fix: open PR instead of pushing direct to satisfy default-branch protection#18
Open
Gumbees wants to merge 1 commit into
Open
fix: open PR instead of pushing direct to satisfy default-branch protection#18Gumbees wants to merge 1 commit into
Gumbees wants to merge 1 commit into
Conversation
…ection The org-level Default Branch Protection ruleset (created 2026-04-29) requires all changes to the default branch to land via PR. The previous `stefanzweifel/git-auto-commit-action@v5` step tried to push the regenerated SBOM/STRUCTURE files directly to `development`, got rejected with GH006, and left the Generate Repo Artifacts workflow red on every run since 2026-04-26. Switch to `peter-evans/create-pull-request@v6`. The workflow now opens a PR titled "chore: regenerate SBOM and STRUCTURE" against the triggering branch. Auto-merge has been enabled on the repo; org admins can approve+merge the PR in one click via the existing OrganizationAdmin bypass entry. Adds `pull-requests: write` to the workflow's permissions. Closes #14.
Gumbees
added
type:problem
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Swap
stefanzweifel/git-auto-commit-action@v5forpeter-evans/create-pull-request@v6in.github/workflows/generate-artifacts.yml. The workflow now opens a PR titledchore: regenerate SBOM and STRUCTUREagainst the triggering branch instead of pushing direct.Why
The org-level Default Branch Protection ruleset (id 15744970, created 2026-04-29) requires all changes to the default branch to come via PR. The previous direct-push step was rejected on every run since 2026-04-26 with:
This left
Generate Repo Artifactsred on five consecutive runs and would bite every other BR repo as the same workflow rolls out fleet-wide.How
peter-evans/create-pull-request@v6opens a PR from a stable feature branch (chore/regenerate-artifacts) withdelete-branch: trueto keep the branch list cleanadd-pathsnarrows the diff to exactlySBOM.mdandSTRUCTURE.mdpull-requests: writein addition tocontents: writegh repo edit --enable-auto-mergechore:prefix; the prior[skip ci]is gone because there's no longer a direct push to skipFriction left
The org ruleset still requires 1 approving review on default-branch PRs. The existing
OrganizationAdminbypass entry withbypass_mode: pull_requestmeans Nate can approve+merge his own PRs in one click, so each regen needs one click. True zero-touch needs a dedicated GitHub App with bypass ... tracked as a follow-up (option C from issue #14).Closes
Related
CLAUDE.md:94("development is the default branch, direct pushes allowed") is now stale doc ... will file a separate docs-drift issue