refactor: CI workflow improvements for Kilo

[catrielmuller]

Summary

• Refactored CI workflows to use Kilo-specific credentials and naming conventions
• Re-enabled previously disabled workflows (beta sync, generate, containers, PR management)
• Improved PR management workflows with org member check instead of hardcoded allowlist
• Updated container registry references from anomalyco to Kilo-Org
• Enhanced cache keys to be OS-specific for better cache isolation
• Added reusable workflow for checking organization membership

Changes

Workflow improvements

• Re-enabled beta.yml workflow with Kilo credentials
• Re-enabled generate.yml workflow with Kilo credentials
• Re-enabled containers.yml workflow for building container images
• Re-enabled pr-management.yml with proper Kilo API integration
• Improved pr-standards.yml to use org membership check

New features

• Added check-org-member.yml reusable workflow for checking if user is org member or kilo-maintainer bot
• Added setup-kilo GitHub Action to install Kilo CLI globally

Configuration updates

• Updated setup-git-committer action to use kilo-maintainer credentials
• Updated setup-bun action to use OS-specific cache keys
• Changed container registry from ghcr.io/anomalyco to ghcr.io/Kilo-Org
• Updated Docker buildx builder name from "opencode" to "kilo"

All changes are marked with kilocode_change comments for easy tracking during upstream merges.

[kiloconnect]

WARNING: sync job if condition can never be true for this workflow’s triggers

This workflow only runs on workflow_dispatch and schedule, but the job condition checks for push or pull_request. As written, sync will always be skipped (including on the hourly cron). Consider removing the condition or updating it to include schedule/workflow_dispatch.

[kiloconnect]

Code Review Summary

Status: 3 Issues Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	1
WARNING	1
SUGGESTION	1

Fix these issues in Kilo Cloud

Issue Details (click to expand)

CRITICAL

File	Line	Issue
.github/workflows/containers.yml	21	${{ toLower(...) }} is not a supported GitHub Actions expression function; REGISTRY will not evaluate as intended

WARNING

File	Line	Issue
packages/containers/script/build.ts	26	Buildx builder detection uses substring match (list.includes("kilo")), which can select the wrong builder name and cause docker buildx use kilo to fail

SUGGESTION

File	Line	Issue
.github/actions/setup-kilo/action.yml	8	Pin @kilocode/cli version for reproducible CI

Other Observations (not in diff)

Issues found in unchanged code that cannot receive inline comments:

File	Line	Issue
packages/web/src/content/docs/index.mdx	48	Install instructions still reference opencode-ai/opencode in several places; may be intentional, but worth confirming as part of migration
packages/opencode/script/publish.ts	61	Release artifact names and Homebrew tap still reference opencode/anomalyco; likely part of a broader rename not addressed in this PR

Files Reviewed (20 files)

• .github/actions/setup-bun/action.yml
• .github/actions/setup-git-committer/action.yml
• .github/actions/setup-kilo/action.yml - 1 issue
• .github/workflows/beta.yml
• .github/workflows/check-org-member.yml
• .github/workflows/close-stale-prs.yml
• .github/workflows/containers.yml - 1 issue
• .github/workflows/generate.yml
• .github/workflows/pr-management.yml
• .github/workflows/pr-standards.yml
• packages/containers/README.md
• packages/containers/bun-node/Dockerfile
• packages/containers/publish/Dockerfile
• packages/containers/rust/Dockerfile
• packages/containers/script/build.ts - 1 issue
• packages/containers/tauri-linux/Dockerfile
• packages/opencode/script/pack.ts
• packages/opencode/script/publish.ts
• packages/opencode/src/cli/cmd/tui/component/tips.tsx
• packages/web/src/content/docs/index.mdx

[kiloconnect]

CRITICAL: Hyphenated inputs key must use bracket notation

GitHub Actions expressions treat - as subtraction in dot-notation (e.g. inputs.kilo-maintainer-app-id), which can break expression parsing and prevent the app token from being created. Use bracket notation for hyphenated keys.

Suggested change

	app-id: ${{ inputs.kilo-maintainer-app-id }}
	app-id: ${{ inputs['kilo-maintainer-app-id'] }}

[kiloconnect]

CRITICAL: Hyphenated inputs key must use bracket notation

Same parsing issue as the app-id line above; this can cause private-key to be empty and actions/create-github-app-token@v2 to fail.

Suggested change

	private-key: ${{ inputs.kilo-maintainer-app-secret }}
	private-key: ${{ inputs['kilo-maintainer-app-secret'] }}

[kiloconnect]

CRITICAL: Hyphenated output key should use bracket notation

${{ jobs.check.outputs.is-member }} is likely to be parsed as subtraction (outputs.is - member). Use bracket notation when referencing outputs that contain hyphens.

Suggested change

	value: ${{ jobs.check.outputs.is-member }}
	value: ${{ jobs.check.outputs['is-member'] }}