fix(settings): use literal branch name v0 instead of glob v?#344
Merged
marcusrbrown merged 1 commit intomainfrom Mar 21, 2026
Merged
fix(settings): use literal branch name v0 instead of glob v?#344marcusrbrown merged 1 commit intomainfrom
marcusrbrown merged 1 commit intomainfrom
Conversation
The update-repository-settings action passes branch names directly to the GitHub API, which requires literal names. The glob pattern v? was treated as a literal branch name, causing a 'Branch not found' error.
fro-bot
approved these changes
Mar 21, 2026
Owner
fro-bot
left a comment
fro-bot
left a comment
There was a problem hiding this comment.
Review Summary
This is a correct and well-targeted fix.
Change Verified
- Before:
v?— a glob pattern that GitHub API cannot resolve as a branch name - After:
v0— a literal branch name that exists in this repository - Root cause: The update-repo-settings action passes branch names directly to the GitHub API, which does not support glob patterns
Validation
| Check | Status |
|---|---|
Branch v0 exists |
✅ Verified |
| CI checks | ✅ All passing |
| Merge conflicts | ✅ None |
| Change scope | ✅ Single file, 1 line |
Assessment
The fix is minimal, targeted, and correctly identifies the root cause. GitHub'sBranch Protection API requires literal branch names — glob patterns like v? are not resolved server-side.
Recommendation: Approve and merge.
Run Summary
| Field | Value |
|---|---|
| Event | pull_request |
| Repository | fro-bot/agent |
| Run ID | 23368715735 |
| Cache | hit |
| Session | ses_2f1c00000ffe7pFRgdU51FunvV |
marcusrbrown
pushed a commit
that referenced
this pull request
Mar 22, 2026
* ci(deps): update bfra-me/.github to v4.13.1 (#330) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * fix(settings): remove users/teams from bypass_pull_request_allowances (#338) GitHub API rejects users and teams restrictions on user-owned repos (only org repos support them). Removing the empty arrays from all three branch protection blocks fixes the update-repo-settings error. * fix(settings): drop bypass_pull_request_allowances entirely (#343) The update-repository-settings action deep-merges config over the current GitHub state. Even with users/teams removed from YAML, the action reads them from the existing protection and sends them back. GitHub rejects users/teams on user-owned repos (bfra-me/.github#1837). Workaround: remove bypass_pull_request_allowances from all branches. Manage fro-bot app bypass via GitHub UI until upstream is fixed. * fix(settings): use literal branch name v0 instead of glob v? (#344) fix(settings): use literal branch name v0 instead of glob pattern v? The update-repository-settings action passes branch names directly to the GitHub API, which requires literal names. The glob pattern v? was treated as a literal branch name, causing a 'Branch not found' error. * build(deps): update dependency oh-my-openagent to v3.12.0 (#342) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * build(dev): update dependency tsdown to v0.21.3 (#332) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * ci(deps): update github/codeql-action action to v4.34.1 (#341) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * fix(settings): update action to v4.13.4 and restore bypass_pull_request_allowances (#345) bfra-me/.github#1837 was fixed in update-repository-settings@0.1.3 (shipped in v4.13.4). The action now strips users/teams from bypass_pull_request_allowances on user-owned repos before sending to the API. Restores bypass config: - main: apps: [] (no bypass — OpenSSF Scorecard compliance) - v0: apps: [fro-bot] (release workflow bypass) - release: apps: [fro-bot] (release workflow bypass) * chore(dev): update dependency lint-staged to v16.4.0 (#328) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * feat: add execution deduplication to prevent redundant agent runs (#347) * feat: add execution deduplication to prevent redundant agent runs Skip agent execution when it already ran for the same PR or issue within a configurable window (default 10 minutes). Uses @actions/cache sentinel files scoped per entity to track recent completions. New dedup phase runs between routing and acknowledge. Configurable via dedup-window action input (milliseconds, 0 = disabled). Fail-open design: cache miss or error always proceeds. Tolerates ±60s clock skew between runners. 1024 tests, 0 lint errors, 0 type errors. * fix: move dedup sentinel dir from /tmp to ~/.cache to satisfy CodeQL CodeQL flagged insecure temp file creation in /tmp (predictable path). Move sentinel base dir to os.homedir()/.cache/fro-bot-dedup/ which is deterministic across runs but not under the OS temp directory. * build(deps): update dependency oh-my-openagent to v3.12.3 (#346) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * ci(deps): update bfra-me/.github to v4.13.5 (#340) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> --------- Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com>
