fix(ci): sync workflow SHA refs + fix auto-merge in bump-sha#169
Conversation
Workflow files had stale SHA 9b40a02 (pre-dating the revert-workflow approach). Now that RELEASE_PAT is used for git-push, all SHAs will stay in sync going forward via bump-self-sha.sh.
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
|
Warning Review limit reached
More reviews will be available in 10 minutes and 18 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (14)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
![openbot-dev[bot]](https://avatars.githubusercontent.com/u/279808688?s=60&v=4){kind=small}
There was a problem hiding this comment.
SHA bump introduces corrupted text in test.yml due to overly aggressive find-and-replace in bump-self-sha.sh
Repo-wide notes:
- high —
scripts/bump-self-sha.sh: The global sed/perl replacements|\Q${old_sha}\E|${new_sha}|gmatches the SHA anywhere in the file, including inside comments and prose text. It should be scoped to only replace SHAs that appear in valid contexts (e.g., after '@' in uses: lines, or as a value in manifest.yml). This caused the corruption in test.yml and will recur on future bumps.
| @@ -1,12 +1,12 @@ | |||
| # test.yml — Self-bootstrapping comprehensive test suite for OpenCI. | |||
| # test.yml — Self-34a93579aac0d1682cc65ab8b7c2c9e2d06b0953ping comprehensive test suite for OpenCI. | |||
There was a problem hiding this comment.
high — The old SHA (9b40a02...) was blindly replaced with the new SHA inside comments/descriptions, turning 'self-bootstrapping' into 'self-34a93579aac0d1682cc65ab8b7c2c9e2d06b0953ping'. This is a correctness bug — the word 'bootstrapping' was corrupted because the old SHA appeared as a substring of 'bootstrapping' (starting with '9b40a02').
self-34a93579aac0d1682cc65ab8b7c2c9e2d06b0953ping comprehensive test suite
| # part of the triggering merge. The guard condition prevents | ||
| # infinite loops when this merge triggers the workflow again. | ||
| # Uses direct squash-merge because auto-merge (--auto) requires | ||
| # branch protection rules on main, which aren't configured. |
There was a problem hiding this comment.
medium — The merge strategy changed from --auto (queue for merge after checks) to an immediate --squash merge. While the comments explain the rationale (no branch protection rules), this removes the safety net of required status checks — the bump PR is merged immediately without waiting for CI to pass on the PR itself.
gh pr merge "${pr_number}" --squash --delete-branch \
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| @@ -1,12 +1,12 @@ | |||
| # test.yml — Self-bootstrapping comprehensive test suite for OpenCI. | |||
| # test.yml — Self-34a93579aac0d1682cc65ab8b7c2c9e2d06b0953ping comprehensive test suite for OpenCI. | |||
There was a problem hiding this comment.
The SHA bump script replaced the word bootstrap with the new SHA (34a93579...) in four places in this file — lines 1, 9, 30, and 260. This leaves the file comment (Self-34a93579...ping), a workflow_dispatch input description, and the step name Run self-34a93579...ping E2E test all corrupted. The step name and description are user-visible in the GitHub Actions UI when triggering or inspecting the workflow. Looking at scripts/bump-self-sha.sh, the replacement uses perl -pi -e "s|\Q${old_sha}\E|${new_sha}|g" which is a literal match, so this points to old_sha being read as bootstra (8 chars) from manifest.yml rather than the intended hex SHA — causing bootstrapping → <SHA>pping. All four corrupted strings need to be restored to bootstrapping.
| if [ -n "${pr_number}" ]; then | ||
| gh pr merge "${pr_number}" --auto --squash \ | ||
| gh pr merge "${pr_number}" --squash --delete-branch \ | ||
| --subject "chore(manifest): bump YiAgent/OpenCI SHA to ${short_new} (#${pr_number})" \ | ||
| || echo "::warning::Auto-merge not enabled — repo may lack 'Allow auto-merge' setting." | ||
| || echo "::warning::Failed to auto-merge PR #${pr_number} — manual merge required." |
There was a problem hiding this comment.
