diff --git a/.github/prompts/triage.md b/.github/prompts/triage.md deleted file mode 100644 index 5035d6c..0000000 --- a/.github/prompts/triage.md +++ /dev/null @@ -1,82 +0,0 @@ -You are triaging an issue on the `Oddly/elasticstack` repository — an Ansible -collection that deploys Elasticsearch, Kibana, Logstash, Beats, and Fleet Server -onto Linux hosts via molecule-tested roles. The project is maintained by one -developer. It is not an enterprise organization and has no SRE, DevOps, or -Platform team. - -Read the issue carefully. Then use the tools available to you (Read, Grep, -Glob, git, gh) to ground-truth anything the issue claims about the codebase — -role directories under `roles/`, molecule scenarios under `molecule/`, CI -workflows under `.github/workflows/` or `.gitea/workflows/`, and module plugins -under `plugins/modules/`. If the issue references a file, variable, or task -name, confirm it exists before quoting it. - -Produce a single comment in Markdown with exactly these four sections, in this -order, and nothing else: - -## Severity - -Start this section with exactly one of these four tokens, wrapped in -backticks, with no bold, italics, quotes, period, or any other punctuation -attached to the token itself: - -```text -`critical` `high` `medium` `low` -``` - -After the backticked token, on the same line, an em-dash and a one-sentence -justification grounded in concrete user-visible impact to people running -this collection (deployment breakage, silent misconfiguration, security -exposure, upgrade risk, test reliability, maintenance drag). Do not -reference business continuity, SLAs, or compliance. - -Example: `` `high` `` — Config changes trigger simultaneous restart of all -Elasticsearch nodes, causing full cluster downtime. - -## Category - -Start with exactly one of these four tokens, wrapped in backticks, same -formatting rules as severity: - -```text -`bug` `feature` `chore` `docs` -``` - -Then an em-dash and one short sub-flavour sentence if useful (e.g. -"bug — molecule coverage gap", "chore — CI tuning"). No more. - -## Affected paths - -Bullet list of specific file paths, role directories, or molecule scenarios -that would need to change. Verify each path exists. If the fix touches -variables, name them. If you cannot locate the relevant code from the issue -description, say "Code location not determined — needs investigation" and -stop — do not guess. - -## Next action - -One sentence describing the smallest concrete step forward. Examples: "Add a -`kibana_tls`-aware URL template in `roles/kibana/tasks/main.yml:152` and extend -the `kibana_tls` molecule scenario's verify.yml to assert health-check success -over HTTPS." Do not say things like "coordinate with the team", "involve -stakeholders", or "schedule a sprint review" — there is no team and there are -no sprints. - -## Hard rules - -- Do NOT invent personas like "DevOps Engineers", "Site Reliability Engineers", - "Platform Engineers", "Release Managers", "Operations Teams", or "Security - Team". One developer maintains this. Any section of a comment that lists - affected "roles" in the personnel sense is wrong. -- Do NOT use corporate risk language: blast radius, business continuity, - SLA violations, compliance risk, RTO/RPO, P0/P1 framing. -- Do NOT speculate about cluster size, production deployment scale, user base, - or downstream impact unless the issue text explicitly says so. -- Do NOT pad the comment with summary/rationale boilerplate. If the issue - body already analyzes the problem well, acknowledge that and skip straight - to the next action. -- Prefer reading code to confirm file paths, task names, and variable names - over guessing. When in doubt, grep. - -If the issue is obviously a duplicate, stale, or already fixed on main, say so -in the `Next action` section instead of producing a full triage. diff --git a/.github/workflows/claude.yaml b/.github/workflows/claude.yaml deleted file mode 100644 index 090ce0d..0000000 --- a/.github/workflows/claude.yaml +++ /dev/null @@ -1,68 +0,0 @@ -name: 'Claude Code' - -# Mention-gated interactive workflow: @claude in an issue body, an issue -# comment, a PR review comment, or a PR review fires Claude in free-form -# mode. Pattern ported from norrietaylor/distillery .github/workflows/claude.yml -# — kept deliberately close to the upstream shape so we get the benefit of -# whatever Norrie tunes there over time. -# -# Paired with `claude-triage.yaml` which auto-triages issues the maintainer -# opens, without requiring an explicit @claude mention. See that workflow's -# `if:` gate for the author check. - -on: - issue_comment: - types: [created] - pull_request_review_comment: - types: [created] - issues: - types: [opened, assigned] - pull_request_review: - types: [submitted] - -# Suppress duplicate runs