Skip to content

Allow Changeset Generator to write .changeset/ under protected-file enforcement#31151

Merged
pelikhan merged 1 commit into
mainfrom
copilot/fix-changeset-access
May 9, 2026
Merged

Allow Changeset Generator to write .changeset/ under protected-file enforcement#31151
pelikhan merged 1 commit into
mainfrom
copilot/fix-changeset-access

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 9, 2026

Bug Fix

What was the bug?

The Changeset Generator failed when pushing .changeset/*.md updates: allowed-files: [.changeset/**] passed, but top-level dot-folder protection still treated .changeset/ as protected and blocked push_to_pull_request_branch.

How did you fix it?

  • Safe-output policy adjustment

    • Kept strict allowlist scope to .changeset/**.
    • Added a protected-files exclusion for .changeset/ so dot-folder protection does not block intended changeset writes.
    • Kept protected-files policy as blocked for all other protected files.

  • Compiled workflow update

    • Regenerated changeset.lock.yml so runtime config includes protected_dot_folder_excludes: [".changeset/"] and protected_files_policy: "blocked".
safe-outputs:
  push-to-pull-request-branch:
    allowed-files:
      - .changeset/**
    protected-files:
      policy: blocked
      exclude:
        - .changeset/

@pelikhan
Allow changeset workflow to write .changeset files
df52ebc 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan pelikhan marked this pull request as ready for review May 9, 2026 04:47
Copilot AI review requested due to automatic review settings May 9, 2026 04:47
@pelikhan pelikhan merged commit 0578ef5 into main May 9, 2026
1 check passed
@pelikhan pelikhan deleted the copilot/fix-changeset-access branch May 9, 2026 04:47
Copilot AI reviewed May 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adjusts the Changeset Generator workflow’s safe-output policy so it can write to the top-level .changeset/ dot-folder while still enforcing a strict allowlist and keeping protected-files behavior blocked.

Changes:

  • Updated push-to-pull-request-branch safe-output configuration to exclude .changeset/ from top-level dot-folder protection while keeping allowed-files: [.changeset/**].
  • Regenerated the compiled workflow lock file so runtime config includes protected_dot_folder_excludes: [".changeset/"] and an explicit protected_files_policy: "blocked".
Show a summary per file
File Description
.github/workflows/changeset.md Adds protected-files object form with an exclusion for .changeset/ under the push-to-PR safe-output.
.github/workflows/changeset.lock.yml Regenerated compiled workflow embedding protected_dot_folder_excludes: [".changeset/"] and protected_files_policy: "blocked" in safe-outputs config.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan