Reusable GitHub Actions workflows for Muvon repos.
Pin to @master — no versioning. Change behavior here, propagates to every repo.
Generates PR briefs using Octomind.
Wraps muvon/octomind-action and:
- Picks the prompt automatically based on the PR event action
synchronize→ incremental diff betweenbefore/afterSHAs- anything else (
opened,reopened,ready_for_review, …) → full branch-vs-base
- Defaults to
developer:briefrole,ollama:glm-5.1model,fullcomment mode - Inherits provider API keys from caller secrets — no per-repo env wiring
One job in each repo:
# .github/workflows/ci.yml
on:
push: { branches: [master, main] }
pull_request: { branches: [master, main] }
jobs:
brief:
uses: muvon/ci-workflow/.github/workflows/brief.yml@master
secrets: inheritConfigure once at the organization level (visibility "all repositories"):
- Variable
OCTOHUB_API_URL— Octohub API endpoint - Secret
OCTOHUB_API_KEY— Octohub API key
Org vars are inherited automatically by reusable workflows; secrets are inherited
via secrets: inherit. Repo-level overrides also work.
jobs:
brief:
uses: muvon/ci-workflow/.github/workflows/brief.yml@master
secrets: inherit
with:
role: developer:brief
model: openrouter:anthropic/claude-sonnet-4
comment: compact| Input | Default | Description |
|---|---|---|
role |
developer:brief |
Octomind role |
model |
ollama:glm-5.1 |
Model override |
comment |
full |
PR comment mode: full, compact, none |
| Name | Source |
|---|---|
OCTOHUB_API_URL |
vars.OCTOHUB_API_URL |
OCTOHUB_API_KEY |
secrets.OCTOHUB_API_KEY |
Creates a GitHub release with notes taken from CHANGELOG.md:
- Resolves the version from the pushed tag (or
taginput) and validates semver - Extracts the
## [X.Y.Z]section fromCHANGELOG.mdas the release body — fails if the section is missing - Marks
0.xand-prereleaseversions as prereleases - Skips creation if the release already exists (idempotent re-runs)
- Optionally downloads workflow artifacts and attaches them to the release
Requires contents: write on the caller's GITHUB_TOKEN.
# .github/workflows/release.yml
on:
push:
tags: ['[0-9]+.[0-9]+.[0-9]+*']
jobs:
release:
uses: muvon/ci-workflow/.github/workflows/release.yml@masterWith artifacts built in a previous job (uploaded via actions/upload-artifact):
jobs:
build:
# ... builds binaries, uploads artifacts named bin-<target> ...
release:
needs: build
uses: muvon/ci-workflow/.github/workflows/release.yml@master
with:
artifacts: 'bin-*'
draft: false| Input | Default | Description |
|---|---|---|
tag |
pushed tag ref | Release tag (set explicitly for workflow_dispatch callers) |
artifacts |
(none) | Artifact name pattern to download and attach to the release |
draft |
true |
Keep as draft; false publishes after all artifacts are attached |
| Output | Description |
|---|---|
version |
Resolved release version |
changelog |
Extracted changelog section for the released version |
Standard CI for Rust projects: fmt, check, clippy, test (Linux/Windows/macOS
matrix + beta/nightly on Linux), doc, security (cargo-audit), coverage
(tarpaulin + Codecov). Uses Swatinem/rust-cache and disables incremental
compilation/debuginfo to keep runner disks small.
# .github/workflows/ci.yml
on:
push: { branches: [master, main, develop] }
pull_request: { branches: [master, main, develop] }
jobs:
rust:
uses: muvon/ci-workflow/.github/workflows/rust-ci.yml@master
with:
feature-flags: '--all-features'| Input | Default | Description |
|---|---|---|
toolchain |
1.95.0 |
Rust toolchain version (bump here → propagates to all repos) |
runner |
ubuntu-latest |
Runner for jobs that compile the crate (e.g. macos-15 for a macOS app) |
feature-flags |
(none) | Flags for cargo check/clippy/doc (e.g. --all-features) |
setup-protoc |
false |
Install protoc before building |
tools |
(none) | Extra tools via taiki-e/install-action (e.g. ripgrep,ast-grep) |
test |
true |
Disable to keep a project-specific test job in the caller |
test-os |
ubuntu + windows + macos | JSON array of runners for the test matrix |
test-includes |
beta + nightly on ubuntu | JSON array of extra test matrix entries ('[]' to disable) |
test-script |
cargo test --verbose |
Shell script for the test step (bash on all platforms) |
doc |
true |
Run cargo doc with -D warnings |
coverage |
true |
Run tarpaulin and upload to Codecov |
tarpaulin-args |
--verbose --timeout 120 --out xml |
Arguments for cargo tarpaulin |
fmt and security always run on ubuntu-latest — neither compiles the crate.
Publishes a crate to crates.io: validates the tag matches Cargo.toml version,
skips if already published, dry-runs, then publishes. Crate name is read from
Cargo.toml — nothing project-specific to configure.
Requires the CARGO_REGISTRY_TOKEN secret (secrets: inherit with an org-level
secret, or pass explicitly).
| Input | Default | Description |
|---|---|---|
tag |
pushed tag ref | Version tag (set explicitly for workflow_dispatch) |
publish-flags |
(none) | Flags for cargo publish (e.g. --no-default-features) |
setup-protoc |
false |
Install protoc before building |
toolchain |
1.95.0 |
Rust toolchain version |
The full pattern — CI on every push/PR, release on tag. Project-specific jobs
(binary builds, docker, etc.) stay in the project and hand artifacts to the
common release via actions/upload-artifact:
# .github/workflows/ci.yml
on:
push: { branches: [master, main, develop] }
pull_request: { branches: [master, main, develop] }
jobs:
rust:
uses: muvon/ci-workflow/.github/workflows/rust-ci.yml@master
brief:
uses: muvon/ci-workflow/.github/workflows/brief.yml@master
secrets: inherit# .github/workflows/release.yml
on:
push:
tags: ['[0-9]+.[0-9]+.[0-9]+*']
workflow_dispatch:
inputs:
tag: { description: 'Tag to release', required: true, type: string }
jobs:
publish-crate:
uses: muvon/ci-workflow/.github/workflows/rust-publish.yml@master
secrets: inherit
with:
tag: ${{ inputs.tag }}
release:
needs: publish-crate
uses: muvon/ci-workflow/.github/workflows/release.yml@master
with:
tag: ${{ inputs.tag }}
draft: falseKeep CHANGELOG.md updated per version (## [X.Y.Z] headings) — the release
body comes from it. Reference setups: muvon/octolib (library, simple),
muvon/octomind (binary matrix builds, docker, homebrew).