Automate integration-batch conflict recovery with scripted union/snapshot handling

[Copilot]

Integration batching was regularly stalling on deterministic merge conflicts in stub-command files and snapshot files. This change moves merge logic into a dedicated script that auto-resolves known-safe conflicts and performs targeted Jest snapshot refreshes, while keeping packaging clean by placing helpers under .github/integration/.

• Scripted merge engine for integration batching

  • Added .github/integration/scripts/merge_prs.sh and replaced inlined merge logic in integration-batch.yml.
  • Script accepts selected PRs, merges sequentially into integration, and emits a single-line JSON summary consumed by workflow steps.

• Dynamic union allowlist (with repo-managed overrides)

  • Regenerates allowlist on each merge attempt from src/cli/**:
    • include files with const program = new FrodoStubCommand(
    • exclude files with const program = new FrodoCommand(
  • Applies committed override files:
    • .github/integration/union-allowlist-extra.txt
    • .github/integration/union-blocklist.txt
  • Configures union merge behavior via .git/info/attributes (non-committed).

• Automated conflict handling paths

  • Union-only conflicts: if all conflicted files are allowlisted, auto-resolve and continue; verifies no conflict markers remain.
  • Snapshot-only conflicts (*.snap / __snapshots__, optionally package-lock.json): completes merge, derives targeted test patterns from snapshot filenames, runs npm run test:update <pattern> per deduped pattern, and commits updated snapshots for integration PR review.
  • Non-auto-resolvable conflicts are still skipped with explicit reasoning in workflow outputs.

• Workflow output + reviewer visibility

  • Workflow now consumes script JSON for:
    • merged/skipped PRs
    • auto-resolved conflict reporting (union vs snapshot)
    • snapshot patterns executed and snapshot files changed
  • Existing label/comment/PR update behavior is preserved, now driven by script output.

• Packaging/publishing safety

  • New automation files live under .github/integration/...; no pkg config changes were required.

Example pattern derivation used for targeted snapshot updates:

# conflicted snapshot file
admin-list-oauth2-clients-with-admin-privileges.e2e.test.js.snap

# derived command
npm run test:update admin-list-oauth2-clients-with-admin-privileges

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/rockcarver/frodo-cli/releases
  • Triggering command: /opt/hostedtoolcache/node/24.14.1/x64/bin/node /opt/hostedtoolcache/node/24.14.1/x64/bin/node --no-warnings --enable-source-maps --experimental-loader file:///home/REDACTED/work/frodo-cli/frodo-cli/dist/loader.cjs /home/REDACTED/work/frodo-cli/frodo-cli/dist/app.cjs shell modules/@npmcli/run-script/lib/node-gyp-bin/ldd (http block)
  • Triggering command: /opt/hostedtoolcache/node/24.14.1/x64/bin/node /opt/hostedtoolcache/node/24.14.1/x64/bin/node --no-warnings --enable-source-maps --experimental-loader file:///home/REDACTED/work/frodo-cli/frodo-cli/dist/loader.cjs /home/REDACTED/work/frodo-cli/frodo-cli/dist/app.cjs shell odules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node (http block)
  • Triggering command: /opt/hostedtoolcache/node/24.14.1/x64/bin/node /opt/hostedtoolcache/node/24.14.1/x64/bin/node --no-warnings --enable-source-maps --experimental-loader file:///home/REDACTED/work/frodo-cli/frodo-cli/dist/loader.cjs /home/REDACTED/work/frodo-cli/frodo-cli/dist/app.cjs shell (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Implement scripted conflict resolution + targeted snapshot update for integration batching in rockcarver/frodo-cli, ensuring packaging/publishing does not include new script files.

Background:

• Integration batching frequently hits merge conflicts in certain command/stub files where the correct resolution is always "accept both".
• Snapshot conflicts should be resolved by running targeted Jest snapshot updates and committing the updated snapshots to the integration branch so maintainers can review changes in the integration PR.
• Jest runner supports npm run test:update [TestPathPattern] and we should run only relevant test patterns derived from conflicted snapshot filenames (e.g., admin-list-oauth2-clients-with-admin-privileges.e2e.test.js.snap -> admin-list-oauth2-clients-with-admin-privileges).
• Avoid shipping integration helper scripts in npm package/binary packaging. .npmignore already ignores .github/, and pkg packaging uses cjs/** assets/scripts. Place helper script under .github/integration/scripts/.

Requirements:

1. Add a script under .github/integration/scripts/merge_prs.sh to replace inlined merge logic in .github/workflows/integration-batch.yml.

   • Script takes list of PR numbers (and optionally titles/branches), performs merge into integration branch, and prints a single-line JSON summary for workflow consumption.
   • Must support dry-run mode.

