create rewrite-patches workflow

[EvilOlaf]

Rewriting kernel or uboot patches can take a lot of time. The reason is that this task heavily depends on single core performance as it cannot be executed in parallel across multiple cores.
For example our strongest CI server with 88C/176T manages to rewrite around one patch per second. Do the math for the Allwinner patchset.

This workflow is intended to run only on systems with fast single core performance, like the Intel 285H or better. It may not sound much but it manages to do around 2 patches per second which is a relieve already.
The target box sits on my desk atm. Let's just hope this doesn't become a (noise) issue :D

The workflow code is probably pretty messy, heavily influenced by AI, but it works:

• executed from GH webinterface
• clone flat build repo or force pull if existing already
• grab shallow kernel tree
• do the rewrite of either uboot or kernel patches, depending on user choice
• create a PR from diff
• • Example: [edge] kernel patches rewrite for odroidn2 EvilOlaf/build#28

Possible problems/concerns/weird thinking:

• if a PR/branch with the requested combination already exists, it will probably fail. Means one has to do proper cleanup afterwards (either merge or close the pr and then delete the branch).
• I'm actually not a fan to have development branches in the main repo if such things could be done in one's own forks. But since this can be classified as maintenance task I think it'll be fine. Again, depends on proper cleanup. Whoever uses it is responsible.
• Also means when bumping kernel versions a rewrite cannot be included in the PR directly but again, doing the rewrite is maintenance and optional as a patch can work with fuzz.

setup:

• A new runner group rewrite needs to be created and one or two runners added on the machine.
• Permissions need further adjustments to restrict usage to board maintainers

@rpardini This is what I mean when I said I may have a solution for that :)

Summary by CodeRabbit

• Chores
  • Added an automated maintenance workflow that clones or updates a target repository, runs rewrite logic, detects changes, generates per-file and summary statistics, and automatically creates or updates a pull request only when modifications exist. Ensures safe temporary file handling, robust clone/update behavior, conditional PR creation, cleanup, and error-safe operation.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new GitHub Actions workflow .github/workflows/maintenance-rewrite-kernel-patches.yml that clones/updates a target repo, runs a compile script to rewrite kernel patches, detects git changes and per-file stats, writes a PR body, and conditionally creates or updates a pull request.

Changes

Cohort / File(s)

Summary

GitHub Actions Workflow \.github/workflows/maintenance-rewrite-kernel-patches.yml

New workflow "Maintenance: Rewrite patches". Adds inputs (board, branch, whattodo), clones or updates the target repo, runs ./compile.sh with BOARD, BRANCH, WHATTODO, KERNEL_GIT=shallow, checks git diff and git diff --numstat, writes PR body to a temp file (pr_body_path), and conditionally creates/updates a PR using peter-evans/create-pull-request@v8. Includes safe temp-file handling, cleanup, and set -euo pipefail in parsing steps.

Sequence Diagram(s)

sequenceDiagram
    participant Runner as Workflow Runner
    participant Repo as Target Repo
    participant Script as ./compile.sh
    participant Git as Git CLI
    participant PRAction as create-pull-request Action
    participant GH as GitHub API

    Runner->>Repo: clone or fetch & reset branch
    Runner->>Script: run ./compile.sh (BOARD, BRANCH, WHATTODO, KERNEL_GIT=shallow)
    Script->>Repo: rewrite patch files
    Runner->>Git: git diff & git diff --numstat (detect changes, build stats)
    alt changes detected
        Runner->>PRAction: provide branch, title, pr_body_path, label
        PRAction->>GH: create or update pull request
        GH-->>PRAction: PR response
    else no changes
        note right of Runner: set has_changes=false, skip PR creation
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐇 I nibbled lines and smoothed each patch,

