Skip to content

ci: automate pre-commit autofix application for renovate bot PRs#276

Merged
l50 merged 1 commit into
mainfrom
ci/pre-commit-autofix-bot-prs
May 10, 2026
Merged

ci: automate pre-commit autofix application for renovate bot PRs#276
l50 merged 1 commit into
mainfrom
ci/pre-commit-autofix-bot-prs

Conversation

@l50
Copy link
Copy Markdown
Contributor

@l50 l50 commented May 10, 2026

Key Changes:

  • Added an autocommit job to automatically apply pre-commit autofixes to Renovate bot PRs
  • Enhanced the pre-commit job to capture and upload autofix patches when pre-commit fails and fixes are available
  • Improved artifact handling and job outputs to support the new automation flow

Added:

  • Automated autofix workflow - Introduced an autocommit job in pre-commit.yaml that detects when a Renovate bot PR fails pre-commit checks, downloads the autofix patch, and pushes the fixes back to the PR using a GitHub App token
  • Patch artifact management - Implemented steps to upload the autofix patch as an artifact and download it in the new job for application

Changed:

  • Pre-commit job logic - Modified pre-commit job to output a has-fixes flag and capture autofix patches when available
  • Checkout step configuration - Updated checkout steps to use the correct PR ref and to disable credential persistence for increased security
  • Documentation in CODEOWNERS - Clarified the rationale for strict review requirements on workflow and CI configuration files

@l50
ci: enhance pre-commit workflow with autofix patch and bot auto-commit
8697cfd 
**Added:**

- Implemented logic to capture and upload pre-commit autofix patches when pre-commit fails and makes changes
- Added new job to automatically apply and commit autofixes to PRs from the Renovate bot, using GitHub App authentication

**Changed:**

- Updated checkout step to use PR head ref and disable credential persistence in pre-commit workflow for more secure and accurate checkouts
- Documented in CODEOWNERS why workflow and CI config changes require maintainer review, clarifying the security rationale behind the existing rules
@dreadnode-renovate-bot dreadnode-renovate-bot Bot added the area/github Changes made to GitHub Actions workflows label May 10, 2026
@l50 l50 merged commit 837b46e into main May 10, 2026
6 checks passed
@l50 l50 deleted the ci/pre-commit-autofix-bot-prs branch May 10, 2026 20:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/github Changes made to GitHub Actions workflows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@l50