fix(ci): enable CI workflows to trigger on changeset release PRs#3444
Draft
fix(ci): enable CI workflows to trigger on changeset release PRs#3444
Conversation
The recipe system is being re-evaluated, and these failing CI jobs create confusion for new contributors. Uses `if: false` at the job level to skip execution while keeping job definitions visible for future reference. Jobs will show as "skipped" in GitHub Actions UI rather than being invisible. To re-enable: remove the `if: false` line from each job. Affected jobs: - validate_recipes (ci.yml) - deploy (deploy-examples.yml)
GitHub's security feature prevents events triggered by GITHUB_TOKEN from creating new workflow runs. The checkout steps in release.yml were using the default GITHUB_TOKEN, so when the changesets action created/updated PRs, no CI workflows would trigger. By explicitly providing a PAT (SHOPIFY_GH_ACCESS_TOKEN) to the checkout action, subsequent git operations are attributed to that token's identity, and those events DO trigger workflows. Changes: - Add token parameter to checkout in release job - Add token parameter to checkout in backfix-release job - Add temporary debug job to ci.yml to verify token type The debug job will be removed once we confirm the token is a real-user PAT (type: User, prefix: ghp_ or github_pat_) rather than a GitHub App token.
Contributor
|
Oxygen deployed a preview of your
Learn more about Hydrogen's GitHub integration. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Problem
CI checks weren't running on changeset release PRs (like
[ci] release 2025.10.0). The root cause is GitHub's security feature that prevents events triggered byGITHUB_TOKENfrom creating new workflow runs.The
actions/checkoutstep was using the defaultGITHUB_TOKEN, so when the changesets action subsequently created/updated PRs, no CI workflows would trigger.Solution
Add
token: ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}to the checkout steps in:releasejob (for production releases)backfix-releasejob (for back-fix releases)When checkout uses a PAT, all subsequent git operations (commits, pushes by the changesets action) are attributed to that token, and those events DO trigger workflows.
Verification
This PR includes a temporary debug job (
🔍 Debug - Check PAT identity) that will show:For this fix to work, the token must be:
User(notBot)ghp_orgithub_pat_(notghs_)If the token is a GitHub App installation token, it won't work and will need to be replaced with a real-user PAT.
Test plan