curled up diffs into a tidy batch,
I hopped through branches, left a trail so neat,
a PR blooms where rewritten patches meet,
onward I bound, with tiny coder feet.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'create rewrite-patches workflow' directly describes the main change: adding a new GitHub Actions workflow for patch rewriting.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.github/workflows/maintenance-rewrite-kernel-patches.yml:
- Around line 49-53: The git clone block performs a shallow clone without a
branch, so git checkout "$REF_NAME" can fail for non-default branches; update
the logic around the git clone/checkout to ensure the requested REF_NAME is
fetched and present: prefer cloning with the branch flag (use git clone -b
"$REF_NAME" --single-branch --depth 1 --filter=blob:none ...) so the branch
exists locally, and as a fallback after the existing git clone command, run a
fetch like git fetch origin "$REF_NAME":"$REF_NAME" or git fetch origin
"$REF_NAME" && git checkout -t origin/"$REF_NAME" to create and check out the
ref if the initial clone didn’t include it (ensure all references to REF_NAME in
the script are used accordingly).
- Around line 63-73: The notice messages in the "Check for changes" step (id:
check_changes) are hardcoded to "rewrite-kernel-patches"; update both ::notice::
echo lines to interpolate the workflow input that indicates the action (the
whattodo input used elsewhere) instead of the literal string so they reflect the
actual operation performed (e.g., replace "rewrite-kernel-patches" with the
whattodo value used elsewhere in the workflow such as ${{ inputs.whattodo }} or
the shell variable you already set for that input).

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/maintenance-rewrite-kernel-patches.yml:
- Around line 111-124: Sanitize the free-form inputs.board before using it in
the create_pr step's branch name to avoid invalid git refs: add a prior step
(e.g., id: sanitize_board) that normalizes inputs.board (lowercase, trim,
replace/strip characters illegal in refs such as space, .., ~, ^, :, \, *, //,
and collapse to single hyphens, remove leading/trailing dots or hyphens) and
expose it as an output (e.g., sanitized_board), then change the
create-pull-request branch from rewrite-patches/${{ inputs.board }}-${{
inputs.branch }} to rewrite-patches/${{
steps.sanitize_board.outputs.sanitized_board }}-${{ inputs.branch }} so the
create_pr step always receives a git-safe branch name.

🧹 Nitpick comments (3)

.github/workflows/maintenance-rewrite-kernel-patches.yml (3)

34-34: Custom runner label rewrite triggers an actionlint warning.

Since this is an intentional self-hosted runner group per the PR description, consider adding an .github/actionlint.yaml config to suppress the lint error for this label.

Example config

Create .github/actionlint.yaml:

self-hosted-runner:
  labels:
    - rewrite

---

50-53: Redundant git checkout after clone -b.

git clone -b "$REF_NAME" already checks out the specified branch, so the subsequent git checkout "$REF_NAME" on line 52 is a no-op.

Proposed fix

          else
            # No repo: clone it
            git clone --depth 1 --filter=blob:none -b "$REF_NAME" "https://github.com/${REPO}" .
-           git checkout "$REF_NAME"
          fi

---

55-61: No input sanitization on the free-form board input.

inputs.board is a free-form string passed directly to compile.sh. While only users with repo write access can trigger workflow_dispatch, a typo or unusual characters could produce confusing downstream failures. Consider a lightweight regex validation early in the job (e.g., [[ "$BOARD" =~ ^[a-zA-Z0-9_-]+$ ]]) to fail fast with a clear error message.

Proposed addition — new step before "Run"

      - name: Validate inputs
        env:
          BOARD: ${{ inputs.board }}
        run: |
          if [[ ! "$BOARD" =~ ^[a-zA-Z0-9_-]+$ ]]; then
            echo "::error::Invalid board name '${BOARD}'. Only alphanumeric characters, hyphens, and underscores are allowed."
            exit 1
          fi

[rpardini]

Cool stuff. This made me realize, that maybe we could piggyback on the .config rewrite job - that one already finds all the kernels, pulls the shallow tree, does a .config rewrite -- adding the .patch rewrite can't be too hard...?

[EvilOlaf]

Some families or certain branches may not appreciated being rewritten (6.12 allwinner ...) so my idea was to have it manually for now.

[rpardini]

Indeed. Also this one complements for nice one-off's...

[github-actions]

✅ This PR has been reviewed and approved — all set for merge!