Skip to content

Enhance automatic pr preparation #7125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
BlackYps wants to merge 5 commits into
base: develop
Choose a base branch
from
+28 −6
Open

Enhance automatic pr preparation #7125

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6a147b7
Add snippet to new PRs
BlackYps Apr 10, 2026
5dff7f3
Run pr preparation only on local branches
BlackYps May 17, 2026
bf49277
Checkout pr branch correctly
BlackYps May 17, 2026
87289e8
Add snippet template
FAForeverBot May 17, 2026
e83d365
remove snippet as this doesn't affect the players
BlackYps May 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 27 additions & 6 deletions .github/workflows/auto-draft-pr.yaml → .github/workflows/pr-preparation.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,41 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

name: Convert PRs to Draft on Opening

permissions:
contents: write
name: Pull Request preparation

on:
pull_request:
types: [opened]
Comment on lines 23 to 25
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/pr-preparation.yaml

Repository: FAForever/fa

Length of output: 2728

🌐 Web query:

gh cli gh pr ready permission requirements contents write vs pull-requests write

💡 Result:

To use the gh pr ready command in a GitHub Actions workflow, you generally need the pull-requests: write permission [1]. While pull-requests: write is the primary requirement for modifying the state of a pull request, the specific permissions required by the GitHub CLI (gh) can be nuanced depending on the repository context and the specific operations being performed [1][2]. Key considerations for permission requirements: 1. Pull-Requests Permission: The pull-requests: write permission is necessary to change the status of a pull request (e.g., marking it as ready or converting it back to a draft) [1][3]. 2. Contents Permission: The contents: write permission is typically required if your workflow involves pushing changes, tags, or other repository modifications [1]. It is not strictly required for the gh pr ready command itself, but it is often included in workflows that perform broader PR management tasks [1]. 3. Additional Scopes: Depending on the complexity of your workflow, you may encounter requirements for other permissions. For example: - repository-projects: read may be required if the CLI attempts to access project metadata associated with the pull request [1]. - issues: read is often necessary for commands like gh pr list, as the CLI may rely on issue-related search or metadata endpoints [2]. - If you are using features like assigning reviewers or teams, you might face limitations with the default GITHUB_TOKEN, which may require a Personal Access Token (PAT) with broader scopes (such as read:org) [4][3]. In summary, while pull-requests: write is the core requirement for gh pr ready, you should configure your workflow permissions based on the full set of gh commands being executed to avoid 403 Forbidden errors [1][5]. If you encounter unexpected failures, check if your workflow requires additional read access to repository projects or issues [1][2].

Citations:

Add explicit permissions for the draft conversion step.

This workflow relies on repo-default GITHUB_TOKEN permissions, but gh pr ready --undo requires pull-requests: write permission. On repos with read-only defaults, this step can fail even though earlier steps succeed.

Suggested fix 
 on:
   pull_request:
     types: [opened]
+
+permissions:
+  pull-requests: write
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pr-preparation.yaml around lines 23 - 25, Add explicit
GITHUB_TOKEN permissions so the draft-conversion step can run gh pr ready
--undo; add a permissions block granting pull-requests: write (either globally
under the workflow root or on the specific job that runs the draft conversion)
and ensure GITHUB_TOKEN is used there; update the workflow to include
permissions: pull-requests: write so the gh command can undo drafts
successfully.


jobs:
convert_to_draft:
prepare_pr:
name: Prepare pull request
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
runs-on: ubuntu-latest
steps:
- run: gh pr ready --undo ${{ github.event.pull_request.number }}
- name: Checkout PR branch
uses: actions/checkout@v6
with:
ref: ${{ github.event.pull_request.head.ref }}
ssh-key: ${{ secrets.SSH_FAFOREVER_MACHINE_USER }}

- name: Add snippet
working-directory: changelog/snippets
run: |
# Configure git
git config user.email "github@faforever.com"
git config user.name "FAForever Machine User"

FILE=category.${{ github.event.pull_request.number }}.md
cp sections/template-snippet.md $FILE
sed -i "s/XYZW/${{ github.event.pull_request.number }}/g" $FILE

git add .
git commit -m "Add snippet template"
git push
Comment on lines +46 to +52
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Don't overwrite an author-provided snippet.

This always recreates category.<pr>.md from the template. If the branch already has a real snippet, the workflow replaces it with placeholder text and pushes that regression back to the PR branch. Guard on file absence and only stage the generated file.

Suggested fix 
-          FILE=category.${{ github.event.pull_request.number }}.md
-          cp sections/template-snippet.md $FILE
-          sed -i "s/XYZW/${{ github.event.pull_request.number }}/g" $FILE
-          
-          git add .
-          git commit -m "Add snippet template"
-          git push
+          FILE="category.${{ github.event.pull_request.number }}.md"
+          if [ ! -f "$FILE" ]; then
+            cp sections/template-snippet.md "$FILE"
+            sed -i "s/XYZW/${{ github.event.pull_request.number }}/g" "$FILE"
+
+            git add "$FILE"
+            git commit -m "Add snippet template"
+            git push
+          fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FILE=category.${{ github.event.pull_request.number }}.md
cp sections/template-snippet.md $FILE
sed -i "s/XYZW/${{ github.event.pull_request.number }}/g" $FILE
git add .
git commit -m "Add snippet template"
git push
FILE="category.${{ github.event.pull_request.number }}.md"
if [ ! -f "$FILE" ]; then
cp sections/template-snippet.md "$FILE"
sed -i "s/XYZW/${{ github.event.pull_request.number }}/g" "$FILE"
git add "$FILE"
git commit -m "Add snippet template"
git push
fi
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pr-preparation.yaml around lines 46 - 52, The workflow
always overwrites category.${{ github.event.pull_request.number }}.md by copying
template-snippet.md, which can clobber an author-provided snippet; change the
logic around FILE to first check for file absence and only create/copy when the
target does not exist, and when committing only add that generated filename
instead of git add . so you stage and commit the new FILE (refer to the FILE
variable and the cp/sed/git add/git commit/git push commands) to avoid touching
other files in the branch.


- name: Convert PR to draft
run: gh pr ready --undo ${{ github.event.pull_request.number }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
1 change: 1 addition & 0 deletions changelog/snippets/sections/template-snippet.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
- Your explanation here... [Don't forget to change the category in the filename] (#XYZW).
Loading