Skip to content

Cover top-level app: migration and complete breaking-change release notes#42794

Merged
pelikhan merged 5 commits into
mainfrom
copilot/breaking-change-daily-analysis-2026-07-01
Jul 1, 2026
Merged

Cover top-level app: migration and complete breaking-change release notes#42794
pelikhan merged 5 commits into
mainfrom
copilot/breaking-change-daily-analysis-2026-07-01

Conversation

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

This follows up on the daily breaking-change audit by closing gaps in migration coverage and release documentation. In particular, it restores gh aw fix coverage for the app:github-app: rename at the top level and completes the missing imports.if breaking-change documentation.

  • Release-note and changeset fixes

    • Repair the malformed major-remove-imports-if changeset so it is parseable by the changeset tooling
    • Expand imports.if migration guidance with a concrete replacement pattern using {{#if ...}} + {{#runtime-import ...}}
    • Add the missing Unreleased changelog entry for the imports.if removal
    • Clarify the app:github-app: changeset and changelog text to cover both top-level and nested auth blocks
  • gh aw fix migration coverage

    • Extend the app-to-github-app codemod to rename a top-level app: block in addition to the existing nested cases under tools.github, safe-outputs, and checkout
    • Reuse the shared frontmatter top-level key detection logic rather than introducing custom YAML parsing behavior
  • Regression coverage

    • Add codemod coverage for top-level app: migration
    • Add fix-command coverage to ensure workflow files with top-level app: are rewritten to github-app: while preserving surrounding markdown
# Before
app:
  app-id: ${{ vars.APP_ID }}
  private-key: ${{ secrets.APP_PRIVATE_KEY }}

# After
github-app:
  app-id: ${{ vars.APP_ID }}
  private-key: ${{ secrets.APP_PRIVATE_KEY }}

Copilot AI linked an issue Jul 1, 2026 that may be closed by this pull request
6 tasks
Copilot AI and others added 2 commits July 1, 2026 16:09
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Review daily breaking change analysis for 2026-07-01 Cover top-level app: migration and complete breaking-change release notes Jul 1, 2026
Copilot AI requested a review from pelikhan July 1, 2026 16:13
@pelikhan pelikhan marked this pull request as ready for review July 1, 2026 16:47
Copilot AI review requested due to automatic review settings July 1, 2026 16:47
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Test Quality Sentinel completed test quality analysis.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

PR Code Quality Reviewer completed the code quality review.

Grumpy-coder adjudication complete. All 7 findings were either pre-existing/out-of-diff (findings 2, 3, 4, 6, 7), logically impossible (finding 1), or already covered by the inline review comment submitted earlier (finding 5). No additional safe-output actions needed.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🧠 Matt Pocock Skills Reviewer failed during the skills-based review.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Design Decision Gate 🏗️ completed the design decision gate check.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request restores and expands breaking-change migration coverage and documentation for gh-aw, focusing on (1) top-level app:github-app: frontmatter migration and (2) the removal of imports.if support.

Changes:

  • Extend the app-to-github-app codemod to also rename a top-level app: key in workflow frontmatter (in addition to existing nested auth locations).
  • Add regression tests covering both the codemod behavior and gh aw fix processing to ensure markdown is preserved while rewriting frontmatter.
  • Complete breaking-change release documentation by fixing the major-remove-imports-if changeset frontmatter and adding Unreleased changelog guidance for imports.if removal and the broader app: rename scope.
Show a summary per file
File Description
pkg/cli/fix_command_test.go Adds fix-command regression coverage for workflows with a top-level app: block.
pkg/cli/codemod_github_app.go Updates the codemod to detect and rename top-level app:github-app: while keeping existing nested handling.
pkg/cli/codemod_github_app_test.go Adds a focused unit test ensuring top-level app: is rewritten by the codemod.
CHANGELOG.md Adds missing Unreleased breaking-change entry and migration guidance for imports.if removal; clarifies app: breaking change scope.
.changeset/minor-rename-app-to-github-app.md Clarifies breaking-change wording and migration guidance to explicitly include top-level and nested auth blocks.
.changeset/major-remove-imports-if.md Repairs changeset frontmatter and expands migration guidance with a concrete {{#if ...}} + {{#runtime-import ...}} example.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 6/6 changed files
  • Comments generated: 0
  • Review effort level: Low

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🧪 Test Quality Sentinel Report

Test Quality Score: 100/100 — Excellent

Analyzed 2 test(s): 2 design, 0 implementation, 0 violation(s).

📊 Metrics (2 tests)
Metric Value
Analyzed 2 (Go: 2, JS: 0)
✅ Design 2 (100%)
⚠️ Implementation 0 (0%)
Edge/error coverage 2 (100%)
Duplicate clusters 0
Inflation NO
🚨 Violations 0
Test File Classification Issues
renames top-level app to github-app (subtest) pkg/cli/codemod_github_app_test.go design_test / behavioral_contract / high_value None
TestFixCommand_AppToGitHubAppMigration pkg/cli/fix_command_test.go design_test / behavioral_contract / high_value None

Verdict

Passed. 0% implementation tests (threshold: 30%). Both tests exercise the app:github-app: migration at the unit (codemod) and CLI pipeline levels with full error-path assertions and negative-case checks. Build tags are present on both files. No mock library usage.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🧪 Test quality analysis by Test Quality Sentinel · 35.3 AIC · ⌖ 13.6 AIC · ⊞ 6.8K ·
Comment /review to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Test Quality Sentinel: 100/100. 0% implementation tests (threshold: 30%). Both new tests verify the behavioral contract of the app:github-app: migration end-to-end, with error assertions and negative-case checks. No violations found.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🏗️ Design Decision Gate — ADR Required

This PR makes significant changes to core business logic (114 new lines in pkg/) but does not have a linked Architecture Decision Record (ADR).

📄 Draft ADR committed: docs/adr/42794-extend-app-to-github-app-codemod-to-top-level-key.md — review and complete it before merging.

🔒 This PR cannot merge until an ADR is linked in the PR body.

📋 What to do next
  1. Review the draft ADR committed to your branch — it was generated from the PR diff
  2. Complete the missing sections — add context the AI could not infer, refine the decision rationale, and list real alternatives you considered
  3. Commit the finalized ADR to docs/adr/ on your branch
  4. Reference the ADR in this PR body by adding a line such as:

    ADR: ADR-42794: Extend app-to-github-app Codemod to Top-Level Key

Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision.

❓ Why ADRs Matter

"AI made me procrastinate on key design decisions. Because refactoring was cheap, I could always say 'I'll deal with this later.' Deferring decisions corroded my ability to think clearly."

ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you.

📋 Michael Nygard ADR Format Reference

An ADR must contain these four sections to be considered complete:

  • Context — What is the problem? What forces are at play?
  • Decision — What did you decide? Why?
  • Alternatives Considered — What else could have been done?
  • Consequences — What are the trade-offs (positive and negative)?

All ADRs are stored in docs/adr/ as Markdown files numbered by PR number (e.g., 42794-extend-app-to-github-app-codemod-to-top-level-key.md for this PR).

🏗️ ADR gate enforced by Design Decision Gate 🏗️ · 48.5 AIC · ⌖ 9.66 AIC · ⊞ 8.4K ·
Comment /review to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 56.6 AIC · ⌖ 9.09 AIC · ⊞ 4.9K

}
}

func TestFixCommand_AppToGitHubAppMigration(t *testing.T) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new test uses bare t.Error/t.Fatal while the surrounding tests (e.g. TestFixCommand_SandboxFalseToAgentFalseMigration) use assert/require from testify. Consider converting for consistency:

require.NoError(t, err)
assert.True(t, fixed, "Expected file to be modified")
assert.NotContains(t, updatedStr, "\napp:\n")
assert.Contains(t, updatedStr, "\ngithub-app:\n")
assert.Contains(t, updatedStr, "# Test Workflow")
assert.Contains(t, updatedStr, "This workflow uses top-level app auth.")

Non-blocking style nit. @copilot please address this.


// Rename 'app:' to 'github-app:' when inside a target block
// Rename a top-level 'app:' key.
if strings.HasPrefix(trimmed, "app:") && isTopLevelKey(line) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The top-level app: rename path (line 156) calls continue after replacement, so the block-state flags (inTools, inSafeOutputs, inCheckout) are never set for a top-level app: key — which is correct since app: at the top level is never a block header for those nested sections. However, the current code first tries the top-level rename before checking for block entries (tools:, safe-outputs:, checkout:). If a YAML document somehow had an app: key before a tools: key, the tool works fine — but the ordering also means that a top-level app: line is renamed without first having set any block flags, which is the expected behaviour. The logic is correct but brittle; consider a brief comment clarifying why the top-level check comes before the nested block entry detection, to aid future maintainers.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The implementation is correct. The hasDeprecatedAppField / renameAppToGitHubApp split is clean, isTopLevelKey correctly guards the new arm, and the block-exit logic ensures the two renaming paths are mutually exclusive. The changeset frontmatter fix (--- delimiters) is essential and right.

One non-blocking gap

The only actionable item is a missing combined-scenario unit test (top-level app: + nested app: in the same document). See inline comment for a suggested addition. The code logic should already handle it correctly, but the combined path is untested.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

🔎 Code quality review by PR Code Quality Reviewer · 160.1 AIC · ⌖ 7.18 AIC · ⊞ 1.6K
Comment /review to run again

Comments that could not be inline-anchored

pkg/cli/codemod_github_app_test.go:239

Missing combined-scenario coverage: the &quot;renames app in all three sections&quot; test only combines tools.github.app + safe-outputs.app — it doesn't include a top-level app: alongside nested ones. The two renaming arms (isTopLevelKey branch and block-tracking branch) are independent code paths; a regression in either would go undetected in a combined-document scenario, which is exactly the real-world case this PR targets.

<details>
<summary>💡 Suggested addition</summary>

Add one mor…

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill and make the next stabilization pass for maintainer investigation. Priorities:

  • address the latest actionable review feedback by adding the missing combined-scenario coverage for top-level app: plus nested app: renames in the same document
  • complete the ADR follow-up by linking the committed ADR in the PR body so the design gate can re-evaluate
  • rerun the relevant checks after updates and summarize any remaining failures, including the Windows Integration failure if it persists.

Run: https://github.com/github/gh-aw/actions/runs/28535406702

Generated by 👨‍🍳 PR Sous Chef · 13.2 AIC · ⌖ 9.47 AIC · ⊞ 6.4K ·

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please run the pr-finisher skill and make the next stabilization pass for maintainer investigation. Priorities:

  • address the latest actionable review feedback by adding the missing combine...

Stabilization pass complete (commit c4decf6):

Combined-scenario coverage addedTestGitHubAppCodemod/renames_top-level_app_and_nested_app_in_the_same_document (in codemod_github_app_test.go) and TestFixCommand_AppToGitHubAppMigration_Combined (in fix_command_test.go) now cover a single document with both top-level app: and nested app: under tools.github being renamed in one pass.

ADR linked — the PR description now includes a Design section with a direct link to ADR-42794.

Windows Integration failureTestMCPServer_WindowsSmokeCommands failed with context deadline exceeded on the Windows runner (MCP server socket timeout). This is unrelated to our codemod changes (no mcp_server_json_integration_test.go or MCP server files were modified) and is not reproducible locally against the files we changed. This is a pre-existing infra-level flake that needs a human re-trigger to confirm it clears.

Local make fmt and full unit tests (./pkg/cli/...) are all green.

Copilot AI requested a review from gh-aw-bot July 1, 2026 17:41
@pelikhan pelikhan merged commit 7bc15e2 into main Jul 1, 2026
@pelikhan pelikhan deleted the copilot/breaking-change-daily-analysis-2026-07-01 branch July 1, 2026 18:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[breaking-change] Daily Breaking Change Analysis - 2026-07-01

4 participants