@dougefresh/ci 0.1.12 → 0.1.14

package/.github/actions/jobtaker/action.yml

@@ -0,0 +1,29 @@
+name: 'Jobtaker Review'
+description: 'Runs Claude Code jobtaker with provided config'
+inputs:
+  config:
+    description: 'JSON config from rust-config action'
+    required: true
+  anthropic_api_key:
+    description: 'Anthropic API key'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: jobtaker
+      if: ${{ fromJSON(inputs.config).ai.enabled }}
+      uses: anthropics/claude-code-action@v1
+      with:
+        anthropic_api_key: ${{ inputs.anthropic_api_key }}
+        trigger_phrase: '@jobtaker'
+        allowed_bots: ${{ fromJSON(inputs.config).ai.allowed_bots }}
+        prompt_file: claude-prompt.md
+        claude_args: ${{ fromJSON(inputs.config).ai.claude_args }}
+        use_sticky_comment: ${{ fromJSON(inputs.config).ai.use_sticky_comment }}
+        track_progress: "${{ fromJSON(inputs.config).ai.track_progress }}"
+        path_to_claude_code_executable: ''
+        path_to_bun_executable: ''
+        show_full_output: 'false'
+        plugins: ''
+        plugin_marketplaces: ''

package/.github/additional-prompt.md

@@ -0,0 +1,62 @@
+# Configuration Validation
+
+Before performing code review, validate your environment and permissions:
+
+## Tool Access
+
+Verify you can execute these commands:
+- `cargo check` / `cargo test` / `cargo clippy`
+- `bun run build` / `bun test`
+- `tsgo` (TypeScript compiler wrapper)
+
+If any tool fails, note it in your review.
+
+## Permission Audit
+
+Examine `claude_args` in `./src/defaults.ts` (variable: `DEFAULT_AI`):
+
+1. **Tool allowlist**: Verify the comma-separated list is syntactically correct
+2. **Security review**: Assess each allowed tool pattern for potential abuse:
+   - `Bash(*)` patterns: What commands could be chained?
+   - `mcp__github_inline_comment__*`: What GitHub API access is granted?
+   - File system access: Can sensitive files be read/modified?
+
+3. **Risk assessment**: For each concern, provide:
+   - Attack vector example
+   - Likelihood (high/medium/low)
+   - Mitigation suggestion
+
+Only flag **high likelihood** issues as blocking. Document medium/low risks for awareness.
+
+## Configuration Sync
+
+Compare workflow inputs in `.github/workflows/pr-review.yml` against `DEFAULT_AI` schema:
+- Are all `fromJSON(needs.config.outputs.config).ai.*` fields defined in `DEFAULT_AI`?
+- Do boolean/string types match between workflow and TypeScript?
+
+Report mismatches as configuration bugs.
+
+## User Config Validation
+
+If `.github/rust-ci.ts` exists, validate it:
+
+1. **Syntax**: Does it export a default function returning a `RustWorkflow`?
+2. **Logic**: Check for contradictions:
+   - Jobs disabled but referenced in other configs
+   - Empty matrices (no OS/toolchains/features)
+   - Invalid arch values (not in `Arch` enum)
+3. **Workflow impact**: What jobs will actually run? Flag if all jobs are disabled.
+
+## Workflow Integrity
+
+Validate `.github/workflows/pr-review.yml`:
+
+1. **Job dependencies**: Does `needs: [config]` chain correctly? Are outputs referenced before they exist?
+2. **Conditional logic**: Do all `if:` conditions reference valid event properties?
+3. **Secret validation**: Is `ANTHROPIC_API_KEY` checked before use?
+4. **Action versions**: Are pinned versions used (`@v1`, `@main`)? Flag unpinned refs.
+5. **Runner variables**: Are `vars.RUNNER*` placeholders resolved by the config action?
+6. **Input/output flow**: Trace `config.outputs.config` → `fromJSON()` → action inputs. Are all paths valid JSON?
+
+Flag any broken references, missing dependencies, or unreachable code paths.
+

package/.github/workflows/action-review.yml

@@ -8,7 +8,50 @@ permissions:
   pull-requests: write
   id-token: write
 jobs:
+  config:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@jobtaker')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@jobtaker')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@jobtaker')) ||
+      (contains(github.event.pull_request.labels.*.name, 'jobtaker')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@jobtaker') || contains(github.event.issue.title, '@jobtaker')))
+    runs-on: ${{ vars.RUNNER }}
+    name: generate config
+    outputs:
+      config: ${{ steps.config.outputs.config }}
+    steps:
+      - name: Validate ANTHROPIC_API_KEY
+        shell: bash
+        run: |
+          if [ -z "${{ secrets.ANTHROPIC_API_KEY }}" ]; then
+            exit 1
+          fi
+      - uses: actions/checkout@v6
+      - name: config
+        id: config
+        uses: ./.github/actions/rust-config
+        with:
+          arm64: ${{ vars.RUNNER_ARM64 }}
+          amd64: ${{ vars.RUNNER_AMD64 }}
+          git_token: ${{ github.token }}
+  
   jobtaker:
-    name: bot
-    uses: ./.github/workflows/pr-review.yml
-    secrets: inherit
+    needs: [config]
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@jobtaker')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@jobtaker')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@jobtaker')) ||
+      (contains(github.event.pull_request.labels.*.name, 'jobtaker')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@jobtaker') || contains(github.event.issue.title, '@jobtaker')))
+    runs-on: ${{ vars.RUNNER }}
+    steps:
+      - uses: actions/checkout@v6
+      - name: checkout
+        uses: ./.github/actions/rust-init
+        with:
+          packages: ${{ toJSON(fromJSON(needs.config.outputs.config).global.packages) }}
+      - name: jobtaker
+        uses: ./.github/actions/jobtaker
+        with:
+          config: ${{ needs.config.outputs.config }}
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

package/.github/workflows/pr-review.yml

@@ -1,6 +1,11 @@
 name: jobtaker
 on:
   workflow_call:
+    inputs:
+      action_ref:
+        description: 'Ref to use for dougefresh/ci actions'
+        type: string
+        default: 'main'
 permissions:
   contents: read
   checks: write
@@ -48,46 +53,7 @@ jobs:
         with:
           packages: ${{ toJSON(fromJSON(needs.config.outputs.config).global.packages) }}
       - name: jobtaker
-        if: ${{ fromJSON(needs.config.outputs.config).ai.enabled }}
-        uses: anthropics/claude-code-action@v1
+        uses: dougefresh/ci/.github/actions/jobtaker@main
         with:
+          config: ${{ needs.config.outputs.config }}
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          trigger_phrase: '@jobtaker'
-          # settings: ${{ toJSON(fromJSON(needs.config.outputs.config).ai.settings) }}
-          #            description: "Claude Code settings as JSON string or path to settings JSON file"
-          allowed_bots: ${{ fromJSON(needs.config.outputs.config).ai.allowed_bots }}
-          #            description: "Comma-separated list of allowed bot usernames, or '*' to allow all bots. Empty string (default) allows no bots."
-          # Your custom review instructions
-          prompt: |
-            REPO: ${{ github.repository }}
-            PR NUMBER: ${{ github.event.pull_request.number }}
-
-            ${{ fromJSON(needs.config.outputs.config).ai.prompt }}
-
-            ---
-
-            ${{ fromJSON(needs.config.outputs.config).ai.additional }}
-          # Tools for comprehensive PR review
-          claude_args: ${{ fromJSON(needs.config.outputs.config).ai.claude_args }}
-          use_sticky_comment: ${{ fromJSON(needs.config.outputs.config).ai.use_sticky_comment }}
-          # description: "Use just one comment to deliver issue/PR comments"
-          # required: false
-          # default: "false"
-          track_progress: "${{ fromJSON(needs.config.outputs.config).ai.track_progress }}"
-          #            description: "Force tag mode with tracking comments for pull_request and issue events. Only applicable to pull_request (opened, synchronize, ready_for_review, reopened) and issue (opened, edited, labeled, assigned) events."
-          path_to_claude_code_executable: ''
-          #           description: "Optional path to a custom Claude Code executable. If provided, skips automatic installation and uses this executable instead. WARNING: Using an older version may cause problems if the action begins taking advantage of new Claude Code features. This input is typically not needed unless you're debugging something specific or have unique needs in your environment."
-          path_to_bun_executable: ''
-          #            description: "Optional path to a custom Bun executable. If provided, skips automatic Bun installation and uses this executable instead. WARNING: Using an incompatible version may cause problems if the action requires specific Bun features. This input is typically not needed unless you're debugging something specific or have unique needs in your environment."
-          show_full_output: 'false'
-          #            description: "Show full JSON output from Claude Code. WARNING: This outputs ALL Claude messages including tool execution results which may contain secrets, API keys, or other sensitive information. These logs are publicly visible in GitHub Actions. Only enable for debugging in non-sensitive environments."
-          plugins: ''
-          #           description: "Newline-separated list of Claude Code plugin names to install (e.g., 'code-review@claude-code-plugins\nfeature-dev@claude-code-plugins')"
-          plugin_marketplaces: ''
-#            description: "Newline-separated list of Claude Code plugin marketplace Git URLs to install from (e.g., 'https://github.com/user/marketplace1.git\nhttps://github.com/user/marketplace2.git')"
-
-# When track_progress is enabled:
-# - Creates a tracking comment with progress checkboxes
-# - Includes all PR context (comments, attachments, images)
-# - Updates progress as the review proceeds
-# - Marks as completed when done

