fix(workflows): reference alert-failure action by remote ref, not local path (#61)

[madjin]

Fixes #61.

Summary

Replace uses: ./.github/actions/alert-failure with uses: elizaOS/knowledge/.github/actions/alert-failure@main across all 9 call sites (plus one doc example in workflows/README.md).

Why

Local-path action references require the working tree to be populated. When actions/checkout fails — which is exactly the worst-case silent-outage scenario — the Alert on failure step also fails to load action.yml from disk. Remote-ref uses: bypasses the working tree entirely; GitHub fetches the action via the Actions API.

This is the failure mode that hid the 6-day sync.yml outage (issue #57) from all monitoring.

Test plan

• YAML parses clean on all 7 modified workflows
• Grep confirms zero remaining uses: \./\.github/actions/alert-failure references
• After merge: on a throwaway branch, swap token: \${{ secrets.DOES_NOT_EXIST }} into a workflow's checkout step, confirm the Discord alert fires despite checkout failure

Trade-off

PR changes to the alert-failure action itself will not be self-testable on the PR that introduces them — the @main pin still points at merged main. Acceptable given the action changes rarely.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated multiple GitHub Actions workflows to reference a centralized remote action for failure notifications instead of local action definitions. This consolidates failure alert management, improves configuration consistency across automation pipelines, and simplifies ongoing maintenance. All alert behavior and inputs remain unchanged.

[coderabbitai]

Walkthrough

Updated references to the alert-failure composite action across 6 workflows and 1 documentation file from local repository path (./.github/actions/alert-failure) to remote pinned reference (elizaOS/knowledge/.github/actions/alert-failure@main). This ensures failure notifications work even when local checkout fails.

Changes

Cohort / File(s)	Summary
Documentation .github/workflows/README.md	Updated example uses: reference for alert-failure action from local to remote pinned version.
Workflow Action References .github/workflows/aggregate-daily-sources.yml, .github/workflows/extract_daily_facts.yml, .github/workflows/generate-council-briefing.yml, .github/workflows/sync.yml	Updated single failure-alert step in each workflow to reference remote action instead of local.
Multi-Job Workflows .github/workflows/help-reports.yml, .github/workflows/retro.yml	Updated multiple failure-alert steps (2 and 3 respectively) across different jobs to use remote action reference.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• refactor: consolidate workflows with composite actions #48: Introduced the .github/actions/alert-failure composite action and initially updated workflows to reference it; this PR completes the transition by switching to remote pinned references for checkout-independent execution.

Poem

🚨 When checkout falls and silence spreads,
A local action lies in beds—
But remote refs don't fear the dark,
They fetch their truth and hit the mark!
Now Discord hears our desperate plea,
No matter what our workflows be. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title accurately summarizes the main change: replacing local action references with remote pinned references across workflows.
Linked Issues check	✅ Passed	All objectives from issue #61 are met: 9 workflow call sites and README updated to use remote reference; verification plan documented.
Out of Scope Changes check	✅ Passed	All changes directly address issue #61; no unrelated modifications detected beyond the specified workflow and documentation updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/issue-61-alert-remote-ref

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[madjin]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[madjin]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/sync.yml (1)

141-146: Consider pinning to a commit SHA instead of @main (belt-and-braces for your alerting lifeline).

Pinning a third-party-style uses: to a mutable branch is the classic GitHub Actions supply-chain footgun — any push to main instantly changes what runs in every workflow, including ones triggered by pull_request from forks. Since this is your own repo the blast radius is smaller, but it also means:

• A bad commit to .github/actions/alert-failure/action.yml on main silently breaks all failure alerts (the very thing this PR is trying to harden).
• The PR's own trade-off note ("edits to alert-failure aren't testable on PRs that modify it") is a direct consequence of the @main pin — a SHA pin + Dependabot would give you both testability and immutability.

Not a blocker given it's a same-repo internal action, just worth a conscious decision. Applies identically to all 9 call sites in this PR.

# Option A: pin to SHA (recommended; pairs well with Dependabot for actions)
- uses: elizaOS/knowledge/.github/actions/alert-failure@<commit-sha>
# Option B: pin to a release tag you bump intentionally
- uses: elizaOS/knowledge/.github/actions/alert-failure@v1

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/sync.yml around lines 141 - 146, The workflow step
currently references the internal action with a mutable ref
"elizaOS/knowledge/.github/actions/alert-failure@main"; change that to an
immutable ref by pinning to a specific commit SHA or a release tag (e.g.,
replace "@main" with "@<commit-sha>" or "@v1") for this step and the other eight
call sites so the Alert on failure action cannot change unexpectedly—update each
occurrence of the uses: elizaOS/knowledge/.github/actions/alert-failure@main to
a fixed SHA or version and ensure you keep the chosen SHA/tag updated via
Dependabot or manual bumping.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/sync.yml:
- Around line 141-146: The workflow step currently references the internal
action with a mutable ref
"elizaOS/knowledge/.github/actions/alert-failure@main"; change that to an
immutable ref by pinning to a specific commit SHA or a release tag (e.g.,
replace "@main" with "@<commit-sha>" or "@v1") for this step and the other eight
call sites so the Alert on failure action cannot change unexpectedly—update each
occurrence of the uses: elizaOS/knowledge/.github/actions/alert-failure@main to
a fixed SHA or version and ensure you keep the chosen SHA/tag updated via
Dependabot or manual bumping.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e348ba1f-75a6-4f99-bdb9-0525d24295f6

📥 Commits

Reviewing files that changed from the base of the PR and between e4fac34 and 261a5f5.

📒 Files selected for processing (7)

• .github/workflows/README.md
• .github/workflows/aggregate-daily-sources.yml
• .github/workflows/extract_daily_facts.yml
• .github/workflows/generate-council-briefing.yml
• .github/workflows/help-reports.yml
• .github/workflows/retro.yml
• .github/workflows/sync.yml