Skip to content

GHA-286 create-pull-request supports other repos#144

Open
alex-meseldzija-sonarsource wants to merge 3 commits intomasterfrom
alex/other-repos
Open

GHA-286 create-pull-request supports other repos#144
alex-meseldzija-sonarsource wants to merge 3 commits intomasterfrom
alex/other-repos

Conversation

@alex-meseldzija-sonarsource
Copy link
Copy Markdown
Contributor

@alex-meseldzija-sonarsource alex-meseldzija-sonarsource commented May 1, 2026

Part of

@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod Bot changed the title create-pull-request supports other repos GHA-286 create-pull-request supports other repos May 1, 2026
@hashicorp-vault-sonar-prod
Copy link
Copy Markdown

hashicorp-vault-sonar-prod Bot commented May 1, 2026
edited by atlassian Bot
Loading

GHA-286

@sonar-review-alpha
Copy link
Copy Markdown
Contributor

sonar-review-alpha Bot commented May 1, 2026
edited
Loading

Summary

This PR extends the create-pull-request action to support creating pull requests in repositories other than the one where the action is running. The key change is dynamically determining the target repository using gh repo view instead of hardcoding $GITHUB_REPOSITORY. This enables workflows in SonarSource to replace their dependency on peter-evans/create-pull-request with their own implementation, making it possible to create PRs across different repositories in a unified way.

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

What reviewers should know

Core change location: create-pull-request/action.yml (lines 250-264, 404) — The action now queries the target repo dynamically and passes it through to API calls, rather than assuming it's always the current repository.

Workflow updates: Two actions that previously used peter-evans/create-pull-request (sonar-update-center-release and update-analyzer) now use the local action instead. The update-action-versions workflow has been refactored to use the local action and simplified by removing manual change detection (the action now handles this internally).

Non-obvious decisions:

  • The repo is detected using gh repo view --json nameWithOwner — reviewers should verify this works across different token scopes and repository configurations
  • The create-pull-request action outputs the resolved repo name, allowing callers to know which repository the PR was created in
  • Token handling changes: sonar-update-center-release removes the explicit token input (presumably using the default runner token), while update-analyzer retains its vault-sourced token

Test coverage to verify: Cross-repository PR creation with different token types, and backward compatibility when the action is used on its own repository

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@nils-werner-sonarsource nils-werner-sonarsource Awaiting requested review from nils-werner-sonarsource

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alex-meseldzija-sonarsource