deployment: adds workflow which injects a check-box to PR description case of changes in services.rs#12948
Conversation
… case of changes in services.rs
|
This change is |
This stack of pull requests is managed by Graphite. Learn more about stacking. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
| with: | ||
| script: | | ||
| const checkbox = "- [ ] I have synced these changes to **Private Repo Y**"; | ||
| const checked = "- [x] I have synced these changes to **Private Repo Y**"; |
There was a problem hiding this comment.
Placeholder "Private Repo Y" not replaced with actual name
High Severity
The strings "Private Repo Y" throughout this workflow appear to be template placeholders that were never replaced with the actual private repository name. The checkbox text, error messages, and descriptive note all reference this generic name. This will be shown to developers in their PR descriptions and CI failure messages, making it unclear which repository actually needs syncing.
Additional Locations (2)
| types: [opened, synchronize, edited] | ||
| paths: | ||
| - "crates/apollo_deployments/src/service.rs" | ||
| - ".github/workflows/sync_check.yaml" |
There was a problem hiding this comment.
Paths filter ineffective for PR edited events
Medium Severity
The paths filter is not reliably enforced for pull_request edited events. When anyone edits any PR's body or title, the workflow may fire regardless of whether the PR touches service.rs. This can inject the sync checkbox into unrelated PRs and fail their checks unexpectedly.
2 participants
The private repo Y depends on these config changes.
Note
Medium Risk
Adds a GitHub Actions workflow that modifies PR bodies and gates merges via a required checkbox, which can affect developer workflow and relies on
pull-requests: writepermissions.Overview
Adds a new GitHub Actions workflow (
.github/workflows/sync_check.yaml) that triggers on PRs touchingcrates/apollo_deployments/src/service.rs(or the workflow itself) and enforces a cross-repo sync confirmation.The job fetches the latest PR body, appends a “synced to Private Repo Y” checkbox section if missing, and fails the check until the checkbox is marked as checked.
Written by Cursor Bugbot for commit cf077d4. This will update automatically on new commits. Configure here.