package/AGENTS.md

@@ -10,4 +10,19 @@ It isn't perfect, nor will this ever be perfect.
 
 Review README.md for design flow
 
+## GitHub Workflow
+
+**Note**: This section only applies when running in GitHub Actions context (when `CI` environment variable is set). Ignore otherwise.
+
+### Validation Prompt Detection
+
+Before performing code review, verify that `.github/additional-prompt.md` was successfully injected into your prompt context:
+
+1. **Self-check**: Check if `.github/additional-prompt.md` is present in your context/prompt
+2. **Report status**:
+   - ✅ If found: Proceed with validation tasks defined in that file
+   - ❌ If not found: Report "Validation prompt not loaded - skipping QA checks" and continue with standard code review only
+
+This ensures the action's prompt generation step (`action.yml` → `prompt` step) executed correctly.
+
 

package/action.yml

@@ -13,6 +13,24 @@ runs:
   steps:
     - name: setup bun
       uses: oven-sh/setup-bun@v2
+    - name: install
+      shell: bash
+      run: |
+        cd ${{ github.action_path }}
+        bun install
+    - name: build
+      shell: bash
+      run: |
+        cd ${{ github.action_path }}
+        bun run build
+    - id: prompt
+      shell: bash
+      run: |
+        sed -e 's/%REPO%/{{ github.repository }}/g' -e 's/%PR%/{{ github.event.pull_request.number }}/g' \
+          ${{ github.action_path }}/prompt-template.md > claude-prompt.md
+        if [ -f .github/additional-prompt.md ] ; then
+          cat .github/additional-prompt.md >> claude-prompt.md
+        fi
     - id: generate
       name: generate
       shell: bash
@@ -28,7 +46,5 @@ runs:
         fi
         cat ${{ github.action_path }}/.github/rust-ci.ts
         cd ${{ github.action_path }}
-        bun install
-        bun run build
         CONFIG="$(bun run ./scripts/generate-rust.ts | jq . --compact-output )"
         echo "config=$CONFIG" >> $GITHUB_OUTPUT

package/{biome.jsonc → biome.json}

@@ -1,5 +1,5 @@
 {
-  "$schema": "https://biomejs.dev/schemas/2.3.11/schema.json",
+  "$schema": "https://biomejs.dev/schemas/2.3.13/schema.json",
   "json": {
     "formatter": {
       "enabled": true,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@dougefresh/ci",
   "description": "CI Mega Config github action",
-  "version": "0.1.12",
+  "version": "0.1.14",
   "author": "",
   "type": "module",
   "homepage": "https://github.com/dougefresh/ci",
@@ -20,6 +20,8 @@
     "node": ">=24.0.0"
   },
   "scripts": {
+    "precommit": "rm -rf dist && bun run lint && bun run build",
+    "lint": "biome check",
     "build": "tsgo",
     "prepublishOnly": "bun run build"
   },

