From a68f13e652ef079647bdd06634aa444e8953ca78 Mon Sep 17 00:00:00 2001 From: Radoslav Dimitrov Date: Tue, 21 Apr 2026 22:51:28 +0300 Subject: [PATCH 1/3] Address Dan's review feedback on #748 Two small follow-ups: 1. minimumReleaseAge: 24 hours -> 1 hour. Dan flagged that 24h is overcautious for first-party Stacklok releases. Renovate itself only runs every 4h so 1h is effectively close to 0 while still protecting against same-day yanks/reverts. 2. prBodyNotes: drop "regenerates" where we're actually just syncing. Now precisely: "syncs reference assets (CLI help, Swagger) and regenerates the CRD MDX pages" for toolhive. Co-Authored-By: Claude Opus 4.7 (1M context) --- renovate.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/renovate.json b/renovate.json index 5ea18e23..6f8fcb4d 100644 --- a/renovate.json +++ b/renovate.json @@ -88,14 +88,14 @@ "matchManagers": ["custom.regex"], "matchFileNames": ["**/.github/upstream-projects.yaml"], "schedule": ["at any time"], - "minimumReleaseAge": "24 hours", + "minimumReleaseAge": "1 hour", "minimumReleaseAgeBehaviour": "timestamp-optional", "ignoreUnstable": true, "rebaseWhen": "never", "recreateWhen": "never", "commitMessageTopic": "{{depName}}", "prBodyNotes": [ - "After this PR opens, `.github/workflows/upstream-release-docs.yml` adds source-verified content edits for the new release. For `stacklok/toolhive`, the same workflow also regenerates reference docs (CLI help, Swagger, CRD schemas)." + "After this PR opens, `.github/workflows/upstream-release-docs.yml` adds source-verified content edits for the new release. For `stacklok/toolhive`, the same workflow also syncs reference assets (CLI help, Swagger) and regenerates the CRD MDX pages." ] } ] From 564490a2a3ceef1dbfe9f7f4914745848a541fa4 Mon Sep 17 00:00:00 2001 From: Radoslav Dimitrov Date: Tue, 21 Apr 2026 22:57:37 +0300 Subject: [PATCH 2/3] Filter reviewers to repo collaborators only Previous behavior pulled every non-bot commit author from the upstream release range and passed them to `gh pr edit --add-reviewer` as a single comma-separated list. GitHub rejects reviewer requests for non-collaborators with 422, and because the API treats the list atomically, one community contributor in the range would fail the entire call and drop all valid reviewers with it. Fix: - Probe each candidate with `gh api repos//collaborators/` before adding. 204 -> keep; 404 -> skip. - Emit a separate `skipped` output listing non-collaborator contributors so the PR body can acknowledge them by name ("Other release contributors ... Thanks for the contribution!") without actually requesting review from them. Pre-existing bot-regex filter runs first so we don't waste API calls on [bot] users. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/upstream-release-docs.yml | 46 +++++++++++++++++---- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/.github/workflows/upstream-release-docs.yml b/.github/workflows/upstream-release-docs.yml index 8e21ad4e..994e80e8 100644 --- a/.github/workflows/upstream-release-docs.yml +++ b/.github/workflows/upstream-release-docs.yml @@ -367,21 +367,48 @@ jobs: REPO: ${{ steps.detect.outputs.repo }} PREV: ${{ steps.detect.outputs.prev_tag }} NEW: ${{ steps.detect.outputs.new_tag }} + REVIEW_REPO: ${{ github.repository }} run: | - # Capture stderr separately so we can surface a missing-compare - # situation in the PR body rather than silently dropping reviewers. + # Get non-bot commit authors in the release range. if COMPARE=$(gh api "repos/$REPO/compare/$PREV...$NEW" \ --jq '[.commits[].author.login? // empty] | unique | .