marcusrbrown
pushed a commit
that referenced
this pull request
Mar 22, 2026
* ci(deps): update bfra-me/.github to v4.13.1 (#330) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * fix(settings): remove users/teams from bypass_pull_request_allowances (#338) GitHub API rejects users and teams restrictions on user-owned repos (only org repos support them). Removing the empty arrays from all three branch protection blocks fixes the update-repo-settings error. * fix(settings): drop bypass_pull_request_allowances entirely (#343) The update-repository-settings action deep-merges config over the current GitHub state. Even with users/teams removed from YAML, the action reads them from the existing protection and sends them back. GitHub rejects users/teams on user-owned repos (bfra-me/.github#1837). Workaround: remove bypass_pull_request_allowances from all branches. Manage fro-bot app bypass via GitHub UI until upstream is fixed. * fix(settings): use literal branch name v0 instead of glob v? (#344) fix(settings): use literal branch name v0 instead of glob pattern v? The update-repository-settings action passes branch names directly to the GitHub API, which requires literal names. The glob pattern v? was treated as a literal branch name, causing a 'Branch not found' error. * build(deps): update dependency oh-my-openagent to v3.12.0 (#342) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * build(dev): update dependency tsdown to v0.21.3 (#332) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * ci(deps): update github/codeql-action action to v4.34.1 (#341) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * fix(settings): update action to v4.13.4 and restore bypass_pull_request_allowances (#345) bfra-me/.github#1837 was fixed in update-repository-settings@0.1.3 (shipped in v4.13.4). The action now strips users/teams from bypass_pull_request_allowances on user-owned repos before sending to the API. Restores bypass config: - main: apps: [] (no bypass — OpenSSF Scorecard compliance) - v0: apps: [fro-bot] (release workflow bypass) - release: apps: [fro-bot] (release workflow bypass) * chore(dev): update dependency lint-staged to v16.4.0 (#328) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * feat: add execution deduplication to prevent redundant agent runs (#347) * feat: add execution deduplication to prevent redundant agent runs Skip agent execution when it already ran for the same PR or issue within a configurable window (default 10 minutes). Uses @actions/cache sentinel files scoped per entity to track recent completions. New dedup phase runs between routing and acknowledge. Configurable via dedup-window action input (milliseconds, 0 = disabled). Fail-open design: cache miss or error always proceeds. Tolerates ±60s clock skew between runners. 1024 tests, 0 lint errors, 0 type errors. * fix: move dedup sentinel dir from /tmp to ~/.cache to satisfy CodeQL CodeQL flagged insecure temp file creation in /tmp (predictable path). Move sentinel base dir to os.homedir()/.cache/fro-bot-dedup/ which is deterministic across runs but not under the OS temp directory. * build(deps): update dependency oh-my-openagent to v3.12.3 (#346) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * ci(deps): update bfra-me/.github to v4.13.5 (#340) Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> * fix(settings): remove bypass_pull_request_allowances for user-owned repo (#349) The update-repo-settings workflow fails with: 'Only organization repositories can have users and team restrictions' This repo is user-owned (fro-bot), not organization-owned. The bypass_pull_request_allowances field is only valid for org repos. Reverts the settings restoration from #345 which broke the workflow. Closes: #348 (related to workflow fix) --------- Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com> Co-authored-by: Fro Bot <80104189+fro-bot@users.noreply.github.com>
This was referenced Mar 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The action passes branch names directly to the GitHub API — globs aren't supported. Fixes
Branch not founderror forv?in update-repo-settings.