Skip to content

feat(cloud-agent): add createSignedCommit for GitHub-signed commits#2282

Merged
tatoalo merged 2 commits into
mainfrom
feat/cloud-agent/signed-commit-git
May 21, 2026
Merged

feat(cloud-agent): add createSignedCommit for GitHub-signed commits#2282
tatoalo merged 2 commits into
mainfrom
feat/cloud-agent/signed-commit-git

Conversation

@tatoalo
Copy link
Copy Markdown
Contributor

@tatoalo tatoalo commented May 21, 2026
edited
Loading

Problem

Cloud-agent commits must be GitHub-signed ("Verified")

signed_commit

Changes

  • adds createSignedCommit to @posthog/git. It sends staged changes through GH's createCommitOnBranch GraphQL mutation
  • payload chunking for large diffs (the mutation has a request-size limit)
  • shared mapWithConcurrency helper
  • execGh stdin (input) support so the GraphQL payload is piped instead of passed via argv
  • exports buildPostHogTrailers for the Generated-By / Task-Id trailers

@tatoalo Graphite App
Copy link
Copy Markdown
Contributor Author

tatoalo commented May 21, 2026
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@tatoalo tatoalo mentioned this pull request May 21, 2026
Merged
@tatoalo tatoalo force-pushed the feat/cloud-agent/signed-commit-git branch from 75ff8ae to 59c67ab Compare May 21, 2026 12:33
@tatoalo tatoalo changed the title feat(git): add createSignedCommit for GitHub-signed commits feat(cloud-agent): add createSignedCommit for GitHub-signed commits May 21, 2026
@tatoalo tatoalo self-assigned this May 21, 2026
@tatoalo tatoalo marked this pull request as ready for review May 21, 2026 12:35
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 21, 2026

Prompt To Fix All With AI 
Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 2
packages/git/src/signed-commit.ts:140-158
**Base-branch guard bypassed when `branch` is explicitly provided**

When the caller explicitly passes `input.branch` (e.g. `branch: "main"`), `resolveBranchName` returns early on line 144 before the `baseBranch` comparison is ever reached. A call like `createSignedCommit(ctx, { message: "...", branch: "main" })` will happily commit directly to the protected base branch even when `ctx.baseBranch === "main"`. The guard only fires for the implicit "use HEAD" path.

### Issue 2 of 2
packages/git/src/signed-commit.test.ts:1-57
**Prefer parameterised tests**

The four `chunkFileChanges` cases (deletions-only, single chunk, multi-chunk split, oversized file) share the same function under test and could be expressed with `it.each`, which is the team's preferred style. The split test also doesn't assert `chunks[2].deletions`, leaving an unverified element — a gap that a table-driven test covering all chunks uniformly would naturally close.

Reviews (1): Last reviewed commit: "feat(cloud-agent): add createSignedCommi..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 21, 2026
View reviewed changes
Comment thread packages/git/src/signed-commit.ts
Comment thread packages/git/src/signed-commit.test.ts
@tatoalo tatoalo force-pushed the feat/cloud-agent/signed-commit-git branch 4 times, most recently from ed1b37b to c34db07 Compare May 21, 2026 13:49
@tatoalo tatoalo requested a review from a team May 21, 2026 13:53
joshsny
joshsny approved these changes May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@joshsny joshsny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this feels very annoying to maintain for the signed commits win, anything easier we can do? if not I guess we go with it

tatoalo added 2 commits May 21, 2026 16:16
@tatoalo
feat(cloud-agent): add createSignedCommit for GitHub-signed commits
002623c 
Send staged changes through GitHub's createCommitOnBranch GraphQL mutation to produce server-signed ("Verified") commits without a local signing key. Adds payload chunking, a shared mapWithConcurrency helper extracted from queries.ts, execGh stdin support, and exports buildPostHogTrailers.
@tatoalo
fix(cloud-agent): add timeout + retry to signed-commit gh calls
ecbb810 
createCommitOnBranch ran a single `gh api graphql` with no timeout, so a
stalled connection (the same condition behind GitHub's HTTP 499) hung the
signed-commit tool indefinitely. execGh now accepts a timeout, and
createCommitOnBranch retries transient failures (499/5xx/timeouts/network)
with exponential backoff while leaving deterministic 4xx errors alone.
@tatoalo tatoalo force-pushed the feat/cloud-agent/signed-commit-git branch from c34db07 to ecbb810 Compare May 21, 2026 15:17
@tatoalo tatoalo merged commit 31db29c into main May 21, 2026
16 checks passed
@tatoalo Graphite App
Copy link
Copy Markdown
Contributor Author

tatoalo commented May 21, 2026

Merge activity

@tatoalo tatoalo deleted the feat/cloud-agent/signed-commit-git branch May 21, 2026 15:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@joshsny joshsny joshsny approved these changes

Assignees

@tatoalo tatoalo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tatoalo @joshsny