package/pre-commit

@@ -1,2 +1,2 @@
 #!/bin/bash
-echo
+bun run precommit

package/prompt-template.md

@@ -0,0 +1,180 @@
+REPO: %REPO%
+PR NUMBER: %PR%
+
+Perform a comprehensive code review with the following focus areas:
+Provide detailed feedback using inline comments for ONLY issues, no praise inline comments.
+Use top-level comments for general observations or praise
+Do not be shy, I am a big boy and can handle criticism gracefully. I welcome feedback and suggestions.
+
+
+## Rust tooling
+
+You should have access to cargo cli. You can use this to verify the build yourself, or use it to run tests (or a specific test)
+If you encounter an error running cargo, please comment on this PR. If you desire more rust tools, such as rust-analyzer, or any cargo plugin to help review then please notify on pull request
+
+## Bun tooling
+
+You have access to bun cli. Apply the same principles and safety guidelines for bun commands as outlined for cargo commands.
+
+
+## Permissions
+
+If you are denied access to a tool, shell command, or github API resource (via gh cli) then notify the pull request author that you would like access to that tool.
+As an example, we use CodeCov to our test coverage, if you like to have access to historical data, we can provide you with the CodeCov CLI tool and access.
+In general, if you need something, just ask.
+
+
+Review this PR against our team checklist:
+
+## Code Quality
+- [ ] Code follows our style guide
+- [ ] No commented-out code
+- [ ] Meaningful variable names
+- [ ] DRY principle followed
+
+## Testing
+- [ ] Unit tests for new functions
+- [ ] Integration tests for new endpoints
+- [ ] Edge cases covered
+- [ ] Test coverage > 80%
+
+## Documentation
+- [ ] README updated if needed
+- [ ] API docs updated
+- [ ] Inline comments for complex logic
+- [ ] CHANGELOG.md updated
+
+## Security
+- [ ] No hardcoded credentials
+- [ ] Input validation implemented
+- [ ] Proper error handling
+- [ ] No sensitive data in logs
+
+For each item, check if it is satisfied and comment on any that need attention.
+Post a summary comment with checklist results.
+# Claude Code GitHub Action - Safety Instructions
+
+## Core Principles
+
+- **READ-ONLY BY DEFAULT**: Treat the repository as read-only unless explicitly performing approved review actions
+- **THINK BEFORE EXECUTING**: Carefully consider the implications of every command before running it
+- **SCOPE LIMITATION**: Operate only within the context of the specific pull request being reviewed
+
+## Strict Prohibitions
+
+### Repository Modifications
+- **NEVER** commit code changes, even if requested
+- **NEVER** push to any branch
+- **NEVER** merge pull requests
+- **NEVER** modify git history (rebase, reset, force push, etc.)
+- **NEVER** create, delete, or modify branches
+- **NEVER** create or modify tags
+
+### Workflow & Automation
+- **NEVER** trigger, run, or execute other GitHub workflows
+- **NEVER** modify GitHub Actions workflow files
+- **NEVER** create or modify repository secrets
+- **NEVER** change repository settings or permissions
+
+### External Modifications
+- **NEVER** make write/modify API calls to external services
+- **NEVER** publish packages (cargo publish, npm publish, etc.)
+- **NEVER** deploy applications or infrastructure
+- **NEVER** modify external databases or services
+
+## Cargo Command Safety
+
+### Prohibited Cargo Commands
+- **NEVER** run `cargo publish` or `cargo publish --dry-run` (could leak information)
+- **NEVER** run `cargo install` (modifies global system state)
+- **NEVER** run `cargo uninstall`
