Skip to content

ci: add Cata dispatch workflow #124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jpleva91 merged 1 commit into from
Apr 4, 2026
Merged

ci: add Cata dispatch workflow #124

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions .github/workflows/cata-dispatch.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: Cata Agent Dispatch
on:
repository_dispatch:
types: [octi-pulpo-dispatch]
Comment on lines +2 to +4
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

repository_dispatch will run this workflow for any actor/token that can send that event to the repo. Since the payload includes an arbitrary prompt that drives automation, add a verification gate (e.g., require a shared secret/HMAC in client_payload that matches a repo secret, and/or restrict github.event.sender.login/actor allowlist) to prevent unauthorized dispatches from executing tasks with repo credentials.

Copilot uses AI. Check for mistakes.

jobs:
cata-agent:
runs-on: ubuntu-latest

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 days ago

In general, this problem is fixed by adding an explicit permissions block either at the top level of the workflow (applies to all jobs) or under the specific job, granting only the scopes and access levels required. For workflows that only need to read repository contents and releases, contents: read is typically sufficient.

For this specific workflow, the only visible operations that rely on GitHub API access are: actions/checkout@v4, which needs read access to repository contents, and gh release download using GITHUB_TOKEN, which also requires read access to releases (covered by contents: read). There is no evidence this job needs to write to the repository or to issues/PRs. Therefore, the best minimal change is to add permissions: contents: read at the workflow root, just under the name: (or under on:) so that it applies to the cata-agent job without altering its behavior.

Concretely, edit .github/workflows/cata-dispatch.yml and insert:

permissions:
  contents: read

near the top-level keys. No additional imports or tooling changes are required.

Suggested changeset 1
.github/workflows/cata-dispatch.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/cata-dispatch.yml b/.github/workflows/cata-dispatch.yml
--- a/.github/workflows/cata-dispatch.yml
+++ b/.github/workflows/cata-dispatch.yml
@@ -2,6 +2,8 @@
 on:
   repository_dispatch:
     types: [octi-pulpo-dispatch]
+permissions:
+  contents: read
 
 jobs:
   cata-agent:
EOF
@@ -2,6 +2,8 @@
on:
repository_dispatch:
types: [octi-pulpo-dispatch]
permissions:
contents: read

jobs:
cata-agent:
Copilot is powered by AI and may make mistakes. Always verify output.
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider explicitly setting permissions for this workflow/job (least privilege). Without it, the GITHUB_TOKEN permissions depend on repo defaults and may be broader than needed for a dispatch-triggered, prompt-driven job. For example, .github/workflows/release.yml explicitly sets permissions: contents: write; this workflow should similarly declare only what Cata needs (often contents: read plus narrowly scoped write permissions if it must open PRs/push).

Suggested change
runs-on: ubuntu-latest
runs-on: ubuntu-latest
permissions:
contents: read

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This job can run for a long time (--max-turns 100) and can be dispatched repeatedly; consider adding timeout-minutes and a concurrency group (e.g., per TASK_ID or a single global group) to prevent runaway runs and reduce the chance of overlapping agents contending for the repo workspace/credentials.

Suggested change
runs-on: ubuntu-latest
runs-on: ubuntu-latest
timeout-minutes: 60
concurrency:
group: cata-agent-${{ github.event.client_payload.task_id }}
cancel-in-progress: true

Copilot uses AI. Check for mistakes.
if: |
github.event.client_payload.type == 'evolve' ||
github.event.client_payload.type == 'code-gen' ||
github.event.client_payload.type == 'bugfix' ||
github.event.client_payload.type == 'config'
env:
TASK_ID: ${{ github.event.client_payload.task_id }}
TASK_TYPE: ${{ github.event.client_payload.type }}
TASK_PRIORITY: ${{ github.event.client_payload.priority }}
TASK_PROMPT: ${{ github.event.client_payload.prompt }}
steps:
- uses: actions/checkout@v4

- name: Download Cata binary
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Task ID: ${TASK_ID}"
echo "Type: ${TASK_TYPE}"
echo "Priority: ${TASK_PRIORITY}"
gh release download --repo AgentGuardHQ/cata \
--pattern "cata-linux-amd64" \
--output cata \
--clobber || echo "WARN: cata release not yet published"
chmod +x cata 2>/dev/null || true
Comment on lines +29 to +33
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow downloads and executes a prebuilt binary from another repo release without integrity verification. To reduce supply-chain risk, pin to a specific release version and verify a published checksum/signature before chmod/execution (or build from source within the workflow).

Copilot uses AI. Check for mistakes.

- name: Configure git identity
run: |
git config --global user.email "octi-pulpo@agentguardhq.com"
git config --global user.name "Octi Pulpo Bot"

- name: Run Cata agent
env:
DEEPSEEK_API_KEY: ${{ secrets.DEEPSEEK_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ ! -f ./cata ]; then
echo "ERROR: cata binary not available"
exit 1
fi
./cata run \
--provider deepseek \
--model deepseek-chat \
--max-turns 100 \
"${TASK_PROMPT}" \
|| echo "WARN: cata exited non-zero for task ${TASK_ID}"
Comment on lines +53 to +54
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

./cata run ... || echo ... masks non-zero exit codes (including missing execute permission, runtime errors, or failed tasks), so the job can report success even when the agent fails. If downstream systems rely on workflow status, let this step fail (or capture the exit code and explicitly exit $code after logging) so job.status reflects the real outcome.

Suggested change
"${TASK_PROMPT}" \
|| echo "WARN: cata exited non-zero for task ${TASK_ID}"
"${TASK_PROMPT}"
cata_exit_code=$?
if [ "$cata_exit_code" -ne 0 ]; then
echo "WARN: cata exited non-zero for task ${TASK_ID}"
exit "$cata_exit_code"
fi

Copilot uses AI. Check for mistakes.

- name: Report outcome
if: always()
run: echo "Task ${TASK_ID} dispatch complete. Status: ${{ job.status }}"
Loading