Skip to content

Fix GitHub Actions lint workflow: update gem versions and permissions for fork compatibility #4818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 10, 2025
Merged

Fix GitHub Actions lint workflow: update gem versions and permissions for fork compatibility #4818

merged 4 commits into from
Jul 10, 2025

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Jul 9, 2025
edited
Loading

Problem

The GitHub Actions lint workflow was failing due to two main issues:

  1. Missing required gems: Bundler couldn't find specific gem versions (faraday-retry-2.3.1, rake-13.2.1, rubocop-1.75.5, faraday-2.12.2, json-2.11.3, language_server-protocol-3.17.0.4) preventing RuboCop from running
  2. Fork permissions: The workflow used pull_request trigger which lacks permissions to create annotations and push changes from forks

Solution

1. Updated Gemfile with exact required versions

# Before: flexible version constraints
gem "faraday-retry", "~> 2.3.2"
gem "rake"
gem "rubocop"

# After: pinned exact versions as required
gem "faraday-retry", "2.3.1"
gem "rake", "13.2.1" 
gem "rubocop", "1.75.5"
gem "faraday", "2.12.2"
gem "json", "2.11.3"
gem "language_server-protocol", "3.17.0.4"

2. Updated workflow for fork compatibility

# Before: limited permissions on forks
on:
  pull_request:

permissions:
  contents: write

jobs:
  lint:
    steps:
      - name: Run linters
        if: ${{ github.event_name == 'pull_request' }}

# After: proper permissions for forks  
on:
  pull_request_target:

permissions:
  contents: write
  checks: write

jobs:
  lint:
    steps:
      - name: Run linters
        if: ${{ github.event_name == 'pull_request_target' }}

Changes Made

  • Gemfile: Added explicit version pins for all required gems
  • Gemfile.lock: Updated via bundle update with new versions
  • lint.yml: Changed trigger to pull_request_target and added checks: write permission
  • Verification: Confirmed RuboCop v1.75.5 runs successfully with all dependencies

Testing

$ bundle exec rubocop --version
1.75.5

$ bundle list | grep -E "(faraday-retry|rake|rubocop|faraday|json|language_server-protocol)"
* faraday (2.12.2)
* faraday-retry (2.3.1) 
* json (2.11.3)
* language_server-protocol (3.17.0.4)
* rake (13.2.1)
* rubocop (1.75.5)

The workflow should now work correctly on pull requests from forks with the necessary permissions to create annotations and auto-fix lint issues.

This pull request was created as a result of the following prompt from Copilot chat.

The GitHub Actions job is failing due to two main issues:

  1. Bundler cannot find required gems (faraday-retry-2.3.1, rake-13.2.1, rubocop-1.75.5, faraday-2.12.2, json-2.11.3, language_server-protocol-3.17.0.4). This prevents rubocop from running. The workflow expects these gems to be present via bundler, but they're missing from the Gemfile/Gemfile.lock or not installed.
  2. Workflow permissions on forks: The workflow attempts to create annotations and push changes, which are not permitted in workflows triggered by pull_request events from forks. The log recommends switching to pull_request_target and setting checks: write permission.

To fix:

  • Ensure the Gemfile includes all required gems and commit the updated Gemfile and Gemfile.lock.
  • Change the workflow trigger to pull_request_target and set checks: write permission.
  • Update the job's if condition to only run the linter on pull_request_target.

Gemfile example:

source 'https://rubygems.org'
gem 'rubocop', '1.75.5'
gem 'faraday-retry', '2.3.1'
gem 'rake', '13.2.1'
gem 'faraday', '2.12.2'
gem 'json', '2.11.3'
gem 'language_server-protocol', '3.17.0.4'

Workflow update (.github/workflows/lint.yml):

on:
  pull_request_target:
  workflow_dispatch:
  merge_group:

permissions:
  contents: write
  checks: write

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true
      - name: Run linters
        uses: wearerequired/lint-action@v2
        if: ${{ github.event_name == 'pull_request_target' }}
        with:
          auto_fix: true
          rubocop: true
          rubocop_command_prefix: bundle exec

Ensure to commit the Gemfile and the updated workflow file, then re-run the workflow to verify a successful build.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@tomthorogood tomthorogood marked this pull request as ready for review July 9, 2025 23:17
@Copilot Copilot AI review requested due to automatic review settings July 9, 2025 23:17
Copilot
Copilot AI reviewed Jul 9, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@Copilot @tomthorogood
Fix GitHub Actions workflow: update gems to required versions and swi…
e02013f 
…tch to pull_request_target

Co-authored-by: tomthorogood <1092941+tomthorogood@users.noreply.github.com>
@Copilot Copilot AI requested a review from a team as a code owner July 9, 2025 23:19
@Copilot @tomthorogood
Fix duplicate webrick gem in Gemfile
f51c90c 
Co-authored-by: tomthorogood <1092941+tomthorogood@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] Fix failing lint workflow: add missing gems and adjust permissions for forked PRs Fix GitHub Actions lint workflow: update gem versions and permissions for fork compatibility Jul 9, 2025
@Copilot Copilot AI requested a review from tomthorogood July 9, 2025 23:21
Copilot finished work on behalf of tomthorogood July 9, 2025 23:21
@tomthorogood tomthorogood enabled auto-merge July 9, 2025 23:34
@tomthorogood
Copy link
Contributor

I don't think this can succeed because the workflow is broken on main; i've run the lint action on this branch here and it succeeded, so i'm bypassing this requirement.

@tomthorogood tomthorogood disabled auto-merge July 10, 2025 14:14
@tomthorogood tomthorogood merged commit f425a55 into main Jul 10, 2025
8 checks passed
@tomthorogood tomthorogood deleted the copilot/fix-4434fcb6-fe58-4635-987f-2f25ef6f0239 branch July 10, 2025 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@kenyonj kenyonj kenyonj approved these changes

@tomthorogood tomthorogood Awaiting requested review from tomthorogood

Assignees

@tomthorogood tomthorogood

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Copilot @tomthorogood @kenyonj