+- **NEVER** run `cargo login`
+- **NEVER** run `cargo yank` or `cargo owner`
+- **NEVER** run any cargo subcommands that modify registry state
+
+### Allowed Cargo Commands (Read-Only Analysis)
+- ✅ `cargo check` - Type checking and validation
+- ✅ `cargo clippy` - Linting and suggestions
+- ✅ `cargo test` - Running tests (without `--release` for safety)
+- ✅ `cargo build` - Building (prefer `--debug` over `--release`)
+- ✅ `cargo tree` - Dependency analysis
+- ✅ `cargo audit` - Security vulnerability scanning
+- ✅ `cargo fmt --check` - Format checking (never with `--all` or without `--check`)
+- ✅ `cargo doc --no-deps` - Documentation generation (local only)
+- ✅ `cargo metadata` - Project metadata extraction
+
+### Cargo Command Safeguards
+- **ALWAYS** run cargo commands with `--locked` when possible to prevent dependency modifications
+- **PREFER** `cargo check` over `cargo build` for faster validation
+- **AVOID** `cargo build --release` unless necessary for performance-critical analysis
+- **NEVER** modify `Cargo.toml` or `Cargo.lock` files
+- **VERIFY** that test runs are isolated and won't affect external systems
+
+## Approved GitHub PR Review Actions
+
+### Comments & Reviews
+- ✅ Create review comments on specific lines of code
+- ✅ Create general PR comments
+- ✅ Delete or edit your own previous comments
+- ✅ Resolve comment threads you created
+- ✅ Submit reviews (APPROVE, COMMENT, REQUEST_CHANGES)
+
+### PR Analysis
+- ✅ Read PR description, files changed, and existing comments
+- ✅ Analyze code quality, security issues, and best practices
+- ✅ Check for breaking changes
+- ✅ Review dependency updates
+
+### Limitations
+- ❌ Do NOT resolve other users' comment threads
+- ❌ Do NOT edit other users' comments
+- ❌ Do NOT approve PRs without thorough analysis
+- ❌ Do NOT request changes without clear justification
+
+## Risk Assessment Protocol
+
+Before running ANY command that could have side effects:
+
+1. **ASK**: What is the purpose of this command?
+2. **VERIFY**: Is this command in the allowed list?
+3. **CHECK**: Does this command have any write/modify operations?
+4. **CONFIRM**: Is this command scoped to the current PR only?
+5. **VALIDATE**: Could this command affect external systems or state?
+
+If ANY answer raises concern, DO NOT EXECUTE the command.
+
+## File System Safety
+
+- **READ**: You may read any files in the repository
+- **TEMPORARY**: You may create temporary files for analysis (in `/tmp` or similar)
+- **CLEANUP**: Clean up any temporary files after use
+- **NO MODIFICATION**: Never modify tracked repository files
+
+## Network & API Safety
+
+- **READ-ONLY APIs**: Only call APIs for reading information (PR details, issue data, etc.)
+- **NO WEBHOOKS**: Never trigger external webhooks or notifications
+- **NO SECRETS**: Never log, expose, or transmit repository secrets
+- **RATE LIMITS**: Be mindful of GitHub API rate limits
+
+## Trust & Responsibility
+
+You are trusted to perform thorough, helpful PR reviews while respecting these boundaries. These restrictions exist to:
+
+- Protect the repository from accidental damage
+- Ensure human oversight for critical decisions (merging, deploying)
+- Prevent unintended external side effects
+- Maintain audit trails and accountability
+
+## When In Doubt
+
+If you're unsure whether an action is safe or allowed:
+
+1. **DON'T DO IT**
+2. Explain what you wanted to do and why
+3. Ask for explicit permission or clarification
+4. Suggest a safer alternative if available
+
+---
+
+**Remember**: Your role is to ANALYZE and ADVISE, not to MODIFY and DEPLOY.

