auth-runtime/.forgejo/workflows/notify-dependents.yml

name: notify-dependents

on:
  push:
    branches: [main]

jobs:
  notify:
    runs-on: docker
    steps:
      - name: Trigger dependent skills reinstall
        shell: python3 {0}
        env:
          CLIENT_KEY: ${{ secrets.CLIENT_KEY }}
          API_BASE: https://api-gw-test.yuanwei-lnc.com
          FORGEJO_BASE: http://192.168.0.108:3030
        run: |
          import json, os, sys
          from urllib.request import urlopen, Request
          from urllib.error import HTTPError

          api_base   = os.environ['API_BASE'].rstrip('/')
          client_key = os.environ['CLIENT_KEY']
          forgejo    = os.environ['FORGEJO_BASE'].rstrip('/')

          # Skills that depend on auth-runtime
          dependents = [
              {"skill_slug": "1688-product-master",    "repo_url": f"{forgejo}/agent-skills/1688-product-master.git"},
              {"skill_slug": "client-finder",           "repo_url": f"{forgejo}/agent-skills/client-finder.git"},
              {"skill_slug": "email-content-compose",   "repo_url": f"{forgejo}/agent-skills/email-content-compose.git"},
          ]

          def post(url, body, headers=None):
              hdrs = {'Content-Type': 'application/json'}
              if headers:
                  hdrs.update(headers)
              req = Request(url, data=json.dumps(body).encode(), headers=hdrs, method='POST')
              try:
                  with urlopen(req) as r:
                      return r.status, json.loads(r.read())
              except HTTPError as e:
                  return e.code, json.loads(e.read())

          # Get session to find hook URL + token
          status, resp = post(f'{api_base}/auth/skill-credit/session', {'clientKey': client_key})
          hook_url   = resp.get('hookUrl', '')
          hook_token = resp.get('hookToken', '')

          if not hook_url:
              print(f'ERROR: no hookUrl in session response (HTTP {status}): {resp}', flush=True)
              sys.exit(1)

          print(f'Notifying {hook_url} to reinstall {len(dependents)} dependent skill(s)...', flush=True)

          # Send skill-update webhook to trigger reinstall of all dependents
          status, resp = post(hook_url, {'skills': dependents}, {
              'Authorization': f'Bearer {hook_token}',
              'X-Hook-Event': 'skill.allowlist.updated',
          })

          print(f'Hook response (HTTP {status}): {json.dumps(resp, indent=2)}', flush=True)
          if not (200 <= status < 300):
              sys.exit(1)