Name: uinaf/gh-setup
Rating: 97.6 (1 reviews)
Author: uinaf

uinaf/gh-setup

Set up or align GitHub repo settings, branch/ruleset policy, templates, Actions hardening, Environments, release workflows, and deploy workflows for continuously publishable or deployable repositories.

1.35x

Quality

100%

Does it follow best practices?

Impact

96%

1.35x

Average score across 7 eval scenarios

Securityby

Passed

No known issues

{
  "context": "Tests whether the agent preserves a known-good sibling Homebrew tap workflow instead of inventing a custom shell workaround or choosing a generic Homebrew bump action with incompatible defaults.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses sibling action",
      "description": "The Homebrew update step uses `Justintime50/homebrew-releaser` pinned to a full commit SHA with the current v3.3.0 version comment, matching the provided working sibling pattern",
      "max_score": 16
    },
    {
      "name": "Removes incompatible action",
      "description": "The workflow no longer uses `dawidd6/action-homebrew-bump-formula`",
      "max_score": 14
    },
    {
      "name": "No inline tap hack",
      "description": "The solution does not replace the failed action with a custom inline `git clone` / `sed` / `git push` script",
      "max_score": 12
    },
    {
      "name": "Direct tap inputs",
      "description": "The Homebrew action is configured with owner, tap, formula folder, token, install command, and test command inputs",
      "max_score": 10
    },
    {
      "name": "Conditional on release",
      "description": "The Homebrew update runs only when semantic-release reports that a new release was published",
      "max_score": 10
    },
    {
      "name": "Token scope documented",
      "description": "`SETUP.md` documents that `TAP_GITHUB_TOKEN` needs contents write access to the tap repo and should be narrowly scoped",
      "max_score": 10
    },
    {
      "name": "Preserves semantic-release",
      "description": "The existing `cycjimmy/semantic-release-action` v4.2.2 release step is preserved as a full-SHA-pinned action rather than replaced with a separate release system",
      "max_score": 8
    },
    {
      "name": "No broad PAT advice",
      "description": "The setup note does not recommend a broad classic PAT or org-wide token when a fine-grained tap-scoped token is sufficient",
      "max_score": 8
    },
    {
      "name": "Mentions sibling precedent",
      "description": "The answer or setup note explicitly states that the choice follows the working `uinaf/healthd` Homebrew tap pattern",
      "max_score": 6
    },
    {
      "name": "No manual PR requirement",
      "description": "The resulting workflow does not require a manual tap PR for normal releases",
      "max_score": 6
    }
  ]
}

uinaf/gh-setup

criteria.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-4/

criteria.jsonevals/scenario-4/