Skip to content

GHA-187 Add Action to create a PR to replace 3rd-party action#94

Merged
nils-werner-sonarsource merged 2 commits intomasterfrom
nw/new-pr-creation-action
Feb 20, 2026
Merged

GHA-187 Add Action to create a PR to replace 3rd-party action#94
nils-werner-sonarsource merged 2 commits intomasterfrom
nw/new-pr-creation-action

Conversation

@nils-werner-sonarsource
Copy link
Contributor

@nils-werner-sonarsource nils-werner-sonarsource commented Feb 19, 2026
edited
Loading

Replace dependency on peter-evans/create-pull-request with an in-house composite action that uses the gh CLI. The action supports vault-based token resolution with fallback to input token, all common PR options (labels, reviewers, assignees, milestones, draft), and creates or updates PRs as needed.

Showcase:

@nils-werner-sonarsource @claude
Add create-pull-request composite action using gh CLI
2f2797f 
Replace dependency on peter-evans/create-pull-request with an in-house
composite action that uses the gh CLI. The action supports vault-based
token resolution with fallback to input token, all common PR options
(labels, reviewers, assignees, milestones, draft), and creates or
updates PRs as needed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod bot changed the title Add create-pull-request composite action using gh CLI GHA-187 Add create-pull-request composite action using gh CLI Feb 19, 2026
@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Feb 19, 2026
edited by atlassian bot
Loading

GHA-187

@nils-werner-sonarsource @claude
Fix expression parsing error in test workflow
1575904 
Move the input interpolation pattern to an env var to avoid GitHub
Actions trying to parse the literal ${{ sequence in run blocks.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 19, 2026

SonarQube reviewer guide

Review in SonarQube

Summary: Add a new composite GitHub Action for creating or updating pull requests with vault-based token resolution, including comprehensive test coverage and documentation.

Review Focus:

  • Token resolution logic in action.yml (steps: resolve-token, secrets) - ensures vault token fallback works correctly
  • Git operations and branch management (stage-commit-push step) - verify --force-with-lease safety and no-changes handling
  • PR creation vs. update logic - check existing PR detection and field updates are correct
  • Schema validation tests - ensure all required inputs/outputs are properly defined

Start review at: create-pull-request/action.yml. This is the core implementation file containing all the action logic. Understanding the token resolution strategy, git workflow, and PR lifecycle (create vs. update vs. no-op) is essential before reviewing the test workflow or documentation.

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nils-werner-sonarsource nils-werner-sonarsource changed the title GHA-187 Add create-pull-request composite action using gh CLI GHA-187 Add Action to create a PR to replace 3rd-party action Feb 19, 2026
@nils-werner-sonarsource nils-werner-sonarsource merged commit 00d1860 into master Feb 20, 2026
10 checks passed
@nils-werner-sonarsource nils-werner-sonarsource deleted the nw/new-pr-creation-action branch February 20, 2026 08:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yasen-pavlov-sonarsource yasen-pavlov-sonarsource yasen-pavlov-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nils-werner-sonarsource @yasen-pavlov-sonarsource