Skip to content

Fix newsletter workflow auth so buttondown_id commit succeeds#409

Merged
coreyja merged 2 commits into
mainfrom
fix-newsletter-commit-auth
Jun 6, 2026
Merged

Fix newsletter workflow auth so buttondown_id commit succeeds#409
coreyja merged 2 commits into
mainfrom
fix-newsletter-commit-auth

Conversation

@byte-the-bot

@byte-the-bot byte-the-bot commented Jun 6, 2026

Copy link
Copy Markdown
Collaborator

Summary

The Publish Newsletter workflow has been failing on every push to main since 2026-06-05 13:42 UTC. The failure is not in the publish step — that succeeds and creates the Buttondown draft. The failure is the trailing Commit buttondown_id updates step: the default GITHUB_TOKEN isn't a bypass actor on the main-branch ruleset, so git push is rejected.

Net effect: every push to main yesterday (every Sync syndication state commit) re-published ep3 as a fresh draft, failed to commit the id back, and the next push did it again. Ep 3 (blog/weekly/20260407/index.md) accumulated ~50 duplicate Buttondown drafts.

Fix

Mirror the GitHub-App-token pattern already used by .github/workflows/bluesky.yml:

  • Mint a token via actions/create-github-app-token (the App is the configured ruleset bypass actor).
  • Hand it to actions/checkout so subsequent git ops use it.
  • Check out ref: main rather than the trigger SHA so a queued run sees the freshest frontmatter.
  • git pull --rebase origin main before push to absorb any commits landed during the run.
  • Add concurrency: newsletter-publish (cancel-in-progress: false) so two pushes can't race the same unpublished file through publish and double-create the draft.

Tests

Two regression tests on commands::buttondown::parse_frontmatter covering the new subtitle / atproto_uri / atproto_pub_cid / publication fields from PRs #404-#408 — confirming serde is not the regression. All 25 buttondown tests pass; clippy clean (-D warnings).

Followup not in this PR

~50 duplicate ep3 Buttondown drafts to clean up manually. Once this PR merges, the next push triggers the workflow, publishes ep3 one more time (51st), and the commit-back finally lands the buttondown_id so subsequent runs short-circuit.

Test plan

  • Merge PR
  • Next push to main turns workflow green
  • blog/weekly/20260407/index.md ends up with buttondown_id: via auto-commit
  • Manually clean up duplicate Buttondown drafts (keep one canonical, ~50 dupes)

🤖 Generated with Claude Code

@byte-the-bot @claude
Fix newsletter workflow auth so buttondown_id commit back to main suc…
7d4f40b 
…ceeds

The `Commit buttondown_id updates` step has been failing on every push
to main since 2026-06-05 13:42 UTC. The publish step is fine — it
successfully creates the Buttondown draft. The failure is the `git push`
back to main: the default GITHUB_TOKEN is not a bypass actor on the
main-branch ruleset, so the push gets rejected.

The net effect is that each push to main (every "Sync syndication state"
commit landed today) re-publishes the same newsletter as a fresh draft,
then fails to commit the id back, guaranteeing the next push does it
again. Ep 3 has been duplicated as a Buttondown draft for every run since
the regression landed.

Match the auth pattern already used by `bluesky.yml`, which pushes
syndication state back to main successfully:

  - Mint a token via `actions/create-github-app-token` (the GitHub App
    is the configured bypass actor on the ruleset).
  - Pass that token to `actions/checkout` so subsequent `git push` uses
    it.
  - Check out `ref: main` rather than the trigger SHA, so a queued run
    sees the freshest frontmatter.
  - `git pull --rebase origin main` before push to absorb any commits
    that landed during the workflow run.
  - Add `concurrency: newsletter-publish` (cancel-in-progress: false) so
    two pushes can't race the same unpublished file through publish and
    double-create the draft.

Tests: add two regression tests against the buttondown frontmatter
parser. The first covers the exact shape sync writes onto disk — title,
date, `is_newsletter: true`, plus the new `subtitle`, `atproto_uri`,
`atproto_pub_cid`, and `publication` fields from PRs #404-#408 — and
asserts it deserializes with no `buttondown_id`. The second covers the
blank-line-after-`---` layout the sync tool produces on `weekly/20260407/
index.md`. These pin down the user's hypothesis that something in the
new frontmatter shape broke serde — confirming it does not.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@byte-the-bot @claude
rustfmt: line wrap the long test string literal
b777dfb 
CI Lint job failed `cargo fmt --check` on the
test_parse_frontmatter_blank_lines_between_delimiter_and_first_key
literal. Applied `cargo fmt` to wrap.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@coreyja coreyja merged commit a64b8f5 into main Jun 6, 2026
6 checks passed
@coreyja coreyja deleted the fix-newsletter-commit-auth branch June 6, 2026 14:31
@byte-the-bot byte-the-bot mentioned this pull request Jun 6, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coreyja coreyja coreyja approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@byte-the-bot @coreyja