Skip to content

fix(ci): complete guard fix — prevent bump-sha infinite loop#141

Merged
YiWang24 merged 4 commits into
mainfrom
fix/bump-sha-guard-complete
May 5, 2026
Merged

fix(ci): complete guard fix — prevent bump-sha infinite loop#141
YiWang24 merged 4 commits into
mainfrom
fix/bump-sha-guard-complete

Conversation

@YiWang24

@YiWang24 YiWang24 commented May 5, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Collaborator

Summary

Completes the fix for the infinite SHA-bump loop. PR #136 added the Guard step and detection logic, but missed adding steps.guard.outputs.skip != 'true' to the two steps that actually perform the work:

  • Run bump-self-sha.sh — was gated only on steps.check.outputs.skip != 'true'; when check is skipped, its output is "", and "" != 'true' evaluates to true in GitHub Actions, so the script ran anyway
  • Commit, supersede older bumps, open PR — same issue; commit and PR creation executed despite the guard firing

Also fixes the same empty-output problem in auto-release.yml for Calculate new version, Create and push tag, Summary, and No release needed steps.

Additionally aligns the SHA in docs.yml/manifest.yml to the current main HEAD (after bump PRs #138/#139 merged), and updates stale BATS tests that were asserting against a removed ingest job and repository_dispatch trigger in issue-ops.yml.

Root cause pattern

In GitHub Actions, when a step is skipped, its outputs are empty strings. Any condition like steps.X.outputs.Y != 'some_value' will be true when X was skipped, because "" != 'some_value'. The fix is to always gate downstream steps on the guard output directly.

Test plan

  • Merge this PR — confirm on-main-bump-sha creates one bump PR and stops (no second PR after the bump is merged)
  • Verify all 743+ BATS tests pass (verified locally via pre-push hook)

View in Codesmith
Need help on this PR? Tag @codesmith with what you need.

  • Let Codesmith autofix CI failures and bot reviews

Summary by CodeRabbit

  • Chores
    • Improved automation gating to prevent unwanted automated commits and version bumps.
    • Updated internal workflow references to latest versions.
    • Enhanced test coverage for workflow automation.

YiWang24 added 4 commits May 4, 2026 20:21
@YiWang24
fix(ci): guard all auto-release steps against skipped analyze outputs
45a9273 
When the Guard step sets skip=true, downstream steps with conditions like
'steps.analyze.outputs.bump != none' would still run because an empty
string is not equal to 'none'. This caused Calculate/Create/Summary to
execute with empty LATEST_TAG, producing the invalid tag 'v..'.

Add 'steps.guard.outputs.skip != true' to all four dependent steps.
@YiWang24
fix(ci): add guard to bump-self-sha run/commit steps
487026f 
When guard sets skip=true, steps.check never runs so its output is
empty string. 'empty != true' evaluates to true in GitHub Actions,
causing Run bump-self-sha.sh and Commit steps to execute despite the
guard. Fix by adding steps.guard.outputs.skip != 'true' to both steps.
@YiWang24
chore(manifest): align SHA to main after bump PRs merged
7559621
@YiWang24
test(issue-ops): update bats tests to match cleaned-up issue-ops.yml
493270f 
The ingest job and repository_dispatch trigger were removed from
issue-ops.yml in a previous cleanup commit but the tests were not
updated. Align tests with the current 3-job structure (lifecycle,
maintenance, manual) and remove assertions for the deleted ingest
mode and its associated secrets (sentry-token, linear-token).
@qodo-code-review

qodo-code-review Bot commented May 5, 2026

Copy link
Copy Markdown 
ⓘ You've reached your Qodo monthly free-tier limit. Reviews pause until next month — upgrade your plan to continue now, or link your paid account if you already have one.

@YiWang24 YiWang24 merged commit ea582e6 into main May 5, 2026
12 of 13 checks passed
@YiWang24 YiWang24 deleted the fix/bump-sha-guard-complete branch May 5, 2026 00:33
@coderabbitai

coderabbitai Bot commented May 5, 2026
edited
Loading

Copy link
Copy Markdown

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 6e7ddba0-4ce6-4e2f-920b-364b02621f10

📥 Commits

Reviewing files that changed from the base of the PR and between 84b9a6b and 493270f.

📒 Files selected for processing (6)
  • .github/workflows/auto-release.yml
  • .github/workflows/docs.yml
  • .github/workflows/on-main-bump-sha.yml
  • tests/actions/issue-agent-workflow.bats
  • tests/actions/on-issue-routing.bats
  • tests/actions/self-test-routing.bats
📝 Walkthrough

Walkthrough

This PR updates GitHub Actions workflows and their tests. Guard-based conditional gating is added to release and bump workflows to prevent bot-authored commits from triggering those actions. Separately, workflow consolidation removes the ingest mode and job, reducing from four to three jobs, with corresponding test updates. A reusable workflow dependency SHA is also pinned to a newer commit.

Changes

Guard-based Conditional Gating

Layer / File(s) Summary
Release/Bump Workflow Conditions
.github/workflows/auto-release.yml, .github/workflows/on-main-bump-sha.yml		 Steps that create tags, versions, release summaries, and SHA bumps are now gated on both guard check (steps.guard.outputs.skip != 'true') and existing condition checks, preventing these operations when commits are identified as bot-authored or SHA-bump commits.

Workflow Consolidation: ingest Mode/Job Removal

Layer / File(s) Summary
Structural Test Updates
tests/actions/on-issue-routing.bats		 Routing tests updated to expect three jobs instead of four, with workflow_dispatch mode options reduced to lifecycle and maintenance only. Tests for repository_dispatch trigger and ingest job routing removed. Secret-propagation and runner assertions adjusted from 4 to 3 occurrences.
Agent Workflow Test Updates
tests/actions/issue-agent-workflow.bats		 Assertions updated to remove the mode: ingest check from ENTRY, keeping only mode: lifecycle and mode: maintenance.
Manual Trigger Test Updates
tests/actions/self-test-routing.bats		 Tests updated to assert workflow_dispatch trigger (replacing repository_dispatch check) and manual job (replacing ingest job check) for issue-ops.yml.

Reusable Workflow Dependency Update

Layer / File(s) Summary
Documentation Workflow Pinning
.github/workflows/docs.yml		 Reusable documentation workflow reference SHA updated from 4e1ecadc... to 9bd9cf08...; all job inputs and secret mappings unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • YiAgent/OpenCI#72: Updates the same .github/workflows/docs.yml reusable-docs workflow SHA pin.
  • YiAgent/OpenCI#33: Overlaps with workflow consolidation changes that remove ingest mode and adjust routing job structure tested in this PR.
  • YiAgent/OpenCI#86: Modifies .github/workflows/on-main-bump-sha.yml with related hardening of branch/PR creation alongside the guard-based gating added here.

Suggested labels

area:ci, area:tests

Poem

🐰 Guard gates stand proud and tall,
Release flows skip the bot's call,
Three jobs now dance where four once played,
Workflows trim their grand parade!

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/bump-sha-guard-complete

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud

sonarqubecloud Bot commented May 5, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

This was referenced May 26, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area:ci

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@YiWang24