Switching from gh pr merge --auto to gh pr merge --squash --delete-branch merges the bump PR immediately, before any CI checks triggered by the PR (e.g., pull-request.yml) have a chance to run or pass. If the bump PR ever contains an unintended change (e.g., a test.yml with corrupted text like in this very PR), it gets squashed directly into main with no gating. The --auto path at least waited for required checks. If branch protection rules can't be enabled, a sleep-and-poll approach, or a separate check-pr-status step that waits for checks to finish before merging, would preserve the safety net.
1 participant
Fixes
1. Sync workflow file SHA references
Workflow files had stale SHA
9b40a02afrom before the revert-workflow approach. Updated all 13 files to34a93579(current manifest.yml SHA). Future auto-bumps will keep them in sync via RELEASE_PAT.2. Fix auto-merge
gh pr merge --autorequires branch protection rules on main (GitHub GraphQL error:enablePullRequestAutoMerge). Switched to direct squash merge (--squash --delete-branch). The guard condition prevents infinite loops when the bump merge triggers the workflow again.no-issue
Need help on this PR? Tag
@codesmithwith what you need. Autofix is disabled.Greptile Summary
This PR performs two changes: a bulk sync of stale SHA references (
9b40a02a→34a93579) across 13 workflow files, and a fix to theon-main-bump-shaworkflow that switches the bump PR merge from--auto(requires branch protection) to an immediate--squash --delete-branch.uses: YiAgent/OpenCI/...@<sha>andreusable-*.yml@<sha>references are mechanically updated to the currentmanifest.ymlSHA. These changes are correct.test.ymlcorruption: The SHA replacement accidentally clobbered the wordbootstrapin four places — two comments, oneworkflow_dispatchinput description, and one step name — leaving strings likeself-34a93579aac0d1682cc65ab8b7c2c9e2d06b0953pingthat are visible in the GitHub Actions UI.on-main-bump-sha.yml): The switch to direct squash merge avoids theenablePullRequestAutoMergeGraphQL error, and the guard pattern correctly prevents infinite loops, but it also means the bump PR is now merged intomainwithout waiting for any CI checks to pass on that PR.Confidence Score: 3/5
Merge is blocked by corrupted text in test.yml that should be fixed before landing on main.
The bulk SHA update across 12 workflow files is correct. However, test.yml has four corrupted strings where the word "bootstrapping" was mangled into "34a93579...ping" — affecting an input description and a step name that are surfaced in the GitHub Actions UI. That corruption came from the same bump operation this PR is meant to fix, and it would land on main as-is. The auto-merge switch in on-main-bump-sha.yml is functional but removes the CI gate on bump PRs, which is a lesser concern compared to the test.yml issue.
.github/workflows/test.ymlneeds the four "bootstrapping" strings restored before merging.Important Files Changed
Sequence Diagram
sequenceDiagram participant M as Main Branch participant W as on-main-bump-sha participant S as bump-self-sha.sh participant G as Guard Step participant PR as Bump PR participant GH as gh pr merge M->>W: push to main (non-bump commit) W->>G: "check commit message & author" G-->>W: "skip=false" W->>S: run bump-self-sha.sh S->>S: resolve new SHA from remote HEAD S->>S: perl replace old SHA in manifest.yml + workflow files S-->>W: files updated W->>PR: git push chore/bump-self-sha-SHA W->>PR: gh pr create W->>GH: gh pr merge --squash --delete-branch (immediate, no CI wait) GH-->>M: squash commit merged M->>W: push triggered again (bump commit) W->>G: check commit message G-->>W: "skip=true (matches chore(manifest): bump YiAgent/OpenCI SHA)" W-->>W: workflow exits earlyReviews (1): Last reviewed commit: "fix(ci): sync workflow file SHA referenc..." | Re-trigger Greptile