fix(apply-repo-settings): surface full API error body on failures#35
Merged
Conversation
…Integration bypass actors Two related fixes for ruleset apply failures: 1. Use curl in api() to surface full error body on non-2xx responses. Previously, `gh api` on a 422 only emitted "gh: Validation Failed (HTTP 422)" to stderr — the JSON field-level detail was discarded. Now the full response body is printed via `::error::` so CI logs show exactly what GitHub rejected. 2. Substitute actor_id -1 placeholder with real AUTOMATION_GITHUB_APP_ID for Integration bypass actors. GitHub Rulesets API requires actor_id to be the App ID (integer), not the installation ID. The App ID is passed via APP_ID env var (sourced from inputs.app-id / AUTOMATION_GITHUB_APP_ID secret) and substituted with jq before each API call. If APP_ID is unset, placeholder Integration actors are dropped with a warning (graceful degradation). https://claude.ai/code/session_01XUJx6sKWxyKyoWdxNEsET1
nsheaps
force-pushed
the
claude/practical-shannon-a2n2d
branch
from
713aa66 to
9f972e1
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
gh apiwithcurlinapi()to capture full HTTP response body on non-2xx responses — previouslygh apidiscarded the JSON validation detail on 422s, leaving only "Validation Failed" in the logsactor_id: -1placeholder for Integration bypass actors: the action now readsAPP_IDfrom env (sourced frominputs.app-id/AUTOMATION_GITHUB_APP_IDsecret) and replaces-1with the real GitHub App ID via jq before each API callAPP_IDis unset, Integration bypass actors withactor_id == -1are dropped with a warning (graceful degradation)Why
GitHub Rulesets API requires
actor_idforactor_type: Integrationto be the GitHub App ID (integer), not the installation ID. The App ID lives in 1Password atop://heapsinfra/github--app--automation/AUTOMATION_GITHUB_APP_IDand is synced to CI via the secret sync workflow — but can't be embedded statically in YAML across repos, hence the runtime substitution pattern.Test plan
apply-repo-settingson a repo with Integration bypass actors configured (actor_id: -1) and confirm no HTTP 422 and correct actor_id in the resulting rulesethttps://claude.ai/code/session_01XUJx6sKWxyKyoWdxNEsET1