[]' 2>/dev/null); then - REVIEWERS=$(echo "$COMPARE" | - grep -Ev '(\[bot\]$|^github-actions|^stacklokbot$|^dependabot|^renovate|^copilot)' | - head -5 | paste -sd, -) echo "compare_ok=true" >> "$GITHUB_OUTPUT" else - REVIEWERS="" + COMPARE="" echo "compare_ok=false" >> "$GITHUB_OUTPUT" fi + + # Filter out bot accounts, then further filter to only this + # repo's collaborators. GitHub rejects reviewer requests for + # non-collaborators with 422, which would fail the whole + # `gh pr edit --add-reviewer` call and drop the valid + # reviewers along with the invalid ones. Community + # contributors from the upstream repo often aren't + # collaborators on docs-website; silently skip them rather + # than ping or fail. + CANDIDATES=$(echo "$COMPARE" | + grep -Ev '(\[bot\]$|^github-actions|^stacklokbot$|^dependabot|^renovate|^copilot)' || true) + + REVIEWERS="" + SKIPPED="" + while IFS= read -r login; do + [ -z "$login" ] && continue + if gh api "repos/$REVIEW_REPO/collaborators/$login" --silent 2>/dev/null; then + REVIEWERS="${REVIEWERS:+$REVIEWERS,}$login" + else + SKIPPED="${SKIPPED:+$SKIPPED, }$login" + fi + done <<< "$CANDIDATES" + + # Cap at 5 to avoid review fatigue. + REVIEWERS=$(echo "$REVIEWERS" | tr ',' '\n' | head -5 | paste -sd, -) + echo "list=$REVIEWERS" >> "$GITHUB_OUTPUT" + echo "skipped=$SKIPPED" >> "$GITHUB_OUTPUT" echo "Reviewers: ${REVIEWERS:-}" + if [ -n "$SKIPPED" ]; then + echo "Skipped non-collaborator contributors: $SKIPPED" + fi - name: Read docs_paths hint id: hints @@ -570,6 +597,7 @@ jobs: GAPS_BLOCK: ${{ steps.signals.outputs.gaps_block }} AUTOGEN_NOTE: ${{ steps.autogen.outputs.note }} COMPARE_OK: ${{ steps.reviewers.outputs.compare_ok }} + SKIPPED_REVIEWERS: ${{ steps.reviewers.outputs.skipped }} run: | START='' END='' @@ -603,8 +631,12 @@ jobs: echo "$GAPS_BLOCK" echo "" fi - echo "Reviewers below are non-bot commit authors in the release range." + echo "Reviewers below are non-bot commit authors in the release range who are also collaborators on this repo." echo "" + if [ -n "$SKIPPED_REVIEWERS" ]; then + echo "Other release contributors (not assigned as reviewers because they aren't repo collaborators): $SKIPPED_REVIEWERS. Thanks for the contribution!" + echo "" + fi echo "$END" } > /tmp/section.md From 129a2159e1e5af46c307972a40058f9ca0f39254 Mon Sep 17 00:00:00 2001 From: Radoslav Dimitrov Date: Tue, 21 Apr 2026 22:59:53 +0300 Subject: [PATCH 3/3] Drop non-collaborator acknowledgment from PR body Filtering out non-collaborator reviewers stays (prevents the 422 whole-call-failure). But mentioning them by name in the augmented PR body adds notification surface we don't want. Silently skip. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/upstream-release-docs.yml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/.github/workflows/upstream-release-docs.yml b/.github/workflows/upstream-release-docs.yml index 994e80e8..0a4b99e9 100644 --- a/.github/workflows/upstream-release-docs.yml +++ b/.github/workflows/upstream-release-docs.yml @@ -384,19 +384,15 @@ jobs: # `gh pr edit --add-reviewer` call and drop the valid # reviewers along with the invalid ones. Community # contributors from the upstream repo often aren't - # collaborators on docs-website; silently skip them rather - # than ping or fail. + # collaborators here; silently skip them. CANDIDATES=$(echo "$COMPARE" | grep -Ev '(\[bot\]$|^github-actions|^stacklokbot$|^dependabot|^renovate|^copilot)' || true) REVIEWERS="" - SKIPPED="" while IFS= read -r login; do [ -z "$login" ] && continue if gh api "repos/$REVIEW_REPO/collaborators/$login" --silent 2>/dev/null; then REVIEWERS="${REVIEWERS:+$REVIEWERS,}$login" - else - SKIPPED="${SKIPPED:+$SKIPPED, }$login" fi done <<< "$CANDIDATES" @@ -404,11 +400,7 @@ jobs: REVIEWERS=$(echo "$REVIEWERS" | tr ',' '\n' | head -5 | paste -sd, -) echo "list=$REVIEWERS" >> "$GITHUB_OUTPUT" - echo "skipped=$SKIPPED" >> "$GITHUB_OUTPUT" echo "Reviewers: ${REVIEWERS:-}" - if [ -n "$SKIPPED" ]; then - echo "Skipped non-collaborator contributors: $SKIPPED" - fi - name: Read docs_paths hint id: hints @@ -597,7 +589,6 @@ jobs: GAPS_BLOCK: ${{ steps.signals.outputs.gaps_block }} AUTOGEN_NOTE: ${{ steps.autogen.outputs.note }} COMPARE_OK: ${{ steps.reviewers.outputs.compare_ok }} - SKIPPED_REVIEWERS: ${{ steps.reviewers.outputs.skipped }} run: | START='' END='' @@ -633,10 +624,6 @@ jobs: fi echo "Reviewers below are non-bot commit authors in the release range who are also collaborators on this repo." echo "" - if [ -n "$SKIPPED_REVIEWERS" ]; then - echo "Other release contributors (not assigned as reviewers because they aren't repo collaborators): $SKIPPED_REVIEWERS. Thanks for the contribution!" - echo "" - fi echo "$END" } > /tmp/section.md