name: Prepare prompt (from files) + schema + payload
run: |
set -euo pipefail
mkdir -p .ted
# Save event payload for Codex to read
cp "$GITHUB_EVENT_PATH" .ted/event.json
# Output schema for draft phase
cat > .ted/draft.schema.json <<'JSON'
{
"type": "object",
"properties": {
"should_post": { "type": "boolean" },
"draft_body": { "type": "string" }
},
"required": ["should_post", "draft_body"],
"additionalProperties": false
}
JSON
# Build prompt from agent file + a small task wrapper (no hard-coded agent rules here)
cat .codex/agents/tedthebot.md > .ted/prompt.txt
cat >> .ted/prompt.txt <<'PROMPT'
---
DRAFT PHASE TASK
The GitHub webhook payload is in: .ted/event.json
Produce JSON that matches .ted/draft.schema.json:
- should_post: true only if a helpful reply is warranted
- draft_body: the proposed reply in GitHub-flavored Markdown
Constraints:
- Do NOT post to GitHub in draft phase.
- If you need more context, use GitHub MCP tools to read the issue and recent comments.
PROMPT
- name: Run Codex (generate draft only)
env:
CODEX_API_KEY: ${{ secrets.OPENAI_API_KEY }}
GITHUB_MCP_BEARER: ${{ steps.app-token.outputs.token }}
run: |
set -euo pipefail
codex exec --output-schema .ted/draft.schema.json -o .ted/draft.json "$(cat .ted/prompt.txt)"
cat .ted/draft.json
- name: Expose should_post output
id: readout
run: |
set -euo pipefail
should="$(jq -r '.should_post' .ted/draft.json)"
echo "should_post=$should" >> "$GITHUB_OUTPUT"
- name: Write draft to job summary (private)
run: |
set -euo pipefail
should="$(jq -r '.should_post' .ted/draft.json)"
echo "## 🤖 TedTheBot draft" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "**should_post:** \`$should\`" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "### Proposed reply" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
echo '```md' >> "$GITHUB_STEP_SUMMARY"
jq -r '.draft_body' .ted/draft.json >> "$GITHUB_STEP_SUMMARY"
echo '```' >> "$GITHUB_STEP_SUMMARY"
- name: Upload draft artifact (private)
uses: actions/upload-artifact@v4
with:
name: ted-draft
path: .ted/draft.json
post:
needs: draft
runs-on: ubuntu-latest
if: needs.draft.outputs.should_post == 'true'
# Approval gate — configure in repo Settings → Environments → "ted-approval"
environment: ted-approval
steps:
- uses: actions/checkout@v4
- name: Download draft artifact
uses: actions/download-artifact@v4
with:
name: ted-draft
path: .ted
- name: Capture target repo + issue
run: |
set -euo pipefail
echo "${{ github.repository }}" > .ted/target_repo.txt
echo "${{ github.event.issue.number }}" > .ted/target_issue.txt
echo "Target repo: $(cat .ted/target_repo.txt)"
echo "Target issue: $(cat .ted/target_issue.txt)"
- name: Install Codex CLI
run: |
set -euo pipefail
curl -L -o /tmp/codex.tgz \
https://github.com/openai/codex/releases/latest/download/codex-x86_64-unknown-linux-musl.tar.gz
tar -xzf /tmp/codex.tgz -C /tmp
mv /tmp/codex-x86_64-unknown-linux-musl /usr/local/bin/codex
chmod +x /usr/local/bin/codex
codex --version
# Fresh IAT here (the action revokes tokens after the job by default)
- name: Create GitHub App token (IAT)
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.TED_APP_ID }}
private-key: ${{ secrets.TED_APP_PRIVATE_KEY }}
- name: Configure Codex MCP (remote GitHub MCP)
run: |
set -euo pipefail
mkdir -p ~/.codex
cat > ~/.codex/config.toml <<'TOML'
[mcp_servers.github]
url = "https://api.githubcopilot.com/mcp/"
bearer_token_env_var = "GITHUB_MCP_BEARER"
http_headers = { "X-MCP-Toolsets" = "context,issues,repos" }
startup_timeout_sec = 20
tool_timeout_sec = 60
enabled = true
TOML
- name: Post approved draft via MCP (no edits)
env:
CODEX_API_KEY: ${{ secrets.OPENAI_API_KEY }}
GITHUB_MCP_BEARER: ${{ steps.app-token.outputs.token }}
run: |
set -euo pipefail
body="$(jq -r '.draft_body' .ted/draft.json)"
cat > .ted/post.schema.json <<'JSON'
{ "type":"object", "properties": { "posted": { "type":"boolean" } }, "required":["posted"], "additionalProperties": false }
JSON
# Build prompt from agent file + post task wrapper
cat .codex/agents/tedthebot.md > .ted/post.prompt.txt
cat >> .ted/post.prompt.txt <<PROMPT
---
POST PHASE TASK (APPROVED)
You MUST post the comment using GitHub MCP to:
Repository: read from file .ted/target_repo.txt
Issue number: read from file .ted/target_issue.txt
You are NOT allowed to infer or guess the repository or issue.
Post EXACTLY the following comment body to the issue that triggered this workflow using the MCP tool "github__add_issue_comment".
Do not reword or edit. Use the correct owner/repo and issue number for the triggering issue.
Comment body:
---
${body}
---
Output {"posted": true} only if the MCP tool call succeeded.
PROMPT
codex exec --json --output-schema .ted/post.schema.json -o .ted/post.out.json "$(cat .ted/post.prompt.txt)" | tee .ted/codex_events.jsonl
echo "===== Result ====="
cat .ted/post.out.json
echo "===== Tool-call diagnostics (grep) ====="
grep -Ei 'tool|error|fail|unauthorized|forbidden|readonly' .ted/codex_events.jsonl || true