Skip to content

Weekly Upstream Sync Workflow#2

Open
metal-face (metal-face) wants to merge 2 commits into
masterfrom
feature/sync-upstream-action
Open

Weekly Upstream Sync Workflow#2
metal-face (metal-face) wants to merge 2 commits into
masterfrom
feature/sync-upstream-action

Conversation

@metal-face

@metal-face metal-face (metal-face) commented May 23, 2026
edited
Loading

Copy link
Copy Markdown

Summary

Adds .github/workflows/sync-upstream.yaml, a scheduled job that keeps this fork in sync with juhaku/utoipa while preserving Devolutions-specific commits on master.

How it works

  • Schedule: Mondays at 06:00 UTC, plus on-demand via workflow_dispatch.
  • Strategy: git merge --no-ff upstream/master into a sync/upstream branch built from our master. A merge (not rebase) is used so fork-specific commits are preserved on top via the merge commit, and master's history is never rewritten.
  • Output: opens (or edits in place) a PR sync/upstream → master. Branch protection and existing CI on build.yaml review the change before it lands.
  • No-op fast path: if upstream has no commits we don't already have, the job exits silently.

Conflict handling

If the merge has conflicts the job aborts cleanly — nothing broken is pushed. It instead opens (or comments on an existing) tracking issue titled Upstream sync conflict (<sha>) with copy-paste recovery commands. A human resolves locally, pushes to sync/upstream, and the PR proceeds normally.

Safeguards

  • Won't clobber human work: if a sync PR is open and someone has pushed commits to its branch (e.g. conflict resolution from a previous run), the push step detects it and comments on the PR instead of force-pushing.
  • --force-with-lease on the sync branch push, not raw --force.
  • concurrency: sync-upstream prevents overlapping runs from clashing.
  • if: github.repository == 'Devolutions/utoipa' so forks-of-this-fork don't activate the workflow.

Required setup after merge

  1. Workflow permissions — Settings → Actions → General:
    • "Workflow permissions" = Read and write permissions
    • Check Allow GitHub Actions to create and approve pull requests
  2. SYNC_PAT secret (recommended) — a fine-grained PAT scoped to this repo with contents: write + pull-requests: write + issues: write. Without it the workflow falls back to GITHUB_TOKEN, which works but won't trigger build.yaml on the sync PR (GitHub blocks GITHUB_TOKEN-opened PRs from cascading into other workflows). With SYNC_PAT set, CI runs normally on every sync PR.

@metal-face @claude
ci: add weekly workflow to sync fork with upstream
6d43813 
Adds .github/workflows/sync-upstream.yaml. Every Monday at 06:00 UTC
(and on-demand via workflow_dispatch) the job fetches juhaku/utoipa,
merges upstream/master into a sync/upstream branch with --no-ff so
fork-specific commits are preserved, then opens or updates a PR
against master. Merge conflicts abort cleanly and open/update a
tracking issue with recovery steps instead of pushing broken state.

Safeguards: skips push if a human has pushed conflict-resolution
commits to an open sync PR; gated to Devolutions/utoipa so
forks-of-the-fork don't activate it; falls back to GITHUB_TOKEN if
SYNC_PAT is not configured (note: GITHUB_TOKEN-opened PRs do not
trigger build.yaml — set SYNC_PAT to get CI on sync PRs).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@metal-face metal-face (metal-face) requested a review from a team as a code owner May 23, 2026 08:26
Copilot AI review requested due to automatic review settings May 23, 2026 08:26
@metal-face metal-face (metal-face) added the enhancement New feature or request label May 23, 2026
@metal-face metal-face (metal-face) changed the title ci: weekly upstream sync workflow Weekly Upstream Sync Workflow May 23, 2026
Copilot AI reviewed May 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a scheduled GitHub Actions workflow to keep this fork synced with juhaku/utoipa by periodically merging upstream/master into a dedicated sync/upstream branch and opening/updating a PR back to master, with conflict reporting via a tracking issue.

Changes:

  • Introduces .github/workflows/sync-upstream.yaml scheduled + manual workflow to merge upstream into sync/upstream.
  • Pushes the sync branch (with --force-with-lease) and opens/updates a sync/upstream → master PR via gh.
  • On merge conflicts, aborts and creates/comments on a “Upstream sync conflict (…)” issue with recovery steps.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/sync-upstream.yaml Outdated
Comment thread .github/workflows/sync-upstream.yaml
Comment thread .github/workflows/sync-upstream.yaml
@metal-face @claude
ci: guard against jq 'null' output in sync-upstream workflow
6acca1f 
gh ... --jq '.[0].number' emits the literal string "null" (not an
empty string) when no PRs or issues match, so the existence checks
`[ -n "${VAR}" ]` evaluated true and the next call became
`gh pr edit null` / `gh issue comment null`, which would fail. Add
`// empty` to all three jq expressions so missing values produce no
output and the create-vs-edit branches behave correctly.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@LucFauvel Luc Fauvel (LucFauvel) Awaiting requested review from LucFauvel

At least 1 approving review is required to merge this pull request.

Assignees

@metal-face metal-face (metal-face)

Labels

enhancement New feature or request

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@metal-face