Skip to content
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion .github/workflows/update-tox.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ jobs:
run: |
COMMIT_TITLE="ci: 🤖 Update test matrix with new releases"
DATE=`date +%m/%d`
BRANCH_NAME="toxgen/update"
BRANCH_NAME="toxgen/update-$(date +%m-%d)"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Date-based branch breaks old PR cleanup logic

Medium Severity

Changing BRANCH_NAME from a static toxgen/update to a date-based toxgen/update-$(date +%m-%d) breaks the existing PR cleanup logic. The cleanup query filters by head: owner:branchName, so it only finds PRs matching the current week's branch name. PRs from previous weeks (e.g., toxgen/update-02-12) will never match toxgen/update-02-19 and will accumulate as unclosed open PRs.

Additional Locations (1)

Fix in Cursor Fix in Web


git checkout -B "$BRANCH_NAME"
git add --all
Expand Down Expand Up @@ -109,3 +109,18 @@ jobs:
issue_number: pr.number,
labels: ['Component: CI', 'Component: Tests']
});

// Close and reopen the PR to trigger CI
// (PRs created by GITHUB_TOKEN don't trigger workflows)
await github.rest.pulls.update({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: pr.number,
state: 'closed'
});
await github.rest.pulls.update({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: pr.number,
state: 'open'
});
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Close/reopen with GITHUB_TOKEN won't trigger CI

High Severity

The close/reopen workaround won't actually trigger CI workflows. GitHub prevents all events generated by GITHUB_TOKEN from triggering subsequent workflows — not just PR creation. Since this workflow authenticates with the default GITHUB_TOKEN (line 28), the close and reopen API calls are also attributed to GITHUB_TOKEN, so no pull_request event fires. A Personal Access Token or GitHub App installation token is needed instead.

Fix in Cursor Fix in Web

Loading