MrSphay/codex-agent-repository-kit
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Enforce Ubuntu runner policy

Browse Source
This commit is contained in:
MrSphay
2026-05-16 05:02:42 +02:00
parent a4245a1563
commit 2534640e54
11 changed files with 88 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
agent-quickstart.md
View File

@@ -12,6 +12,10 @@ Use matching profiles/*.md guidance after detecting the stack.
Conserve context tokens: search first, read only relevant files, summarize large outputs, and avoid generated folders, dependency folders, build outputs, or full logs unless directly relevant.
At the start of each user-requested task, check for upstream repository updates and apply them immediately with a safe fast-forward pull when the working tree is clean.
If local changes exist, do not overwrite them; fetch or report the blocker before editing.
Treat global-runner-1, global-runner-2, and global-runner-3 as the only supported build runners.
Run project builds, tests, audits, package jobs, installers, dependency setup, and releases only on Gitea Ubuntu runners with ubuntu-latest, ubuntu-24.04, or ubuntu-22.04.
Never run those heavy project commands on the user's local machine.
Use open-source Linux-compatible workflow workarounds instead of adding Windows or macOS runners.
For releasable projects, add or preserve scheduled security automation.
For active projects, add or preserve non-destructive scheduled repository cleanup checks.
For Codex-maintained projects, add or preserve dependency, release dry-run, and template compliance checks when useful.
@@ -23,7 +27,7 @@ Update README.md whenever blueprint.md or blueprint.json changes.
Create tracker issues for real, actionable follow-ups that are outside the current scope or independently parallelizable; use docs/agent-handoff.md when no issue tracker is available.
Exclude Codex kit metadata from user-facing release, package, installer, archive, and GitHub/Gitea upload artifacts unless explicitly requested.
Run git diff --check before finishing.
Run the cheapest reliable verification command, or explain why it could not run.
Run lightweight local validation before finishing, and run the cheapest reliable project verification through Gitea Actions or explain why runner verification could not run.
```
## New Repository Prompt
@@ -38,7 +42,8 @@ Use manifest.json as the source of truth for copy targets.
Keep the README generator only if it adds value.
When using the README generator, keep the rainbow `{{ template:section-line }}` divider between major sections.
Do not create a release.
Run the cheapest available verification before finishing.
Run lightweight local validation before finishing.
Use Gitea Ubuntu runners for project build, test, audit, package, and release commands.
```
## Existing Repository Prompt
@@ -52,7 +57,8 @@ Keep commands truthful: do not add commands that cannot run.
Use manifest.json as the source of truth for copy targets.
When using or adding the README generator, keep the rainbow `{{ template:section-line }}` divider between major sections.
Do not create a release.
Run the cheapest available verification before finishing.
Run lightweight local validation before finishing.
Use Gitea Ubuntu runners for project build, test, audit, package, and release commands.
```
## Agent Decision Tree
@@ -90,6 +96,10 @@ Does the project have CI?
yes -> patch existing workflow
no -> add .gitea/workflows/build.yml only when commands are known
Does any workflow use Windows, macOS, local-machine builds, or unsupported runner labels?
yes -> replace it with Gitea Ubuntu runner usage on ubuntu-latest, ubuntu-24.04, or ubuntu-22.04; if a platform-specific step is needed, implement a Linux-compatible workaround
no -> continue
Is the project releasable or does it process user/secrets/config data?
yes -> add .gitea/workflows/security-scan.yml or preserve equivalent scheduled security automation
no -> document why scheduled security automation is not needed
@@ -152,7 +162,7 @@ Is this a private Gitea repo with Actions?
Did you push a commit that should trigger a workflow?
yes -> poll the workflow run until success; if it fails, inspect logs, fix in scope, push again, and keep looping after the follow-up push
no -> finish with local verification status
no -> finish with lightweight local validation status and explain why runner verification was not required or not available
```
## Minimal File Set