2. Auto-generate a "union allowlist" each run:

   • Scan files under src/cli/**.
   • Include files that instantiate FrodoStubCommand: contain const program = new FrodoStubCommand(.
   • Exclude files that instantiate FrodoCommand: contain const program = new FrodoCommand(.
   • Allow manual additions/removals via committed exception files:
     • .github/integration/union-allowlist-extra.txt
     • .github/integration/union-blocklist.txt

3. Union merge handling:

   • Configure Git union merge driver for files in allowlist using .git/info/attributes (do not commit gitattributes).
   • On merge conflict where ALL conflicted files are in allowlist, automatically resolve and continue.
   • Verify no conflict markers remain in those files.

4. Snapshot conflict handling:

   • If conflicts are only snapshot files (**/*.snap or __snapshots__) (optionally plus package-lock.json), resolve by completing the merge (choose a side for snapshot files if needed), then run targeted snapshot updates.
   • Derive test patterns from snapshot filenames by stripping .snap and suffixes like .e2e.test.js, .test.js, .spec.js.
   • Run npm ci once when needed, then run npm run test:update <pattern> for each derived pattern (dedupe).
   • Commit snapshot updates to integration branch with clear message.
   • Produce summary listing patterns run and snapshot files changed.

5. Workflow integration:

   • Update .github/workflows/integration-batch.yml to call the new script and use its JSON output to drive labeling/commenting (non-dry-run) and step summary.
   • Keep existing behavior for label changes/comments/PR creation/update, except add reporting for auto-resolved conflicts and snapshot updates.

6. Packaging/publishing:

   • Ensure new files are under .github/integration/... so they are excluded by .npmignore (already ignores .github/).
   • Do not change pkg config in package.json unless necessary.

Deliverable: Create a PR implementing the above changes.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Yes, open a PR with all those changes.

Assistant: I’m not able to open the PR from here at the moment (I don’t currently have access to the repo-writing automation in this chat session).

If you want to unblock immediately, you can make the fix yourself with a tiny commit:

1. Edit .github/workflows/integration-batch.yml
2. Change every echo "<key>=$json" >> "$GITHUB_OUTPUT" that writes JSON to instead write compact JSON, e.g.:

echo "prs_json=$(echo "$prs_json" | jq -c .)" >> "$GITHUB_OUTPUT"
echo "selected=$(echo "$selected" | jq -c .)" >> "$GITHUB_OUTPUT"
echo "skipped=$(echo "$skipped" | jq -c .)" >> "$GITHUB_OUTPUT"
echo "merged=$(echo "$merged" | jq -c .)" >> "$GITHUB_OUTPUT"
echo "merge_skipped=$(echo "$merge_skipped" | jq -c .)" >> "$GITHUB_OUTPUT"

3. Push a branch and open a PR.

If you paste the current contents of your integration-batch.yml (or point me to the exact commit/lines), I’ll mark up the exact diff so you can copy/paste it with high confidence.

User: @copilot Accepted Confirmation: Confirm agent session

Assistant: I’ve started a follow-up PR to apply exactly those jq -c / single-line JSON output fixes to the integration-batch workflow. You can track it here:

data:
  - title: '[WIP] Fix integration-batch workflow output formatting'
    repository: rockcarver/frodo-cli
    url: https://github.com/copilot/tasks/pull/PR_kwDOH1LPHs7Tu8fZ?session_id=5d4695f5-a682-4fa4-a600-c6fadb110d3...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

*This pull request was created from Copilot chat.*
>

[vscheuber]

Looks good.

[Copilot]

Pull request overview

This PR moves the integration batching merge/conflict-handling logic out of the workflow YAML and into a dedicated script, with the goal of automatically resolving known-safe conflicts (union merges for stub-command files and targeted Jest snapshot refreshes) while keeping automation files out of published artifacts.

Changes:

• Replaced inlined merge logic in the integration-batch workflow with .github/integration/scripts/merge_prs.sh, which outputs a JSON summary consumed by later steps.
• Added auto-generated union allowlist support with repo-managed override files under .github/integration/.
• Expanded workflow PR body + job summary reporting to include auto-resolved conflict and snapshot-update details.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
docs/INTEGRATION.md	Updates docs to describe the new union/snapshot conflict recovery behavior.
.github/workflows/integration-batch.yml	Calls the new merge script and surfaces its JSON results in PR text and step summary.
.github/integration/union-blocklist.txt	Adds repo-managed blocklist for union allowlist generation.
.github/integration/union-allowlist-extra.txt	Adds repo-managed allowlist additions for union allowlist generation.
.github/integration/scripts/merge_prs.sh	Implements scripted merging, allowlist generation, union/snapshot conflict handling, and JSON summary output.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

npm run test:update "$pattern" may not reliably forward $pattern to Jest (npm generally requires -- to pass args through). Use npm run test:update -- "$pattern" so the derived pattern is definitely treated as a Jest testPathPattern argument.

Suggested change

	npm run test:update "$pattern"
	npm run test:update -- "$pattern"

[vscheuber]

@copilot do you agree with this comment?

[Copilot]

Yes. I agree, and this is already updated in ed1f6bb to npm run test:update -- "$pattern". No UI changes in this PR (workflow/script-only), so no UI screenshot applies.