Skip to content

Add missing pre-agent step to contribution-check workflow #25968

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pelikhan merged 2 commits into from
Apr 13, 2026
Merged

Add missing pre-agent step to contribution-check workflow #25968

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d68d5b6
Initial plan
Copilot Apr 13, 2026
95acc24
fix: add pre-agent step to contribution-check workflow to create pr-f…
Copilot Apr 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 32 additions & 11 deletions .github/workflows/contribution-check.lock.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

38 changes: 38 additions & 0 deletions .github/workflows/contribution-check.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,44 @@ safe-outputs:
target: "*"
target-repo: ${{ vars.TARGET_REPOSITORY }}
hide-older-comments: true
steps:
- name: Fetch and filter PRs
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Comment on lines +41 to +42
Copy link

Copilot AI Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pre-agent step uses only secrets.GITHUB_TOKEN for both GITHUB_TOKEN and GH_TOKEN. If TARGET_REPOSITORY points to a different repo (or requires elevated permissions), this can cause gh pr list to return empty/unauthorized results even though the workflow/other steps may be configured to use GH_AW_GITHUB_MCP_SERVER_TOKEN/GH_AW_GITHUB_TOKEN fallbacks. Consider using the same cascading token expression used elsewhere in this repo for consistency and cross-repo support.

Suggested change
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}

Copilot uses AI. Check for mistakes.
run: |
# Fetch open PRs from the target repository opened in the last 24 hours
SINCE=$(date -d '24 hours ago' '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null \
|| date -v-24H '+%Y-%m-%dT%H:%M:%SZ')

echo "Fetching open PRs from $TARGET_REPOSITORY created since $SINCE..."
ALL_PRS=$(gh pr list \
--repo "$TARGET_REPOSITORY" \
--state open \
--limit 100 \
--json number,createdAt \
--jq "[.[] | select(.createdAt >= \"$SINCE\")]" \
2>/dev/null || echo "[]")
Comment on lines +49 to +55
Copy link

Copilot AI Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gh pr list stderr is redirected to /dev/null and failures are converted to [], which can silently produce a misleading "no PRs" report when the API call actually failed (auth, rate limit, proxy/firewall). Consider preserving/logging the gh exit code and error output (while still writing pr-filter-results.json) so operational failures aren’t masked as empty results.

Suggested change
ALL_PRS=$(gh pr list \
--repo "$TARGET_REPOSITORY" \
--state open \
--limit 100 \
--json number,createdAt \
--jq "[.[] | select(.createdAt >= \"$SINCE\")]" \
2>/dev/null || echo "[]")
GH_PR_LIST_STDERR=$(mktemp)
ALL_PRS=$(gh pr list \
--repo "$TARGET_REPOSITORY" \
--state open \
--limit 100 \
--json number,createdAt \
--jq "[.[] | select(.createdAt >= \"$SINCE\")]" \
2>"$GH_PR_LIST_STDERR")
GH_PR_LIST_EXIT_CODE=$?
if [ "$GH_PR_LIST_EXIT_CODE" -ne 0 ]; then
echo "Warning: gh pr list failed with exit code $GH_PR_LIST_EXIT_CODE; continuing with empty PR list."
if [ -s "$GH_PR_LIST_STDERR" ]; then
echo "gh pr list stderr:"
cat "$GH_PR_LIST_STDERR"
fi
ALL_PRS='[]'
fi
rm -f "$GH_PR_LIST_STDERR"

Copilot uses AI. Check for mistakes.

TOTAL=$(echo "$ALL_PRS" | jq 'length')
echo "Found $TOTAL open PRs created in the last 24 hours"

# Cap the number of PRs to evaluate at 10
MAX_EVALUATE=10
EVALUATED=$(echo "$ALL_PRS" | jq --argjson max "$MAX_EVALUATE" '[.[0:$max][] | .number]')
EVALUATED_COUNT=$(echo "$EVALUATED" | jq 'length')
SKIPPED_COUNT=$((TOTAL - EVALUATED_COUNT))

# Write results to workspace root
jq -n \
--argjson pr_numbers "$EVALUATED" \
--argjson skipped_count "$SKIPPED_COUNT" \
--argjson evaluated_count "$EVALUATED_COUNT" \
'{pr_numbers: $pr_numbers, skipped_count: $skipped_count, evaluated_count: $evaluated_count}' \
> "$GITHUB_WORKSPACE/pr-filter-results.json"

echo "✓ Wrote pr-filter-results.json: $EVALUATED_COUNT to evaluate, $SKIPPED_COUNT skipped"
cat "$GITHUB_WORKSPACE/pr-filter-results.json"
---

## Target Repository
Expand Down
Loading