Improve Workflow Robustness and Feedback (#256)

google-labs-jules[bot] · greenc-FNAL · Copilot · web-flow · commit cafdea9f1986 · 2026-01-20T16:22:17.000-06:00
* maintenance: Improve workflow robustness and feedback This commit introduces two main improvements to the GitHub Actions workflows: 1. **Emoji Reaction for Issue Comments:** The `get-pr-info` reusable action now automatically adds an "eyes" (👀) emoji reaction to any issue comment that triggers a workflow. This provides immediate visual feedback to the user that their command has been acknowledged. This logic is centralized in the reusable action, ensuring it is applied consistently across all workflows that use it. 2. **Robust Concurrent Push Handling:** The `handle-fix-commit` reusable action has been enhanced to gracefully handle race conditions where multiple workflows attempt to push to the same branch simultaneously. The third-party `EndBug/add-and-commit` action has been replaced with a custom script that implements a "rebase and retry" mechanism. If a push fails, the script will automatically fetch the latest changes, rebase the local commit, and retry the push, attempting this up to five times before failing. This prevents silent failures and makes the "fix" workflows more reliable. * maintenance: Address feedback from code review This commit incorporates feedback from the code review: - Adds a conditional check to the emoji reaction step to ensure it only runs on `issue_comment` events. - Improves the `handle-fix-commit` action by: - Using local instead of global git config. - Properly authenticating git push with the provided token. - Refining the rebase-and-retry logic for better robustness. - Ensuring the reported commit SHA is accurate after a potential rebase. * maintenance: Address feedback from code review This commit incorporates feedback from the code review: - Adds a conditional check to the emoji reaction step to ensure it only runs on `issue_comment` events. - Improves the `handle-fix-commit` action by: - Using local instead of global git config. - Properly authenticating git push with the provided token. - Refining the rebase-and-retry logic for better robustness. - Ensuring the reported commit SHA is accurate after a potential rebase. * fix: Correct remote URL for forks in handle-fix-commit This commit addresses a critical bug in the `handle-fix-commit` action where the `git remote` was always being set to the base repository. The action now correctly uses the `pr-info-repo` input to set the remote URL. This ensures that for pull requests from forks, the `git fetch`, `git rebase`, and `git push` commands all target the contributor's forked repository, allowing the rebase-and-retry logic to function as intended. * fix: Improve security and robustness of handle-fix-commit This commit addresses feedback from the latest code review, making the `handle-fix-commit` action more secure and robust: - **Secure Token Handling:** Replaces the `git remote set-url` method with a credential helper to avoid exposing the token in logs. - **Safer Staging:** Changes `git add .` to `git add -u` to prevent accidentally staging untracked files. - **Configurable Retries:** Adds a `retry-attempts` input to the action, making the retry logic transparent and configurable, with a default of 6. * Delete credentials file on exit Avoids potential credential leakage, per #256 (comment) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Chris Green <greenc@fnal.gov> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
diff --git a/.github/actions/get-pr-info/action.yaml b/.github/actions/get-pr-info/action.yaml
@@ -25,3 +25,15 @@ runs:
           core.setOutput('ref', pr.data.head.ref);
           core.setOutput('sha', pr.data.head.sha);
           core.setOutput('repo', pr.data.head.repo.full_name);
+    - name: React to comment
+      if: github.event_name == 'issue_comment'
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      continue-on-error: true
+      with:
+        script: |
+          github.rest.reactions.createForIssueComment({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            comment_id: context.payload.comment.id,
+            content: 'eyes'
+          });
diff --git a/.github/actions/handle-fix-commit/action.yaml b/.github/actions/handle-fix-commit/action.yaml
@@ -18,6 +18,10 @@ inputs:
   pr-info-repo:
     description: 'The repository of the PR'
     required: true
+  retry-attempts:
+    description: 'The number of times to retry pushing the commit.'
+    required: false
+    default: '6'
 
 runs:
   using: "composite"
@@ -53,21 +57,50 @@ runs:
           core.setOutput('maintainer_can_modify', pr.maintainer_can_modify);
     - name: Commit fixes
       if: steps.check_changes.outputs.changes == 'true' && (inputs.pr-info-repo == github.repository || steps.pr-properties.outputs.maintainer_can_modify == 'true')
-      uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
-      id: add_and_commit
-      with:
-        token: ${{ inputs.token }}
-        cwd: ${{ inputs.working-directory }}
-        author_name: "github-actions[bot]"
-        author_email: "41898282+github-actions[bot]@users.noreply.github.com"
-        message: "Apply ${{ inputs.tool }} fixes"
+      id: commit_and_push
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: |
+        git config --local user.name "github-actions[bot]"
+        git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+
+        export GITHUB_TOKEN=${{ inputs.token }}
+        echo "https://x-access-token:${GITHUB_TOKEN}@github.com" > ~/.git-credentials
+        trap 'rm -f ~/.git-credentials' EXIT
+        git config --local credential.helper 'store --file ~/.git-credentials'
+
+        git add -u
+        git commit -m "Apply ${{ inputs.tool }} fixes"
+
+        for i in $(seq 1 ${{ inputs.retry-attempts }}); do
+          if git push origin HEAD:${{ inputs.pr-info-ref }}; then
+            echo "Push successful on attempt $i."
+            COMMIT_SHA=$(git rev-parse HEAD)
+            echo "commit_sha=$COMMIT_SHA" >> $GITHUB_OUTPUT
+            echo "pushed=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+          if [ $i -eq ${{ inputs.retry-attempts }} ]; then
+            break
+          fi
+          echo "Push failed on attempt $i. Fetching and rebasing before retry..."
+          git fetch origin
+          if ! git rebase origin/${{ inputs.pr-info-ref }}; then
+            echo "::error::Automatic rebase failed. Please resolve conflicts manually."
+            exit 1
+          fi
+          echo "Waiting before retry..."
+          sleep $((5 * i))
+        done
+        echo "::error::Failed to push changes after multiple retries."
+        exit 1
 
     - name: Notify of commit
-      if: steps.add_and_commit.conclusion == 'success' && steps.add_and_commit.outputs.committed == 'true' && steps.add_and_commit.outputs.pushed == 'true'
+      if: steps.commit_and_push.conclusion == 'success' && steps.commit_and_push.outputs.pushed == 'true'
       uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
       with:
         message: |
-          Automatic ${{ inputs.tool }} fixes pushed (commit ${{ steps.add_and_commit.outputs.commit_sha }}).
+          Automatic ${{ inputs.tool }} fixes pushed (commit ${{ steps.commit_and_push.outputs.commit_sha }}).
           ⚠️ **Note:** Some issues may require manual review and fixing.
 
     - name: Create patch
