Make verify step generic: discover build/test tools from repo config

meysholdt · ona-agent · meysholdt · commit d411dee66f70 · 2026-03-09T13:12:04.000Z
Co-authored-by: Ona &lt;no-reply@ona.com&gt;
diff --git a/.ona/fix-codescan-alert.yaml b/.ona/fix-codescan-alert.yaml
@@ -51,14 +51,14 @@ action:
         prompt: |
           Verify the fix from the previous step:
 
-          1. Run `./mvnw compile test` to compile and run all tests.
-          2. If compilation or tests fail:
-             a. Read the error output carefully.
-             b. Identify whether the failure is caused by the fix or a pre-existing issue.
-             c. If caused by the fix, adjust the code and retry.
-             d. Rerun `./mvnw compile test`.
-             e. Repeat until all tests pass.
-          3. Once tests pass, confirm the fix is complete.
+          1. Identify the project's build tool, test runner, and linter from the
+             repo config files.
+          2. Compile the project. If it fails, read the errors, fix them, and retry.
+          3. Find all test suites and verification commands that could exercise the
+             modified code. Run them.
+          4. If any check fails, determine whether the failure is caused by your
+             change or is pre-existing. Fix what you broke and rerun.
+          5. Repeat until all checks pass.
 
     - pullRequest:
         branch: codescan-fix/
diff --git a/.ona/fix-dependabot-alert.yaml b/.ona/fix-dependabot-alert.yaml
@@ -50,16 +50,16 @@ action:
         prompt: |
           Verify the fix from the previous step:
 
-          1. Run `./mvnw compile test` to compile and run all tests.
-          2. If compilation or tests fail:
-             a. Read the error output carefully.
-             b. Identify whether the failure is caused by the upgrade or a pre-existing issue.
-             c. If caused by the upgrade, check for breaking API changes and adapt the code.
-             d. Rerun `./mvnw compile test`.
-             e. Repeat until all tests pass.
-          3. Run `./mvnw dependency:tree -Dincludes=<groupId>:<artifactId>` to confirm
-             the vulnerable version is no longer in the dependency tree.
-          4. Once tests pass and the old version is gone, confirm the fix is complete.
+          1. Identify the project's build tool, test runner, and linter from the
+             repo config files.
+          2. Compile the project. If it fails, read the errors, fix them, and retry.
+          3. Find all test suites and verification commands that could exercise the
+             modified code. Run them.
+          4. If any check fails, determine whether the failure is caused by your
+             change or is pre-existing. Fix what you broke and rerun.
+          5. Repeat until all checks pass.
+          6. For dependency upgrades, confirm the vulnerable version is no longer
+             in the resolved dependency tree.
 
     - pullRequest:
         branch: dependabot-fix/
