fix(checkpoints): GH-24..27 accept reusable-workflow delegation#62
Merged
Conversation
The netresearch org publishes a reusable auto-merge workflow at
netresearch/.github/.github/workflows/auto-merge-deps.yml that
encapsulates the trigger, bot-gating, --auto merging, and dynamic
merge-strategy detection. Many project repos now use a thin caller:
jobs:
auto-merge:
uses: netresearch/.github/.github/workflows/auto-merge-deps.yml@main
Before this change:
- GH-24 required pull_request_target: in the caller file, but the
reusable workflow uses pull_request: (correct for workflow_call).
- GH-25/26/27 required inline bot-gating, --auto, and gh-api strategy
detection — all provided by the reusable workflow.
After: all four checkpoints accept either (a) delegation to the
reusable workflow or (b) the original inline implementation with
pull_request_target.
Verified: against netresearch/t3x-nr-llm, which delegates via
uses:, all four now pass instead of erroring.
Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de>
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
There was a problem hiding this comment.
Pull request overview
Updates the github-project skill’s mechanical checkpoints to recognize repositories that delegate dependency auto-merge to the netresearch org reusable workflow, avoiding false failures for “thin caller” workflow setups.
Changes:
- Adjusted GH-24..GH-27 regex checkpoints to accept either reusable-workflow delegation (
jobs.<job>.uses: netresearch/.github/.../auto-merge-deps.yml@...) or the previous inline implementation patterns. - Updated GH-24 description to reflect delegation compatibility (reusable workflow path) vs. the inline
pull_request_targetrequirement.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates the checkpoints.yaml file to allow auto-merge workflows to either delegate to a reusable organization workflow or implement the logic inline. The review feedback suggests making the regex patterns for checkpoints GH-24 through GH-27 more robust by accounting for optional quotes in YAML values, which ensures the validation logic handles different formatting styles correctly.
Two review-driven fixes addressing 12 inline comments from copilot-pull-request-reviewer and gemini-code-assist: 1. **Optional quoting after uses:** YAML allows uses: foo, uses: 'foo', and uses: "foo". The previous regex only matched the unquoted form, so a perfectly-correct quoted reusable-workflow delegation would fail. Pattern updated to allow optional ' or " after the colon+whitespace. 2. **auto-merge.yml as alternate filename**: GH-23 already accepts either auto-merge-deps.yml or auto-merge.yml, but GH-24..27 targeted only auto-merge-deps.yml. Repos using auto-merge.yml would error on missing-target. Switched target to glob .github/workflows/auto-merge*.yml so both filenames work. Verified against: - netresearch/t3x-nr-llm (auto-merge-deps.yml, unquoted uses): pass - fabricated auto-merge.yml fixture with quoted uses: pass Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de>
…ch quoted The previous fix used 'uses:[[:space:]]*["'\'']?...' which generated a yamllint syntax error (single-quoted YAML can't embed lone ' that way). Switch to matching just the unique netresearch reusable-workflow path without the uses:-prefix wrapper. The path string is unique enough that 'uses: foo', 'uses: "foo"', and 'uses: '\''foo'\''' all match identically — quoting around the path is irrelevant to whether the delegation exists. Cleaner regex, no YAML escape issues. Verified against: - nr-llm (unquoted uses): all 4 pass - fabricated quoted uses + auto-merge.yml: all 4 pass - yamllint: clean Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Many netresearch repos now delegate auto-merge to the org reusable workflow:
```yaml
jobs:
auto-merge:
uses: netresearch/.github/.github/workflows/auto-merge-deps.yml@main
```
The reusable workflow itself handles trigger, bot-gating, `--auto` merging, and dynamic merge-strategy detection. So the previous checkpoints (which required inline implementations in the caller file) flagged these modern, correct setups as errors.
Change
All four checkpoints (GH-24, GH-25, GH-26, GH-27) now accept either:
Regex alternation keeps the check mechanical.
Also corrected GH-24's description: `pull_request:` is the correct trigger when delegating via `uses:` (the reusable workflow declares both `pull_request:` and `workflow_call:` on purpose). The old description implied `pull_request_target:` was always required — not the case for the reusable pattern.
Verification
Against netresearch/t3x-nr-llm (thin caller), all four previously-error checkpoints now pass with evidence `Pattern found in .github/workflows/auto-merge-deps.yml`.
Test plan