feat(ci): add GitHub Actions -> Depot CI migration workflow#429
feat(ci): add GitHub Actions -> Depot CI migration workflow#429lukevmorris merged 13 commits intodepot:mainfrom
Conversation
Add foundational type definitions for CI migration: - compat package: SupportLevel, CompatibilityRule, CompatibilityIssue, CompatibilityReport - migrate package: WorkflowFile, JobInfo, MigrationPlan, MigrationResult - All types include JSON serialization tags and comprehensive tests Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Add API types for CI secret and variable management: - CISecretAddRequest, CISecretBatchAddRequest, CISecretMeta, CISecretListResponse - CIVariableAddRequest, CIVariableMeta, CIVariableListResponse - All types include JSON serialization tags for API communication Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c330b20952
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| destFile, err := os.OpenFile(destPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) | ||
| if err != nil { |
There was a problem hiding this comment.
CopyGitHubToDepot writes every copied file with a hard-coded 0644 mode, so executable files in .github/actions lose their +x bit during migration. This breaks common custom action setups that invoke local scripts/binaries (for example ./entrypoint.sh) and will surface as runtime permission denied failures after migration. The copy logic should preserve source permissions (at least executable bits) instead of forcing non-executable output.
Useful? React with 👍 / 👎.
| secretAssignments, err := parseSecretAssignments(opts.secrets) | ||
| if err != nil { | ||
| return err |
There was a problem hiding this comment.
runMigrate parses --secret assignments only after it has already copied files into .depot, so an invalid flag like --secret FOO returns an error but still leaves a partially migrated filesystem state. This makes failure paths non-idempotent and can break automation that expects no side effects when argument validation fails. Parse and validate secret assignments before calling the copy steps.
Useful? React with 👍 / 👎.
lukevmorris
left a comment
lukevmorris
left a comment
There was a problem hiding this comment.
Thanks so much @paulbalaji! 🎉
2 participants
Summary
depot cicommand group withmigrate,secrets,vars,status, andlogs.github->.depotworkflows/actions, compatibility analysis, and secret detectionFollow-up fixes in this branch
--yesmode overwrite existing.depotwithout an extra promptdepot ci secrets add --descriptionthrough to API payloadVerification
go build ./cmd/depotgo test ./...go vet ./...depot ci --help,depot ci migrate --help,depot ci secrets --help,depot ci vars --help,depot ci status,depot ci logs