Skip to content

chore(ci): use GraphQL createCommitOnBranch for signed commits#285

Closed
guglez wants to merge 4 commits into
mainfrom
feat/auto-deploy-devnet
Closed

chore(ci): use GraphQL createCommitOnBranch for signed commits#285
guglez wants to merge 4 commits into
mainfrom
feat/auto-deploy-devnet

Conversation

@guglez
Copy link
Copy Markdown
Contributor

@guglez guglez commented May 27, 2026

Summary

Replaces git commit + git push with the GitHub GraphQL createCommitOnBranch mutation.

Why: The required_signatures ruleset on ChainSafe/infra-kubernetes requires all commits on main to be signed. Commits created via git push from CI are unsigned and block auto-merge. Commits created via the GitHub GraphQL API are automatically signed by GitHub and show as Verified — no bypass actor or GPG key needed.

Changes in open-devnet-pr job:

  • Fetch raw file content via Accept: application/vnd.github.raw (no base64 decode)
  • Idempotency check now compares the branch (not main) to avoid re-committing on reruns
  • Branch creation via REST API, commit via GraphQL createCommitOnBranch
  • git commit / git push / git config blocks removed entirely

Refs ChainSafe/infrastructure-general#1246

🤖 Generated with Claude Code

guglez and others added 4 commits May 22, 2026 18:12
@guglez @claude
feat: auto-open devnet PR in infra-kubernetes on release tag
aecd67f 
After a successful Docker build on a v* tag, open a PR in
ChainSafe/infra-kubernetes bumping canton-middleware-api image tag
for validator-dev1.

Refs ChainSafe/infrastructure-general#1246

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@guglez @claude
fix(ci): use plain push instead of force-with-lease for new branch
d2b48a9 
force-with-lease on a freshly-created local branch with no upstream
tracking ref is unreliable — use plain git push -u origin instead.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@guglez @claude
feat(ci): enable auto-merge on devnet deploy PR
03f77d5 
- Enable allow_auto_merge on infra-kubernetes repo
- Add gh pr merge --auto --squash after PR creation
- Split pr create and pr merge to avoid masking merge failures

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@guglez @claude
feat(ci): use GraphQL createCommitOnBranch for signed commits
84f16cb 
Replace git commit+push with GitHub GraphQL API to produce
Verified/signed commits — satisfies required_signatures ruleset
in infra-kubernetes without needing a bypass actor.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented May 27, 2026

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@guglez guglez enabled auto-merge (squash) May 27, 2026 17:16
@dhyaniarun1993 dhyaniarun1993 changed the title feat(ci): use GraphQL createCommitOnBranch for signed commits chore(ci): use GraphQL createCommitOnBranch for signed commits May 27, 2026
@guglez guglez requested a review from sadiq1971 May 27, 2026 17:23
dhyaniarun1993
dhyaniarun1993 reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@dhyaniarun1993 dhyaniarun1993 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix the merge conflict.

@guglez guglez mentioned this pull request May 27, 2026
Merged
@guglez guglez closed this May 27, 2026
auto-merge was automatically disabled May 27, 2026 17:34

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dhyaniarun1993 dhyaniarun1993 dhyaniarun1993 left review comments

@sadiq1971 sadiq1971 Awaiting requested review from sadiq1971

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@guglez @dhyaniarun1993