Skip to content

Add reusable vendored-file sync workflow#84

Draft
Copilot wants to merge 2 commits into
mainfrom
copilot/add-vendored-file-sync-workflow
Draft

Add reusable vendored-file sync workflow#84
Copilot wants to merge 2 commits into
mainfrom
copilot/add-vendored-file-sync-workflow

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 4, 2026
edited
Loading

Repos that vendor shared files currently surface drift as hard lint failures, leaving maintainers to manually run repo-specific refresh scripts. This adds a reusable workflow that separates PR validation from scheduled/manual auto-remediation via maintenance PRs.

  • Reusable workflow

    • Adds .github/workflows/vendored-file-sync.yml.
    • Runs a caller-provided refresh-command.
    • Watches configured newline-delimited paths for resulting diffs.
    • Supports two modes:
      • create-pr: true opens or updates a maintenance PR via actions/open-pr.
      • create-pr: false fails validation when vendored drift is introduced directly.

  • Caller configuration

    • Exposes inputs for branch, base, PR title/body, labels, commit message, draft mode, and signoff.
    • Exposes changed, pr-number, and pr-url outputs.

  • Documentation

    • Updates docs/architecture.md with the validation/remediation split.
    • Adds an example using the same refresher command for both PR lint and scheduled/manual maintenance.

Example caller pattern:

jobs:
  validate:
    if: github.event_name == 'pull_request'
    uses: DevSecNinja/.github/.github/workflows/vendored-file-sync.yml@<sha>
    permissions:
      contents: read
    with:
      refresh-command: bash scripts/update-log-sh.sh
      paths: scripts/lib/
      create-pr: false

  sync:
    if: github.event_name != 'pull_request'
    uses: DevSecNinja/.github/.github/workflows/vendored-file-sync.yml@<sha>
    permissions:
      contents: write
      pull-requests: write
    with:
      refresh-command: bash scripts/update-log-sh.sh
      paths: scripts/lib/
      branch: chore/sync-vendored-log-sh
      pr-title: 'chore: sync vendored log.sh'
      labels: |
        automated
        vendored-file-sync

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • plugins.dprint.dev
    • Triggering command: /home/REDACTED/.npm/_npx/d897e534e3b3f845/node_modules/.bin/dprint dprint check --config config-sync/files/dprint.json docs/architecture.md (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue May 4, 2026 that may be closed by this pull request
feat: add reusable vendored-file sync workflow that opens PRs instead of hard-failing lint #83
Open
@DevSecNinja
feat: add vendored file sync workflow
19ac701 
Agent-Logs-Url: https://github.com/DevSecNinja/.github/sessions/184e112c-a9db-4179-8901-8eb70f705909

Co-authored-by: DevSecNinja <14926452+DevSecNinja@users.noreply.github.com>
Copilot AI changed the title [WIP] Add reusable vendored-file sync workflow that opens PRs instead of hard-failing lint Add reusable vendored-file sync workflow May 4, 2026
Copilot AI requested a review from DevSecNinja May 4, 2026 07:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DevSecNinja DevSecNinja Awaiting requested review from DevSecNinja DevSecNinja is a code owner

Assignees

@DevSecNinja DevSecNinja

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: add reusable vendored-file sync workflow that opens PRs instead of hard-failing lint

2 participants

@DevSecNinja