when @claude is mentioned multiple times in rapid -# succession on the same issue/PR/comment thread. Cancels in-flight runs so -# only the most recent invocation completes — keeps token spend bounded if -# you accidentally double-ping. -concurrency: - group: claude-code-${{ github.event.issue.number || github.event.pull_request.number || github.event.comment.id || github.run_id }} - cancel-in-progress: true - -jobs: - claude: - # Only Oddly can invoke Claude. The @claude mention is still required — - # someone (only Oddly) has to explicitly ask — but on top of that the - # actor check means anyone else dropping @claude in a comment, issue, or - # review gets silently ignored. No LLM spend from drive-by mentions. - if: | - github.actor == 'Oddly' && ( - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || - (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) - ) - # Self-hosted runners (incus-ci LXC 305) so @claude has access to the - # internal lab network — gitea, distillery (LXC 800), and any other - # 172.30.0.0/16 service. Distillery isn't auto-registered here because - # the interactive workflow doesn't load a triage prompt; if you want - # KB access in a free-form @claude session, mention it explicitly. - runs-on: self-hosted - permissions: - contents: read - pull-requests: read - issues: read - actions: read # Required for Claude to read CI results on PRs - id-token: write # Required by anthropics/claude-code-action for OIDC auth - steps: - - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - fetch-depth: 1 - - - name: Run Claude Code - id: claude - uses: anthropics/claude-code-action@b47fd721da662d48c5680e154ad16a73ed74d2e0 # v1 - with: - claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - additional_permissions: | - actions: read diff --git a/scripts/claude-triage-dry-run.sh b/scripts/claude-triage-dry-run.sh deleted file mode 100755 index 635a594..0000000 --- a/scripts/claude-triage-dry-run.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env bash -# claude-triage-dry-run.sh — preview what the Claude: Triage workflow would -# post on an issue, without touching it. -# -# Usage: -# scripts/claude-triage-dry-run.sh -# REPO=Oddly/elasticstack scripts/claude-triage-dry-run.sh 121 -# -# Runs claude-code locally in print mode (-p) against the SAME prompt the -# production workflow uses (.github/prompts/triage.md), seeded with the issue -# metadata pulled from gh. Claude has read-only access to the repo and to gh -# issue/search/api. It writes its proposed comment to stdout and exits. -# -# Nothing is posted to the issue. This is strictly a client-side preview. -# -# Requirements: -# - claude CLI on PATH, authenticated (subscription or CLAUDE_CODE_OAUTH_TOKEN) -# - gh CLI on PATH, authenticated for the target repo -# - Run from inside a checkout of the repo (so Claude can grep/read files) - -set -euo pipefail - -issue_number="${1:?usage: $0 }" -repo="${REPO:-Oddly/elasticstack}" - -script_dir="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)" -repo_root="$(cd -- "$script_dir/.." && pwd)" -prompt_file="$repo_root/.github/prompts/triage.md" - -if [[ ! -f "$prompt_file" ]]; then - echo "error: prompt file not found at $prompt_file" >&2 - exit 1 -fi - -# Claude needs to read/grep the repo from its root for the triage to be -# code-grounded. Anchor cwd here regardless of where the user invoked us. -cd "$repo_root" - -command -v claude >/dev/null || { echo "error: claude CLI not on PATH" >&2; exit 1; } -command -v gh >/dev/null || { echo "error: gh CLI not on PATH" >&2; exit 1; } - -issue_json=$(gh issue view "$issue_number" --repo "$repo" \ - --json number,title,body,labels,author,createdAt,state) \ - || { echo "error: could not fetch issue #$issue_number from $repo" >&2; exit 1; } - -# Build the same prompt the workflow builds, plus an explicit "dry run, do not -# try to post" directive so claude doesn't attempt gh issue comment. -prompt=$(mktemp) -trap 'rm -f "$prompt"' EXIT -{ - cat "$prompt_file" - echo - echo "Issue to triage: #$issue_number" - echo - echo "--- dry-run mode ---" - echo "This is a client-side preview. Write the triage comment to stdout" - echo "as plain Markdown. Do NOT invoke 'gh issue comment' or any other" - echo "tool that would post to GitHub." - echo - echo "Issue metadata (from gh issue view --json):" - echo '```json' - echo "$issue_json" - echo '```' -} > "$prompt" - -echo "==> Dry-running triage for $repo#$issue_number" >&2 -echo "==> Prompt: $prompt_file" >&2 -echo "==> Claude will have read access to the repo and read-only gh/git tools." >&2 -echo "==> Nothing will be posted." >&2 -echo >&2 - -claude -p \ - --model claude-sonnet-4-20250514 \ - --allowedTools 'Read,Grep,Glob,Bash(git:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh api repos/'"${repo}"'/contents/*)' \ - < "$prompt"