Conversation
|
Going with a different solution to this issue |
HowardBraham
force-pushed
the
merge-method
branch
from
58ce776 to
e18f840
Compare
HowardBraham
changed the title
There was a problem hiding this comment.
Pull request overview
This PR enhances the reusable merge-approved-pr.yml workflow with additional configuration options and stricter validation capabilities. It introduces a merge-method input allowing callers to choose between merge commits and squash merges, and adds an optional verify-version-bump feature that validates PRs contain only a valid semantic version bump in package.json. The changes also refactor the workflow to use environment variables consistently across all steps, improving maintainability and reducing direct input references.
Changes:
- Added configurable merge method support (merge or squash) with input validation
- Implemented version bump verification to ensure PRs only change package.json version field with valid semver bumps
- Converted step outputs to workflow-level environment variables for consistent access patterns
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Can this be an action, rather than a reusable workflow?
There was a problem hiding this comment.
Hah, I literally got halfway into writing it that way and then decided against it. Should it be?
There was a problem hiding this comment.
I've updated most workflows to actions a little while ago. Mainly to be able to access github.action_ref and reduce the number of anti patterns in this repo, though I don't think that's relevant for this specific workflow.
Doesn't look like we need any of the workflow features (like matrices, parallelisation) here, so I would prefer using an action.
There was a problem hiding this comment.
It's an action now. Should we remove the wrapper stub at .github/workflows/merge-approved-pr.yml?
If we remove it, I think we would have to bump the whole github-tools to v2 because it causes an incompatibility.
There was a problem hiding this comment.
Maybe just deprecate it for now, so we don't have to release a new major?
There was a problem hiding this comment.
Ah how do we signify a deprecated wrapper stub?
There was a problem hiding this comment.
Apparently the deprecation notice is only for actions, not for reusable workflows. 😅 Just a comment on the top of the workflow is fine I think.
There was a problem hiding this comment.
Done. Anything else left to do here?
HowardBraham
force-pushed
the
merge-method
branch
from
f87cb6e to
b3bb8af
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| 'Validation failed: PR must only change package.json when verify-version-bump is enabled.', | ||
| ); | ||
| return; | ||
| } |
There was a problem hiding this comment.
Version bump rejects package.json in subdirectories
Low Severity
The version-bump check uses an exact match files[0].filename !== 'package.json', so only changes to the repository-root package.json pass. When verify-version-bump is true and the only change is a version bump in a subpackage (e.g., packages/core/package.json), validation incorrectly fails with "PR must only change package.json". GitHub's listFiles API returns the full path in filename, so subdirectory package.json files are rejected.
* 1.7.0 * Update CHANGELOG.md * Update CHANGELOG.md * add #201 to changelog --------- Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: sethkfman <10342624+sethkfman@users.noreply.github.com> Co-authored-by: tommasini <tommasini15@gmail.com> Co-authored-by: tommasini <46944231+tommasini@users.noreply.github.com>
## **Description** - Combines `merge-stable-sync-pr.yml` and `merge-version-bump-pr.yml` into a single workflow - `merge-version-bump-pr` now uses the new inputs `merge-method: 'squash'` and `verify-version-bump: true` - Changed here: MetaMask/github-tools#201 Tested on the consensys-test/metamask-extension-test-workflow2 repo: - consensys-test#231 - consensys-test#232 ## **Changelog** CHANGELOG entry: null <!--## **Related issues** ## **Manual testing steps** ## **Screenshots/Recordings** ## **Pre-merge author checklist** ## **Pre-merge reviewer checklist** [skip-e2e]--> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes CI automation that can auto-merge PRs; incorrect branch matching or action inputs could merge the wrong PRs or change merge semantics. > > **Overview** > Consolidates the two comment-triggered auto-merge workflows into a single `merge-my-pr.yml` that looks up the PR head branch via the GitHub API and then conditionally merges based on whether it matches `version-bump/X.Y.Z` or `stable-main-X.Y.Z`. > > Updates merge behavior: version-bump PRs now *squash merge* and enable `verify-version-bump: true`, while stable-main PRs use a regular *merge* method. The old `merge-stable-sync-pr.yml` and `merge-version-bump-pr.yml` workflows are removed. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit cc287b7. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
Adds reusable-workflow inputs:
Hardens all inputs used in bash or script to be env vars
If verify-version-bump is true, then verify that
Note
Medium Risk
Changes CI automation that can merge PRs, including new gating logic and squash support; misconfiguration or token permission issues could cause unintended merges or blocked releases.
Overview
Refactors the
merge-approved-prreusable workflow into a new composite action (.github/actions/merge-approved-pr) and simplifies the workflow to delegate to it (marked deprecated).The action adds configurable
merge-method(merge/squash), hardens input handling by passing values through env vars, and optionally enforces a version-bump-only policy by validating that the PR changes onlypackage.jsonand only theversionline with a valid semver +1 bump before allowing the merge.Written by Cursor Bugbot for commit ad58d2d. This will update automatically on new commits. Configure here.