Update format lint workflow to create pull request instead of direct push

[Copilot]

This PR updates the format-and-commit.yml workflow to create pull requests instead of pushing changes directly to the main branch, addressing the requirement to run on every push to main while maintaining proper code review practices.

Changes Made

Trigger Configuration

• Before: Manual trigger only (workflow_dispatch)
• After: Automatic trigger on every push to main branch (push: branches: [main])

Pull Request Creation Logic

The workflow now creates pull requests when formatting changes are detected:

# Create a unique branch name
BRANCH_NAME="auto-format-$(date +%Y%m%d-%H%M%S)"

# Create pull request using GitHub CLI
gh pr create \
  --title "Auto-format: Code formatting and linting fixes" \
  --body "..." \
  --head "$BRANCH_NAME" \
  --base main

Security Improvements

• Bot Detection: Added logic to skip execution if triggered by bot accounts to prevent infinite loops
• Input Sanitization: All GitHub context variables are passed through environment variables to prevent injection attacks
• Proper Exit Codes: Uses exit code 78 for neutral outcomes (bot-triggered skips)

Permission Updates

Added pull-requests: write permission while maintaining existing contents: write for branch operations.

Why This Change?

The previous workflow pushed changes directly to branches, which bypasses code review processes. The new approach:

1. Maintains Code Quality: All formatting changes go through pull request review
2. Prevents Conflicts: Creates unique timestamped branches to avoid naming collisions
3. Provides Transparency: PR descriptions include detailed information about what triggered the formatting
4. Follows Best Practices: Aligns with standard GitHub workflow patterns for automated changes

Testing

• ✅ Workflow syntax validated with actionlint
• ✅ Security scan passed (no untrusted input in inline scripts)
• ✅ All Go tests continue to pass
• ✅ Build process remains functional

The workflow will activate on the next push to main that results in formatting changes, creating a pull request with the auto-formatted code for review and merge.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• api.contoso.com
  • Triggering command: /tmp/go-build2748979727/b278/cli.test -test.testlogfile=/tmp/go-build2748979727/b278/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true (dns block)
  • Triggering command: /tmp/go-build1700973130/b278/cli.test -test.testlogfile=/tmp/go-build1700973130/b278/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true (dns block)
  • Triggering command: /tmp/go-build1003136296/b278/cli.test -test.testlogfile=/tmp/go-build1003136296/b278/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.