Skip to content

ci: add weekly upstream sync workflow#42

Open
VadymFlamingo wants to merge 1 commit into
developfrom
hotfix/add-upstream-sync
Open

ci: add weekly upstream sync workflow#42
VadymFlamingo wants to merge 1 commit into
developfrom
hotfix/add-upstream-sync

Conversation

@VadymFlamingo

@VadymFlamingo VadymFlamingo commented Jun 2, 2026

Copy link
Copy Markdown

Summary by CodeRabbit

  • Chores
    • Added an automated workflow to synchronize upstream repository changes. The workflow runs weekly on a set schedule and can be triggered manually. It automatically creates pull requests to integrate the latest upstream changes, reducing manual synchronization efforts and helping maintain consistency with the original repository.

@coderabbitai

coderabbitai Bot commented Jun 2, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow automates synchronization from the upstream amidaware/tacticalrmm repository. The workflow runs weekly and on manual dispatch, creating or updating a sync branch and opening a PR with upstream changes, while preventing duplicate PRs and handling merge conflicts.

Changes

Upstream Sync Automation

Layer / File(s) Summary
Complete sync workflow
.github/workflows/sync-upstream.yml
Workflow triggers (weekly cron and manual dispatch), permissions for code and PR creation, and job steps that prevent duplicate PRs, fetch upstream, merge changes with conflict skipping, and open a PR targeting develop.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabbit hops to sync upstream,
With schedule and dispatch so keen,
No duplicate PRs shall appear,
Just clean merges, crisp and clear!
Conflicts handled with a bound,
Automation all around! 🌟

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title 'ci: add weekly upstream sync workflow' accurately describes the main change—adding a new GitHub Actions workflow for weekly upstream synchronization.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch hotfix/add-upstream-sync

Comment @coderabbitai help to get the list of available commands and usage tips.

@VadymFlamingo VadymFlamingo self-assigned this Jun 2, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/sync-upstream.yml:
- Around line 41-43: The workflow currently swallows merge conflicts by echoing
a notice and exiting 0 in the block that starts with the conditional "if ! git
merge --no-ff --no-edit upstream/develop; then" — change that behavior so
failures are surfaced: replace the silent-success path (the echo "::notice::..."
and "exit 0") with an explicit failure signal (e.g., emit "::error::merge has
conflicts — manual intervention required" and exit with a non-zero status such
as "exit 1") so the job is marked failed and requires attention.
- Around line 19-21: The workflow currently uses the mutable tag "uses:
actions/checkout@v4"; replace that with an immutable reference (an exact commit
SHA or digest) so the action is pinned and cannot change unexpectedly—update the
"uses: actions/checkout@v4" line to "uses: actions/checkout@<commit-sha>" (or
the equivalent digest form) to lock the dependency and commit the change.
- Around line 19-21: The workflow currently checks out with "contents: write"
and later does a forced push (git push -f origin "$BRANCH"); do not add or set
persist-credentials: false on the actions/checkout@v4 step unless you also add
explicit auth before the push. To fix, either omit persist-credentials entirely
(leave actions/checkout@v4 as shown with fetch-depth: 0 and contents: write) or,
if you must set persist-credentials: false, add an explicit authentication step
(e.g., gh auth setup-git or configure an authenticated remote/token) before the
git push -f origin "$BRANCH" so the push has valid credentials. Ensure the
checkout step and the push sequence reference actions/checkout@v4 and the git
push command accordingly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 993e20e8-2c20-4fce-b2c9-a0607e2394b8

📥 Commits

Reviewing files that changed from the base of the PR and between dabd2f3 and ebabb9a.

📒 Files selected for processing (1)
  • .github/workflows/sync-upstream.yml

Comment thread .github/workflows/sync-upstream.yml
Comment thread .github/workflows/sync-upstream.yml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants