From ade17cfd058c67a2bbf3380b587897907612abf1 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Thu, 4 Jun 2026 23:38:19 +0200 Subject: [PATCH] ci: auto-merge windows definition PRs reliably --- .github/workflows/chack-agent-pr-triage.yml | 41 +++++++++++++++---- .../update_windows_version_definitions.yml | 12 ++++++ 2 files changed, 46 insertions(+), 7 deletions(-) diff --git a/.github/workflows/chack-agent-pr-triage.yml b/.github/workflows/chack-agent-pr-triage.yml index 197757d..7e27c31 100644 --- a/.github/workflows/chack-agent-pr-triage.yml +++ b/.github/workflows/chack-agent-pr-triage.yml @@ -49,7 +49,6 @@ jobs: if [ "$pr_title" != "$title" ] || [ "$base_ref" != "master" ] || [ "$head_ref" != "$branch" ] || - [ "$author" != "app/github-actions" ] || [ "$is_cross_repository" != "false" ] || [ "$file_count" != "1" ] || [ "$files" != "$expected_file" ]; then @@ -58,6 +57,24 @@ jobs: exit 0 fi + if [ "$author" != "app/github-actions" ] && + [ "$author" != "github-actions" ] && + [ "$author" != "github-actions[bot]" ]; then + echo "PR #$pr_number is from unexpected author $author; skipping." + echo "should_merge=false" >> "$GITHUB_OUTPUT" + exit 0 + fi + + for attempt in {1..12}; do + if [ "$merge_state" = "CLEAN" ] || [ "$merge_state" = "HAS_HOOKS" ]; then + break + fi + + echo "PR #$pr_number mergeStateStatus=$merge_state; waiting for GitHub to finish evaluating mergeability ($attempt/12)." + sleep 10 + merge_state="$(gh pr view "$pr_number" --json mergeStateStatus --jq .mergeStateStatus)" + done + if [ "$merge_state" != "CLEAN" ] && [ "$merge_state" != "HAS_HOOKS" ]; then echo "Refusing to merge PR #$pr_number because mergeStateStatus=$merge_state" echo "should_merge=false" >> "$GITHUB_OUTPUT" @@ -75,12 +92,22 @@ jobs: PR_NUMBER: ${{ steps.bot_pr.outputs.pr_number }} COMMIT_TITLE: ${{ steps.bot_pr.outputs.title }} run: | - gh api \ - -X PUT \ - -H "Accept: application/vnd.github+json" \ - "/repos/${{ github.repository }}/pulls/${PR_NUMBER}/merge" \ - -f merge_method=squash \ - -f commit_title="$COMMIT_TITLE" + for attempt in {1..6}; do + if gh api \ + -X PUT \ + -H "Accept: application/vnd.github+json" \ + "/repos/${{ github.repository }}/pulls/${PR_NUMBER}/merge" \ + -f merge_method=squash \ + -f commit_title="$COMMIT_TITLE"; then + exit 0 + fi + + echo "Merge attempt $attempt failed for PR #$PR_NUMBER; retrying." + sleep 10 + done + + echo "Failed to merge trusted windows definitions bot PR #$PR_NUMBER after retries." + exit 1 chack_agent_triage: if: ${{ github.event.workflow_run.conclusion == 'success' }} diff --git a/.github/workflows/update_windows_version_definitions.yml b/.github/workflows/update_windows_version_definitions.yml index f875bf4..d174838 100644 --- a/.github/workflows/update_windows_version_definitions.yml +++ b/.github/workflows/update_windows_version_definitions.yml @@ -68,4 +68,16 @@ jobs: --body "Automated update of \`build_lists/windows_version_exploits.json\`. The generated JSON passed \`build_lists/validate_windows_version_defs.py\` before this PR was updated." fi + pr_number="$(gh pr list --state open --head "$branch" --base master --json number --jq '.[0].number')" + if [ -z "$pr_number" ]; then + echo "Could not resolve the generated pull request after creating/updating it." + exit 1 + fi + gh workflow run PR-tests.yml --ref "$branch" + + if gh pr merge "$pr_number" --squash --auto --subject "$title"; then + echo "Auto-merge enabled for PR #$pr_number." + else + echo "Could not enable GitHub auto-merge for PR #$pr_number; the PR-tests workflow_run merge job will still merge it after tests pass." + fi