From 7bd9afd7ef869f593d35630c02d0d4b78e62c05c Mon Sep 17 00:00:00 2001 From: falkoro <39274208+falkoro@users.noreply.github.com> Date: Sun, 7 Jun 2026 12:52:46 +0200 Subject: [PATCH 1/5] ci: route reviews via Dario/Hermes on logan-gl502vs --- .github/workflows/claude-review.yml | 18 ++++++++++++++++-- .github/workflows/grok-review.yml | 23 ++++++++++------------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml index ebb9d12..beeba61 100644 --- a/.github/workflows/claude-review.yml +++ b/.github/workflows/claude-review.yml @@ -13,16 +13,30 @@ jobs: review: name: Claude review if: vars.CLAUDE_REVIEW_ENABLED == 'true' && vars.CLAUDE_REVIEW_CONFIGURED == 'true' - runs-on: [self-hosted, linux, x64, spot-tech-ci] + runs-on: [self-hosted, logan-gl502vs] steps: + - uses: actions/checkout@v5 + with: + repository: spot-techno/.github + path: .spot-github + sparse-checkout: | + scripts/resolve-dario-proxy.sh + sparse-checkout-cone-mode: false + - uses: actions/checkout@v5 with: fetch-depth: 0 + - name: Resolve Dario proxy + id: dario + run: bash .spot-github/scripts/resolve-dario-proxy.sh + - uses: anthropics/claude-code-action@v1 + env: + ANTHROPIC_BASE_URL: ${{ steps.dario.outputs.base_url }} + ANTHROPIC_API_KEY: ${{ steps.dario.outputs.api_key }} with: github_token: ${{ secrets.GITHUB_TOKEN }} - claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_args: "--max-turns 25" prompt: | Review this pull request for Agent Office and post concise inline review comments. Approve only if it is clean. Focus on, in priority order: diff --git a/.github/workflows/grok-review.yml b/.github/workflows/grok-review.yml index e4db652..6cd5ec3 100644 --- a/.github/workflows/grok-review.yml +++ b/.github/workflows/grok-review.yml @@ -16,26 +16,23 @@ jobs: review: name: Grok review (Hermes) if: vars.GROK_REVIEW_ENABLED == 'true' - runs-on: [self-hosted, linux, x64, spot-tech-ci] + runs-on: [self-hosted, logan-gl502vs] steps: + - uses: actions/checkout@v5 + with: + repository: spot-techno/.github + path: .spot-github + sparse-checkout: | + scripts/resolve-hermes-proxy.sh + sparse-checkout-cone-mode: false + - uses: actions/checkout@v5 with: fetch-depth: 0 - name: Resolve Hermes proxy id: proxy - run: | - GW="$(ip route 2>/dev/null | awk '/default/{print $3; exit}')" - for H in host.containers.internal "$GW" 172.18.0.1 172.17.0.1 127.0.0.1; do - [ -z "$H" ] && continue - if curl -fsS --max-time 6 "http://$H:38765/status" >/dev/null 2>&1; then - echo "url=http://$H:38765/api/v1/messages" >> "$GITHUB_OUTPUT" - echo "Hermes reachable at $H" - exit 0 - fi - done - echo "::error::Hermes proxy (:38765) unreachable from the runner" >&2 - exit 1 + run: bash .spot-github/scripts/resolve-hermes-proxy.sh - name: Grok review env: From 71194f4620651256c343cbefc5c64b6f3f529764 Mon Sep 17 00:00:00 2001 From: falkoro <39274208+falkoro@users.noreply.github.com> Date: Sun, 7 Jun 2026 12:58:17 +0200 Subject: [PATCH 2/5] ci: vendor proxy scripts (spot-techno/.github is private) --- .github/scripts/resolve-dario-proxy.sh | 24 ++++++++++++++++++++++++ .github/scripts/resolve-hermes-proxy.sh | 16 ++++++++++++++++ .github/workflows/claude-review.yml | 10 +--------- .github/workflows/grok-review.yml | 10 +--------- 4 files changed, 42 insertions(+), 18 deletions(-) create mode 100755 .github/scripts/resolve-dario-proxy.sh create mode 100755 .github/scripts/resolve-hermes-proxy.sh diff --git a/.github/scripts/resolve-dario-proxy.sh b/.github/scripts/resolve-dario-proxy.sh new file mode 100755 index 0000000..f416f62 --- /dev/null +++ b/.github/scripts/resolve-dario-proxy.