9797 } >> "$GITHUB_OUTPUT"
9898 echo "upstream_count=${UPSTREAM_COUNT}" >> "$GITHUB_OUTPUT"
9999
100+ filter_workflow_updates() {
101+ mapfile -t WORKFLOW_FILES < <(git diff --name-only origin/main -- .github/workflows)
102+ if [ "${#WORKFLOW_FILES[@]}" -eq 0 ]; then
103+ return 0
104+ fi
105+
106+ echo "Detected workflow file changes from upstream; excluding them from automated sync branch."
107+ git checkout origin/main -- .github/workflows
108+ git add .github/workflows
109+ git commit --amend --no-edit
110+
111+ {
112+ echo "filtered_workflow_files<<EOF"
113+ printf '%s\n' "${WORKFLOW_FILES[@]}"
114+ echo "EOF"
115+ } >> "$GITHUB_OUTPUT"
116+ }
117+
100118 if git ls-remote --exit-code --heads origin "${BRANCH}" >/dev/null 2>&1; then
101119 echo "Remote branch ${BRANCH} already exists; skipping branch overwrite."
102120 git fetch --no-tags origin "refs/heads/${BRANCH}:refs/remotes/origin/${BRANCH}"
@@ -124,6 +142,24 @@ jobs:
124142 git checkout -B "${BRANCH}" "origin/main"
125143 if ! git merge --no-ff --no-edit "${TAG_REF}"; then
126144 mapfile -t CONFLICT_FILES < <(git diff --name-only --diff-filter=U)
145+
146+ if [ "${#CONFLICT_FILES[@]}" -eq 1 ] && [ "${CONFLICT_FILES[0]}" = "pnpm-lock.yaml" ]; then
147+ echo "Only pnpm-lock.yaml conflicted; attempting automatic lockfile regeneration."
148+
149+ if corepack enable && corepack pnpm install --lockfile-only --ignore-scripts; then
150+ git add pnpm-lock.yaml
151+ git commit --no-edit
152+ filter_workflow_updates
153+ git push -u origin "${BRANCH}"
154+
155+ echo "needs_sync=true" >> "$GITHUB_OUTPUT"
156+ echo "merge_conflict=false" >> "$GITHUB_OUTPUT"
157+ exit 0
158+ fi
159+
160+ echo "Automatic pnpm lockfile regeneration failed; falling back to manual conflict flow."
161+ fi
162+
127163 git merge --abort || true
128164
129165 # Create a metadata commit so the branch differs from main
@@ -153,6 +189,7 @@ jobs:
153189 exit 0
154190 fi
155191
192+ filter_workflow_updates
156193 git push -u origin "${BRANCH}"
157194
158195 echo "needs_sync=true" >> "$GITHUB_OUTPUT"
@@ -274,6 +311,7 @@ jobs:
274311 BRANCH : ${{ steps.sync.outputs.branch }}
275312 UPSTREAM_LOG : ${{ steps.sync.outputs.upstream_log }}
276313 UPSTREAM_COUNT : ${{ steps.sync.outputs.upstream_count }}
314+ FILTERED_WORKFLOW_FILES : ${{ steps.sync.outputs.filtered_workflow_files }}
277315 with :
278316 script : |
279317 const owner = context.repo.owner;
@@ -283,6 +321,19 @@ jobs:
283321 const releaseUrl = process.env.TAG_URL || `https://github.com/openclaw/openclaw/releases/tag/${process.env.TAG}`;
284322 const upstreamLog = process.env.UPSTREAM_LOG || "(unable to retrieve)";
285323 const upstreamCount = process.env.UPSTREAM_COUNT || "?";
324+ const filteredWorkflowFiles = (process.env.FILTERED_WORKFLOW_FILES || "")
325+ .split("\n")
326+ .map((item) => item.trim())
327+ .filter(Boolean);
328+ const filteredWorkflowSection =
329+ filteredWorkflowFiles.length > 0
330+ ? [
331+ "",
332+ "## Workflow files excluded from this automated sync",
333+ "These files were reset to `main` to avoid GitHub token restrictions on workflow-file updates:",
334+ ...filteredWorkflowFiles.map((file) => `- \`${file}\``),
335+ ]
336+ : [];
286337
287338 const body = [
288339 `Automated sync from upstream stable release \`${process.env.TAG}\`.`,
@@ -293,6 +344,7 @@ jobs:
293344 "```",
294345 upstreamLog,
295346 "```",
347+ ...filteredWorkflowSection,
296348 "",
297349 "---",
298350 "This PR was created by `.github/workflows/upstream-release-sync.yml`.",
0 commit comments