package/scripts/bump-version.ts

@@ -1,5 +1,5 @@
 #!/usr/bin/env bun
-import { readFileSync, writeFileSync } from 'fs';
+import { readFileSync, writeFileSync } from 'node:fs';
 
 const type = process.argv[2] || 'patch';
 const pkg = JSON.parse(readFileSync('package.json', 'utf-8'));
@@ -12,5 +12,5 @@ pkg.version =
       ? `${major}.${minor + 1}.0`
       : `${major}.${minor}.${patch + 1}`;
 
-writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');
+writeFileSync('package.json', `${JSON.stringify(pkg, null, 2)}\n`);
 console.log(`Bumped to ${pkg.version}`);

package/scripts/generate-rust.ts

@@ -1,6 +1,6 @@
 #!/usr/bin/env bun
-import { resolve } from 'path';
-import { pathToFileURL } from 'url';
+import { resolve } from 'node:path';
+import { pathToFileURL } from 'node:url';
 
 const configPath = resolve(process.cwd(), '.github/rust-ci.ts');
 const userConfig = await import(pathToFileURL(configPath).href);

package/src/defaults.ts

@@ -0,0 +1,119 @@
+import {
+  type AiJob,
+  Arch,
+  type CargoSort,
+  type Clippy,
+  type Coverage,
+  type Dependencies,
+  type DocCheck,
+  type Extra,
+  type Fmt,
+  type Hack,
+  type Sanitizers,
+  type SemVer,
+} from './types';
+
+export const DEFAULT_AI: AiJob = {
+  enabled: true,
+  track_progress: true,
+  allowed_bots: '*',
+  claude_args:
+    ' --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(tsc *),Bash(tsgo *),Bash(bun *),Bash(find *),Bash(diff *),Bash(jq *),Bash(git *),Bash(cargo *),Bash(gh *)"',
+  use_sticky_comment: false,
+};
+
+export const DEFAULT_FMT: Fmt = {
+  if: true,
+  continueOnError: false,
+  run: 'cargo +nightly fmt --check --all',
+};
+
+export const DEFAULT_SEMVER: SemVer = {
+  if: true,
+  continueOnError: false,
+};
+
+export const DEFAULT_HACK: Hack = {
+  if: true,
+  continueOnError: false,
+  run: 'cargo hack --feature-powerset check',
+};
+
+export const DEFAULT_DOC_CHECK: DocCheck = {
+  if: true,
+  continueOnError: false,
+  run: 'cargo +nightly docs-rs',
+};
+
+export const DEFAULT_CARGO_SORT: CargoSort = {
+  if: true,
+  continueOnError: false,
+  run: 'if [ -f ./scripts/cargo-sort.sh ]; then\n  ./scripts/cargo-sort.sh\nelse\n  cargo sort -c -g\nfi\n',
+};
+
+export const DEFAULT_DEPENDENCIES: Dependencies = {
+  if: true,
+  continueOnError: false,
+  run: 'cargo machete --with-metadata',
+};
+
+export const DEFAULT_SANITIZERS: Sanitizers = {
+  enabled: true,
+  address: {
+    if: true,
+    continueOnError: false,
+    run: 'cargo test --lib --tests --no-fail-fast --target x86_64-unknown-linux-gnu -- --no-capture',
+  },
+  leak: {
+    if: true,
+    continueOnError: false,
+    run: 'cargo test --target x86_64-unknown-linux-gnu  -- --no-capture',
+  },
+  thread: {
+    if: false,
+    continueOnError: false,
+    run: 'cargo test --target x86_64-unknown-linux-gnu -- --test-threads=1',
+  },
+};
+
+export const DEFAULT_COVERAGE: Coverage = {
+  if: true,
+  continueOnError: false,
+  matrix: {
+    os: [Arch.ARM64],
+    toolchains: ['stable'],
+    features: ['default'],
+  },
+  run: `
+      cmd="cargo llvm-cov \${LLVM_ARGS} --locked --lcov --output-path lcov-\${FEATURES}.info --no-fail-fast"
+      if [ "$FEATURES" == "default" ]; then
+        $cmd -- --no-capture $CARGO_ARGS
+      else
+        $cmd --features "$FEATURES" -- --no-capture $CARGO_ARGS
+      fi
+      `,
+};
+
+export const DEFAULT_CLIPPY: Clippy = {
+  if: true,
+  continueOnError: false,
+  run: '',
+  flags: '',
+  matrix: {
+    os: [Arch.ARM64],
+    toolchains: ['stable'],
+    features: ['default'],
+  },
+};
+
+export const DEFAULT_EXTRA: Extra = {
+  if: false,
+  continueOnError: false,
+  run: '',
+  name: 'extra',
+  matrix: {
+    os: [Arch.ARM64],
+    toolchains: ['stable'],
+    features: ['default'],
+  },
+};