Pin opencode and don't let Bonk push to PRs#6359
Conversation
Bonk (our AI PR reviewer) was committing auto-generated .opencode/package.json changes to PR branches, causing merge conflicts across PRs. Root cause: opencode regenerates package.json at startup with the plugin version matching its CLI version, and in CI the auto-generated .opencode/.gitignore doesn't exist in the checkout, so git sees the file as dirty. Three fixes: 1. Pin opencode_version to 1.2.27 in all three Bonk workflows. This prevents version drift that would modify package.json, and avoids the partially- published-release breakage from ask-bonk/ask-bonk#143. 2. Add .opencode/package.json, bun.lock, and .gitignore to the root .gitignore. These are runtime artifacts auto-generated by opencode. The root .gitignore is committed (unlike the auto-generated .opencode/.gitignore), so the rules work in CI checkouts too. 3. Add token_permissions: NO_PUSH to the auto-reviewer workflow. The reviewer prompt already forbids git write ops; this enforces it at the token level. Also git rm --cached .opencode/package.json to stop tracking it. Co-Authored-By: Claude <noreply@anthropic.com>
harrishancock
force-pushed
the
harris/2026-03-19-bonk-no-push
branch
from
5709c2e to
7441b36
Compare
![ask-bonk[bot]](https://avatars.githubusercontent.com/in/2454580?s=60&v=4){kind=small}
There was a problem hiding this comment.
I'm Bonk, and I've done a quick review of your PR.
This PR pins the opencode version in Bonk workflows, removes the committed .opencode/package.json, gitignores opencode-generated files, restricts the reviewer workflow to NO_PUSH, and adds an automated version updater.
- [LOW]
update_opencode_version.pycallssys.exit(1)on npm fetch failure, which will fail the entiredeps-updater.ymlworkflow step and prevent the dependency update PR from being created if npm happens to be unreachable during the weekly cron run. Consider addingcontinue-on-error: trueto that step so a transient npm outage doesn't block the more important dependency updates.
This review was generated by an AI assistant and may contain mistakes.
|
Review posted successfully. Here's a summary of my review: One low-severity finding: The The rest of the PR looks clean -- the version pinning, |
New script tools/update_opencode_version.py fetches the latest opencode-ai version from npm and updates the opencode_version field in all Bonk workflow files. Integrated into the weekly deps-updater workflow and available as `just update-opencode` for manual use. If a new opencode release has a missing @opencode-ai/plugin package (the issue from ask-bonk/ask-bonk#143), the Bonk CI jobs will fail and the deps-update PR simply won't be merged. Co-Authored-By: Claude <noreply@anthropic.com>
harrishancock
force-pushed
the
harris/2026-03-19-bonk-no-push
branch
from
65c7c21 to
c72ad8d
Compare
|
Force-pushed to squash Bonk's suggestion into my commit, and re-added the tools/update_opencode_version.py script that I accidentally dropped in an earlier rebase. |
3 participants
Bonk keeps pushing .opencode/package.json updates to our PR branches, and it's getting frustrating. For example:
This PR is an attempt to fix the situation by:
opencode_versionfeature introduced in Add OpenCode version pinning support ask-bonk/ask-bonk#144.token_permissionstoNO_PUSH, which should prevent it from being able to push, even if it does see a dirty state.