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# Discover the host-local Dario proxy (Claude Max OAuth) for self-hosted runners. +set -euo pipefail + +GW="$(ip route 2>/dev/null | awk '/default/{print $3; exit}')" +for H in host.containers.internal "$GW" 172.18.0.1 172.17.0.1 127.0.0.1; do + [ -z "$H" ] && continue + if curl -fsS --max-time 8 \ + -X POST "http://$H:3456/v1/chat/completions" \ + -H 'content-type: application/json' \ + -H 'authorization: Bearer dario' \ + -d '{"model":"claude-haiku-4-5","messages":[{"role":"user","content":"ok"}],"max_tokens":4,"stream":false}' \ + >/dev/null 2>&1; then + { + echo "base_url=http://$H:3456" + echo "api_key=dario" + } >> "${GITHUB_OUTPUT}" + echo "Dario proxy reachable at $H:3456" >&2 + exit 0 + fi +done + +echo "::error::Dario proxy (:3456) unreachable from the runner" >&2 +exit 1 \ No newline at end of file diff --git a/.github/scripts/resolve-hermes-proxy.sh b/.github/scripts/resolve-hermes-proxy.sh new file mode 100755 index 0000000..53b341e --- /dev/null +++ b/.github/scripts/resolve-hermes-proxy.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +# Discover the host-local Hermes llm-proxy (Grok) for self-hosted runners. +set -euo pipefail + +GW="$(ip route 2>/dev/null | awk '/default/{print $3; exit}')" +for H in host.containers.internal "$GW" 172.18.0.1 172.17.0.1 127.0.0.1; do + [ -z "$H" ] && continue + if curl -fsS --max-time 6 "http://$H:38765/status" >/dev/null 2>&1; then + echo "url=http://$H:38765/api/v1/messages" >> "${GITHUB_OUTPUT}" + echo "Hermes proxy reachable at $H:38765" >&2 + exit 0 + fi +done + +echo "::error::Hermes proxy (:38765) unreachable from the runner" >&2 +exit 1 \ No newline at end of file diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml index beeba61..8ca4f60 100644 --- a/.github/workflows/claude-review.yml +++ b/.github/workflows/claude-review.yml @@ -15,21 +15,13 @@ jobs: if: vars.CLAUDE_REVIEW_ENABLED == 'true' && vars.CLAUDE_REVIEW_CONFIGURED == 'true' runs-on: [self-hosted, logan-gl502vs] steps: - - uses: actions/checkout@v5 - with: - repository: spot-techno/.github - path: .spot-github - sparse-checkout: | - scripts/resolve-dario-proxy.sh - sparse-checkout-cone-mode: false - - uses: actions/checkout@v5 with: fetch-depth: 0 - name: Resolve Dario proxy id: dario - run: bash .spot-github/scripts/resolve-dario-proxy.sh + run: bash .github/scripts/resolve-dario-proxy.sh - uses: anthropics/claude-code-action@v1 env: diff --git a/.github/workflows/grok-review.yml b/.github/workflows/grok-review.yml index 6cd5ec3..1c9b526 100644 --- a/.github/workflows/grok-review.yml +++ b/.github/workflows/grok-review.yml @@ -18,21 +18,13 @@ jobs: if: vars.GROK_REVIEW_ENABLED == 'true' runs-on: [self-hosted, logan-gl502vs] steps: - - uses: actions/checkout@v5 - with: - repository: spot-techno/.github - path: .spot-github - sparse-checkout: | - scripts/resolve-hermes-proxy.sh - sparse-checkout-cone-mode: false - - uses: actions/checkout@v5 with: fetch-depth: 0 - name: Resolve Hermes proxy id: proxy - run: bash .spot-github/scripts/resolve-hermes-proxy.sh + run: bash .github/scripts/resolve-hermes-proxy.sh - name: Grok review env: From 98efbf4dd92176676b2d64953375071545da5efe Mon Sep 17 00:00:00 2001 From: falkoro <39274208+falkoro@users.noreply.github.com> Date: Sun, 7 Jun 2026 13:01:29 +0200 Subject: [PATCH 3/5] ci: fix proxy discovery when iproute2 is missing in runner image --- .github/scripts/resolve-dario-proxy.sh | 5 ++++- .github/scripts/resolve-hermes-proxy.sh | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/scripts/resolve-dario-proxy.sh b/.github/scripts/resolve-dario-proxy.sh index f416f62..3dcab03 100755 --- a/.github/scripts/resolve-dario-proxy.sh +++ b/.github/scripts/resolve-dario-proxy.sh @@ -2,7 +2,10 @@ # Discover the host-local Dario proxy (Claude Max OAuth) for self-hosted runners. set -euo pipefail -GW="$(ip route 2>/dev/null | awk '/default/{print $3; exit}')" +GW="" +if command -v ip >/dev/null 2>&1; then + GW="$(ip route 2>/dev/null | awk '/default/{print $3; exit}')" +fi for H in host.containers.internal "$GW" 172.18.0.1 172.17.0.1 127.0.0.1; do [ -z "$H" ] && continue if curl -fsS --max-time 8 \ diff --git a/.github/scripts/resolve-hermes-proxy.sh b/.github/scripts/resolve-hermes-proxy.sh index 53b341e..1d54760 100755 --- a/.github/scripts/resolve-hermes-proxy.sh +++ b/.github/scripts/resolve-hermes-proxy.sh @@ -2,7 +2,10 @@ # Discover the host-local Hermes llm-proxy (Grok) for self-hosted runners. set -euo pipefail -GW="$(ip route 2>/dev/null | awk '/default/{print $3; exit}')" +GW="" +if command -v ip >/dev/null 2>&1; then + GW="$(ip route 2>/dev/null | awk '/default/{print $3; exit}')" +fi for H in host.containers.internal "$GW" 172.18.0.1 172.17.0.1 127.0.0.1; do [ -z "$H" ] && continue if curl -fsS --max-time 6 "http://$H:38765/status" >/dev/null 2>&1; then From 8ae1c81a2106b6cbe8827831639f40c6ede2a871 Mon Sep 17 00:00:00 2001 From: falkoro <39274208+falkoro@users.noreply.github.com> Date: Sun, 7 Jun 2026 13:03:49 +0200 Subject: [PATCH 4/5] ci: hardcode Dario placeholder API key (GHA strips api_key output) --- .github/workflows/claude-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml index 8ca4f60..2e63eff 100644 --- a/.github/workflows/claude-review.yml +++ b/.github/workflows/claude-review.yml @@ -26,7 +26,7 @@ jobs: - uses: anthropics/claude-code-action@v1 env: ANTHROPIC_BASE_URL: ${{ steps.dario.outputs.base_url }} - ANTHROPIC_API_KEY: ${{ steps.dario.outputs.api_key }} + ANTHROPIC_API_KEY: dario with: github_token: ${{ secrets.GITHUB_TOKEN }} claude_args: "--max-turns 25" From b60e53c4dc3d53a1488282663cfa5dfdedff0476 Mon Sep 17 00:00:00 2001 From: falkoro <39274208+falkoro@users.noreply.github.com> Date: Sun, 7 Jun 2026 13:07:54 +0200 Subject: [PATCH 5/5] ci: pass Dario key via anthropic_api_key action input --- .github/workflows/claude-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml index 2e63eff..1b0f265 100644 --- a/.github/workflows/claude-review.yml +++ b/.github/workflows/claude-review.yml @@ -26,9 +26,9 @@ jobs: - uses: anthropics/claude-code-action@v1 env: ANTHROPIC_BASE_URL: ${{ steps.dario.outputs.base_url }} - ANTHROPIC_API_KEY: dario with: github_token: ${{ secrets.GITHUB_TOKEN }} + anthropic_api_key: dario claude_args: "--max-turns 25" prompt: | Review this pull request for Agent Office and post concise inline review comments. Approve only if it is clean. Focus on, in priority order: