From 8f7c7d1eaad0b3ba9a3c7dd4c3c9d36425864598 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Mar 2026 16:21:00 +0000 Subject: [PATCH 1/6] Initial plan From d69b24671b3355ca69eab83ee72aa80217aed0d2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Mar 2026 16:31:53 +0000 Subject: [PATCH 2/6] fix: add buildkite bot to allowlist, improve PR discovery, add noop safe-output - Add buildkite-limited-access[bot] to the bots allowlist - Extract PR numbers from check_run events, branches and target URL from status events - Use .commit.sha instead of .sha for status events - Update Step 1 to follow the PR Actions Detective approach for PR discovery - Add noop safe-output (prompt already referenced it) - Add Target URL, PR Numbers, and Branches to the context section Co-authored-by: strawgate <6384545+strawgate@users.noreply.github.com> --- ...gh-aw-estc-pr-buildkite-detective.lock.yml | 34 ++++++++++++++++--- .../gh-aw-estc-pr-buildkite-detective.md | 20 +++++++++-- 2 files changed, 46 insertions(+), 8 deletions(-) diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml index 3c2a85d7..303000f6 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml @@ -36,7 +36,7 @@ # # inlined-imports: true # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"0b43f546adb37e6d76b521d7d6ce8f85e4d2a323590174376686e1f477d9f412"} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"544fc5da6cbff27918feed751b628cff26b71eca29a9de94f7240386f34d1832"} name: "PR Buildkite Detective" "on": @@ -171,10 +171,13 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GH_AW_ENV_BK_BRANCHES: ${{ env.BK_BRANCHES }} GH_AW_ENV_BK_COMMIT_SHA: ${{ env.BK_COMMIT_SHA }} GH_AW_ENV_BK_EVENT_ID: ${{ env.BK_EVENT_ID }} GH_AW_ENV_BK_EVENT_NAME: ${{ env.BK_EVENT_NAME }} GH_AW_ENV_BK_FAILURE_STATE: ${{ env.BK_FAILURE_STATE }} + GH_AW_ENV_BK_PR_NUMBERS: ${{ env.BK_PR_NUMBERS }} + GH_AW_ENV_BK_TARGET_URL: ${{ env.BK_TARGET_URL }} GH_AW_EXPR_0EAAB79A: ${{ inputs.buildkite-pipeline }} GH_AW_EXPR_49B959F1: ${{ inputs.additional-instructions }} GH_AW_EXPR_6908A9DD: ${{ inputs.buildkite-org }} @@ -330,6 +333,9 @@ jobs: - **Event ID**: __GH_AW_ENV_BK_EVENT_ID__ - **Failure State**: __GH_AW_ENV_BK_FAILURE_STATE__ - **Commit SHA**: __GH_AW_ENV_BK_COMMIT_SHA__ + - **Target URL**: __GH_AW_ENV_BK_TARGET_URL__ + - **PR Numbers**: __GH_AW_ENV_BK_PR_NUMBERS__ + - **Branches**: __GH_AW_ENV_BK_BRANCHES__ - **Buildkite Organization**: __GH_AW_EXPR_6908A9DD__ ## Constraints @@ -361,8 +367,11 @@ jobs: ### Step 1: Gather Context 1. Use the commit SHA provided in the Context section above. If it is empty, discover it from the PR's commit statuses or check runs. - 2. Call `list_pull_requests` for the repository (open PRs), then call `pull_request_read` with method `get` on candidates and keep PRs where `head.sha` matches the failed commit SHA. If none match, call `noop` with message "No pull request associated with failed commit status; nothing to do" and stop. - 3. For each matching PR, keep author, branches, and fork status for downstream analysis. + 2. Find the associated pull request(s): + - If **PR Numbers** in the Context section above is non-empty (e.g., from `check_run` events), use those PR numbers directly with `pull_request_read` method `get`. + - Otherwise, use `bash` + `gh api repos/__GH_AW_GITHUB_REPOSITORY__/commits/{commit_sha}/pulls` to find PRs containing the commit SHA. If no results, also try searching open PRs whose head branch matches one of the **Branches** listed in the Context section. + - If no PR is found after all attempts, call `noop` with message "No pull request associated with failed commit status; nothing to do" and stop. + 3. For each matching PR, call `pull_request_read` with method `get` to capture the author, branches, and fork status for downstream analysis. ### Step 2: Find the Buildkite Build @@ -431,10 +440,13 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_ENV_BK_BRANCHES: ${{ env.BK_BRANCHES }} GH_AW_ENV_BK_COMMIT_SHA: ${{ env.BK_COMMIT_SHA }} GH_AW_ENV_BK_EVENT_ID: ${{ env.BK_EVENT_ID }} GH_AW_ENV_BK_EVENT_NAME: ${{ env.BK_EVENT_NAME }} GH_AW_ENV_BK_FAILURE_STATE: ${{ env.BK_FAILURE_STATE }} + GH_AW_ENV_BK_PR_NUMBERS: ${{ env.BK_PR_NUMBERS }} + GH_AW_ENV_BK_TARGET_URL: ${{ env.BK_TARGET_URL }} GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_EXPR_49B959F1: ${{ inputs.additional-instructions }} GH_AW_EXPR_6908A9DD: ${{ inputs.buildkite-org }} @@ -449,10 +461,13 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_ENV_BK_BRANCHES: ${{ env.BK_BRANCHES }} GH_AW_ENV_BK_COMMIT_SHA: ${{ env.BK_COMMIT_SHA }} GH_AW_ENV_BK_EVENT_ID: ${{ env.BK_EVENT_ID }} GH_AW_ENV_BK_EVENT_NAME: ${{ env.BK_EVENT_NAME }} GH_AW_ENV_BK_FAILURE_STATE: ${{ env.BK_FAILURE_STATE }} + GH_AW_ENV_BK_PR_NUMBERS: ${{ env.BK_PR_NUMBERS }} + GH_AW_ENV_BK_TARGET_URL: ${{ env.BK_TARGET_URL }} GH_AW_EXPR_0EAAB79A: ${{ inputs.buildkite-pipeline }} GH_AW_EXPR_49B959F1: ${{ inputs.additional-instructions }} GH_AW_EXPR_6908A9DD: ${{ inputs.buildkite-org }} @@ -476,10 +491,13 @@ jobs: return await substitutePlaceholders({ file: process.env.GH_AW_PROMPT, substitutions: { + GH_AW_ENV_BK_BRANCHES: process.env.GH_AW_ENV_BK_BRANCHES, GH_AW_ENV_BK_COMMIT_SHA: process.env.GH_AW_ENV_BK_COMMIT_SHA, GH_AW_ENV_BK_EVENT_ID: process.env.GH_AW_ENV_BK_EVENT_ID, GH_AW_ENV_BK_EVENT_NAME: process.env.GH_AW_ENV_BK_EVENT_NAME, GH_AW_ENV_BK_FAILURE_STATE: process.env.GH_AW_ENV_BK_FAILURE_STATE, + GH_AW_ENV_BK_PR_NUMBERS: process.env.GH_AW_ENV_BK_PR_NUMBERS, + GH_AW_ENV_BK_TARGET_URL: process.env.GH_AW_ENV_BK_TARGET_URL, GH_AW_EXPR_0EAAB79A: process.env.GH_AW_EXPR_0EAAB79A, GH_AW_EXPR_49B959F1: process.env.GH_AW_EXPR_49B959F1, GH_AW_EXPR_6908A9DD: process.env.GH_AW_EXPR_6908A9DD, @@ -611,11 +629,17 @@ jobs: if [ "$GITHUB_EVENT_NAME" = "status" ]; then echo "BK_EVENT_ID=$(jq -r '.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_COMMIT_SHA=$(jq -r '.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_COMMIT_SHA=$(jq -r '.commit.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" else echo "BK_EVENT_ID=$(jq -r '.check_run.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_FAILURE_STATE=$(jq -r '.check_run.conclusion' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_COMMIT_SHA=$(jq -r '.check_run.head_sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_TARGET_URL=$(jq -r '.check_run.details_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_BRANCHES=" >> "$GITHUB_ENV" + echo "BK_PR_NUMBERS=$(jq -c '[.check_run.pull_requests[].number]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" fi - env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -1426,7 +1450,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write - GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }},buildkite-limited-access[bot] with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md index 94f1695a..c8a774dd 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md @@ -64,6 +64,7 @@ on: roles: [admin, maintainer, write] bots: - "${{ inputs.allowed-bot-users }}" + - "buildkite-limited-access[bot]" concurrency: group: ${{ github.workflow }}-estc-pr-buildkite-detective-${{ github.run_id }} cancel-in-progress: false @@ -88,6 +89,7 @@ network: - "buildkite.com" safe-outputs: activation-comments: false + noop: strict: false timeout-minutes: 30 steps: @@ -98,11 +100,17 @@ steps: if [ "$GITHUB_EVENT_NAME" = "status" ]; then echo "BK_EVENT_ID=$(jq -r '.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_COMMIT_SHA=$(jq -r '.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_COMMIT_SHA=$(jq -r '.commit.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" else echo "BK_EVENT_ID=$(jq -r '.check_run.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_FAILURE_STATE=$(jq -r '.check_run.conclusion' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_COMMIT_SHA=$(jq -r '.check_run.head_sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_TARGET_URL=$(jq -r '.check_run.details_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_BRANCHES=" >> "$GITHUB_ENV" + echo "BK_PR_NUMBERS=$(jq -c '[.check_run.pull_requests[].number]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" fi - name: Repo-specific setup if: ${{ inputs.setup-commands != '' }} @@ -124,6 +132,9 @@ Analyze failed Buildkite CI builds for pull requests in ${{ github.repository }} - **Event ID**: ${{ env.BK_EVENT_ID }} - **Failure State**: ${{ env.BK_FAILURE_STATE }} - **Commit SHA**: ${{ env.BK_COMMIT_SHA }} +- **Target URL**: ${{ env.BK_TARGET_URL }} +- **PR Numbers**: ${{ env.BK_PR_NUMBERS }} +- **Branches**: ${{ env.BK_BRANCHES }} - **Buildkite Organization**: ${{ inputs.buildkite-org }} ## Constraints @@ -155,8 +166,11 @@ Classify each failure to guide your investigation: ### Step 1: Gather Context 1. Use the commit SHA provided in the Context section above. If it is empty, discover it from the PR's commit statuses or check runs. -2. Call `list_pull_requests` for the repository (open PRs), then call `pull_request_read` with method `get` on candidates and keep PRs where `head.sha` matches the failed commit SHA. If none match, call `noop` with message "No pull request associated with failed commit status; nothing to do" and stop. -3. For each matching PR, keep author, branches, and fork status for downstream analysis. +2. Find the associated pull request(s): + - If **PR Numbers** in the Context section above is non-empty (e.g., from `check_run` events), use those PR numbers directly with `pull_request_read` method `get`. + - Otherwise, use `bash` + `gh api repos/${{ github.repository }}/commits/{commit_sha}/pulls` to find PRs containing the commit SHA. If no results, also try searching open PRs whose head branch matches one of the **Branches** listed in the Context section. + - If no PR is found after all attempts, call `noop` with message "No pull request associated with failed commit status; nothing to do" and stop. +3. For each matching PR, call `pull_request_read` with method `get` to capture the author, branches, and fork status for downstream analysis. ### Step 2: Find the Buildkite Build From 66843be9b2d952204f42fd6ed38d3cb8b6a0eb30 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Mar 2026 16:34:29 +0000 Subject: [PATCH 3/6] fix: revert .commit.sha back to .sha for status events Per code review feedback: .sha and .commit.sha should be equivalent in GitHub status events per the docs. Keep .sha for safety. Co-authored-by: strawgate <6384545+strawgate@users.noreply.github.com> --- .github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml | 4 ++-- .github/workflows/gh-aw-estc-pr-buildkite-detective.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml index 303000f6..e618bdcf 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml @@ -36,7 +36,7 @@ # # inlined-imports: true # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"544fc5da6cbff27918feed751b628cff26b71eca29a9de94f7240386f34d1832"} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"056ed7d954ef4d4b95e632bc7178c0268471380ac2ffc587e1f67c443dbdffb5"} name: "PR Buildkite Detective" "on": @@ -629,7 +629,7 @@ jobs: if [ "$GITHUB_EVENT_NAME" = "status" ]; then echo "BK_EVENT_ID=$(jq -r '.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_COMMIT_SHA=$(jq -r '.commit.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_COMMIT_SHA=$(jq -r '.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md index c8a774dd..5a92e9b8 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md @@ -100,7 +100,7 @@ steps: if [ "$GITHUB_EVENT_NAME" = "status" ]; then echo "BK_EVENT_ID=$(jq -r '.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_COMMIT_SHA=$(jq -r '.commit.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_COMMIT_SHA=$(jq -r '.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" From 24933f370dcee9c62506e4cfd1dea90306153fa3 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Mar 2026 17:18:43 +0000 Subject: [PATCH 4/6] fix: extract PR branch commit SHA from .branches[] instead of .sha for status events Co-authored-by: strawgate <6384545+strawgate@users.noreply.github.com> --- ...gh-aw-estc-pr-buildkite-detective.lock.yml | 21 ++----------------- .../gh-aw-estc-pr-buildkite-detective.md | 7 ++++++- 2 files changed, 8 insertions(+), 20 deletions(-) diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml index e618bdcf..41b35217 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml @@ -36,7 +36,7 @@ # # inlined-imports: true # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"056ed7d954ef4d4b95e632bc7178c0268471380ac2ffc587e1f67c443dbdffb5"} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"a56de7b6249243a8ef707caa8ab0bab1e52f8a36a6e658df2febbceda50e74b2"} name: "PR Buildkite Detective" "on": @@ -623,24 +623,7 @@ jobs: run: "set -euo pipefail\nif [ -f \"AGENTS.md\" ]; then\n cp AGENTS.md /tmp/agents.md\n echo \"Repository conventions copied from AGENTS.md to /tmp/agents.md\"\nelse\n OWNER=\"${GITHUB_REPOSITORY%/*}\"\n REPO=\"${GITHUB_REPOSITORY#*/}\"\n summary=$(curl -sf --max-time 15 -X POST https://agents-md-generator.fastmcp.app/mcp \\\n -H \"Content-Type: application/json\" \\\n -H \"Accept: application/json, text/event-stream\" \\\n -d \"{\\\"jsonrpc\\\":\\\"2.0\\\",\\\"id\\\":1,\\\"method\\\":\\\"tools/call\\\",\\\"params\\\":{\\\"name\\\":\\\"generate_agents_md\\\",\\\"arguments\\\":{\\\"owner\\\":\\\"${OWNER}\\\",\\\"repo\\\":\\\"${REPO}\\\"}}}\" \\\n | sed 's/^data: //' \\\n | jq -r '.result.structuredContent.summary // empty' 2>/dev/null) || true\n if [ -n \"$summary\" ]; then\n echo \"$summary\" > /tmp/agents.md\n echo \"Repository conventions written to /tmp/agents.md\"\n else\n echo \"::warning::Could not fetch repository conventions; continuing without them\"\n fi\nfi" shell: bash - name: Resolve event context - run: | - set -euo pipefail - echo "BK_EVENT_NAME=$GITHUB_EVENT_NAME" >> "$GITHUB_ENV" - if [ "$GITHUB_EVENT_NAME" = "status" ]; then - echo "BK_EVENT_ID=$(jq -r '.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_COMMIT_SHA=$(jq -r '.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" - else - echo "BK_EVENT_ID=$(jq -r '.check_run.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_FAILURE_STATE=$(jq -r '.check_run.conclusion' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_COMMIT_SHA=$(jq -r '.check_run.head_sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_TARGET_URL=$(jq -r '.check_run.details_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_BRANCHES=" >> "$GITHUB_ENV" - echo "BK_PR_NUMBERS=$(jq -c '[.check_run.pull_requests[].number]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - fi + run: "set -euo pipefail\necho \"BK_EVENT_NAME=$GITHUB_EVENT_NAME\" >> \"$GITHUB_ENV\"\nif [ \"$GITHUB_EVENT_NAME\" = \"status\" ]; then\n echo \"BK_EVENT_ID=$(jq -r '.id' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_FAILURE_STATE=$(jq -r '.state' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n # .sha is the default-branch HEAD (workflow reference), not the PR commit.\n # The PR branch commit is in .branches[] for the non-default branch.\n DEFAULT_BRANCH=$(jq -r '.repository.default_branch // \"main\"' \"$GITHUB_EVENT_PATH\")\n PR_SHA=$(jq -r --arg db \"$DEFAULT_BRANCH\" \\\n '[.branches[] | select(.name != $db)] | .[0].commit.sha // empty' \"$GITHUB_EVENT_PATH\")\n echo \"BK_COMMIT_SHA=${PR_SHA:-$(jq -r '.sha' \"$GITHUB_EVENT_PATH\")}\" >> \"$GITHUB_ENV\"\n echo \"BK_TARGET_URL=$(jq -r '.target_url // empty' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_BRANCHES=$(jq -c '[.branches[].name]' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_PR_NUMBERS=\" >> \"$GITHUB_ENV\"\nelse\n echo \"BK_EVENT_ID=$(jq -r '.check_run.id' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_FAILURE_STATE=$(jq -r '.check_run.conclusion' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_COMMIT_SHA=$(jq -r '.check_run.head_sha' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_TARGET_URL=$(jq -r '.check_run.details_url // empty' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_BRANCHES=\" >> \"$GITHUB_ENV\"\n echo \"BK_PR_NUMBERS=$(jq -c '[.check_run.pull_requests[].number]' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\nfi\n" - env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md index 5a92e9b8..56e6ac5b 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md @@ -100,7 +100,12 @@ steps: if [ "$GITHUB_EVENT_NAME" = "status" ]; then echo "BK_EVENT_ID=$(jq -r '.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_COMMIT_SHA=$(jq -r '.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + # .sha is the default-branch HEAD (workflow reference), not the PR commit. + # The PR branch commit is in .branches[] for the non-default branch. + DEFAULT_BRANCH=$(jq -r '.repository.default_branch // "main"' "$GITHUB_EVENT_PATH") + PR_SHA=$(jq -r --arg db "$DEFAULT_BRANCH" \ + '[.branches[] | select(.name != $db)] | .[0].commit.sha // empty' "$GITHUB_EVENT_PATH") + echo "BK_COMMIT_SHA=${PR_SHA:-$(jq -r '.sha' "$GITHUB_EVENT_PATH")}" >> "$GITHUB_ENV" echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" From 95a73f1e157d139c6ca46ce4d6a1a751fc814bd5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Mar 2026 18:10:33 +0000 Subject: [PATCH 5/6] fix: use .commit.sha for status events instead of .branches[] workaround Co-authored-by: strawgate <6384545+strawgate@users.noreply.github.com> --- ...gh-aw-estc-pr-buildkite-detective.lock.yml | 21 +++++++++++++++++-- .../gh-aw-estc-pr-buildkite-detective.md | 7 +------ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml index 41b35217..303000f6 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml @@ -36,7 +36,7 @@ # # inlined-imports: true # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"a56de7b6249243a8ef707caa8ab0bab1e52f8a36a6e658df2febbceda50e74b2"} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"544fc5da6cbff27918feed751b628cff26b71eca29a9de94f7240386f34d1832"} name: "PR Buildkite Detective" "on": @@ -623,7 +623,24 @@ jobs: run: "set -euo pipefail\nif [ -f \"AGENTS.md\" ]; then\n cp AGENTS.md /tmp/agents.md\n echo \"Repository conventions copied from AGENTS.md to /tmp/agents.md\"\nelse\n OWNER=\"${GITHUB_REPOSITORY%/*}\"\n REPO=\"${GITHUB_REPOSITORY#*/}\"\n summary=$(curl -sf --max-time 15 -X POST https://agents-md-generator.fastmcp.app/mcp \\\n -H \"Content-Type: application/json\" \\\n -H \"Accept: application/json, text/event-stream\" \\\n -d \"{\\\"jsonrpc\\\":\\\"2.0\\\",\\\"id\\\":1,\\\"method\\\":\\\"tools/call\\\",\\\"params\\\":{\\\"name\\\":\\\"generate_agents_md\\\",\\\"arguments\\\":{\\\"owner\\\":\\\"${OWNER}\\\",\\\"repo\\\":\\\"${REPO}\\\"}}}\" \\\n | sed 's/^data: //' \\\n | jq -r '.result.structuredContent.summary // empty' 2>/dev/null) || true\n if [ -n \"$summary\" ]; then\n echo \"$summary\" > /tmp/agents.md\n echo \"Repository conventions written to /tmp/agents.md\"\n else\n echo \"::warning::Could not fetch repository conventions; continuing without them\"\n fi\nfi" shell: bash - name: Resolve event context - run: "set -euo pipefail\necho \"BK_EVENT_NAME=$GITHUB_EVENT_NAME\" >> \"$GITHUB_ENV\"\nif [ \"$GITHUB_EVENT_NAME\" = \"status\" ]; then\n echo \"BK_EVENT_ID=$(jq -r '.id' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_FAILURE_STATE=$(jq -r '.state' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n # .sha is the default-branch HEAD (workflow reference), not the PR commit.\n # The PR branch commit is in .branches[] for the non-default branch.\n DEFAULT_BRANCH=$(jq -r '.repository.default_branch // \"main\"' \"$GITHUB_EVENT_PATH\")\n PR_SHA=$(jq -r --arg db \"$DEFAULT_BRANCH\" \\\n '[.branches[] | select(.name != $db)] | .[0].commit.sha // empty' \"$GITHUB_EVENT_PATH\")\n echo \"BK_COMMIT_SHA=${PR_SHA:-$(jq -r '.sha' \"$GITHUB_EVENT_PATH\")}\" >> \"$GITHUB_ENV\"\n echo \"BK_TARGET_URL=$(jq -r '.target_url // empty' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_BRANCHES=$(jq -c '[.branches[].name]' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_PR_NUMBERS=\" >> \"$GITHUB_ENV\"\nelse\n echo \"BK_EVENT_ID=$(jq -r '.check_run.id' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_FAILURE_STATE=$(jq -r '.check_run.conclusion' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_COMMIT_SHA=$(jq -r '.check_run.head_sha' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_TARGET_URL=$(jq -r '.check_run.details_url // empty' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\n echo \"BK_BRANCHES=\" >> \"$GITHUB_ENV\"\n echo \"BK_PR_NUMBERS=$(jq -c '[.check_run.pull_requests[].number]' \"$GITHUB_EVENT_PATH\")\" >> \"$GITHUB_ENV\"\nfi\n" + run: | + set -euo pipefail + echo "BK_EVENT_NAME=$GITHUB_EVENT_NAME" >> "$GITHUB_ENV" + if [ "$GITHUB_EVENT_NAME" = "status" ]; then + echo "BK_EVENT_ID=$(jq -r '.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_COMMIT_SHA=$(jq -r '.commit.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" + else + echo "BK_EVENT_ID=$(jq -r '.check_run.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_FAILURE_STATE=$(jq -r '.check_run.conclusion' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_COMMIT_SHA=$(jq -r '.check_run.head_sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_TARGET_URL=$(jq -r '.check_run.details_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_BRANCHES=" >> "$GITHUB_ENV" + echo "BK_PR_NUMBERS=$(jq -c '[.check_run.pull_requests[].number]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + fi - env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md index 56e6ac5b..c8a774dd 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md @@ -100,12 +100,7 @@ steps: if [ "$GITHUB_EVENT_NAME" = "status" ]; then echo "BK_EVENT_ID=$(jq -r '.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - # .sha is the default-branch HEAD (workflow reference), not the PR commit. - # The PR branch commit is in .branches[] for the non-default branch. - DEFAULT_BRANCH=$(jq -r '.repository.default_branch // "main"' "$GITHUB_EVENT_PATH") - PR_SHA=$(jq -r --arg db "$DEFAULT_BRANCH" \ - '[.branches[] | select(.name != $db)] | .[0].commit.sha // empty' "$GITHUB_EVENT_PATH") - echo "BK_COMMIT_SHA=${PR_SHA:-$(jq -r '.sha' "$GITHUB_EVENT_PATH")}" >> "$GITHUB_ENV" + echo "BK_COMMIT_SHA=$(jq -r '.commit.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" From 9deb89ad0aa6a2611392a4c25a42435cc1a89f48 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Mar 2026 19:31:19 +0000 Subject: [PATCH 6/6] fix: jq null-safety, empty BK_PR_NUMBERS, and PR candidate validation Co-authored-by: strawgate <6384545+strawgate@users.noreply.github.com> --- .../workflows/gh-aw-estc-pr-buildkite-detective.lock.yml | 8 ++++---- .github/workflows/gh-aw-estc-pr-buildkite-detective.md | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml index d9085e32..3b835172 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.lock.yml @@ -36,7 +36,7 @@ # # inlined-imports: true # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"544fc5da6cbff27918feed751b628cff26b71eca29a9de94f7240386f34d1832"} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"df8ca7d584d83760b992c10ddce0dd529cb00c17400cf20aff40103ae7002b6e"} name: "PR Buildkite Detective" "on": @@ -369,7 +369,7 @@ jobs: 1. Use the commit SHA provided in the Context section above. If it is empty, discover it from the PR's commit statuses or check runs. 2. Find the associated pull request(s): - If **PR Numbers** in the Context section above is non-empty (e.g., from `check_run` events), use those PR numbers directly with `pull_request_read` method `get`. - - Otherwise, use `bash` + `gh api repos/__GH_AW_GITHUB_REPOSITORY__/commits/{commit_sha}/pulls` to find PRs containing the commit SHA. If no results, also try searching open PRs whose head branch matches one of the **Branches** listed in the Context section. + - Otherwise, use `bash` + `gh api repos/__GH_AW_GITHUB_REPOSITORY__/commits/{commit_sha}/pulls` to find PRs containing the commit SHA. Filter the results to keep only PRs whose `state` is `"open"` and, when **Branches** is available, whose `head.ref` matches one of the listed branches. If no candidates remain, also try searching open PRs whose head branch matches one of the **Branches** listed in the Context section. - If no PR is found after all attempts, call `noop` with message "No pull request associated with failed commit status; nothing to do" and stop. 3. For each matching PR, call `pull_request_read` with method `get` to capture the author, branches, and fork status for downstream analysis. @@ -631,7 +631,7 @@ jobs: echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_COMMIT_SHA=$(jq -r '.commit.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_BRANCHES=$(jq -c '[(.branches // [])[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" else echo "BK_EVENT_ID=$(jq -r '.check_run.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" @@ -639,7 +639,7 @@ jobs: echo "BK_COMMIT_SHA=$(jq -r '.check_run.head_sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_TARGET_URL=$(jq -r '.check_run.details_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_BRANCHES=" >> "$GITHUB_ENV" - echo "BK_PR_NUMBERS=$(jq -c '[.check_run.pull_requests[].number]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_PR_NUMBERS=$(jq -rc '[(.check_run.pull_requests // [])[].number] | if length == 0 then "" else . end' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" fi - env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md index c8a774dd..4e71c113 100644 --- a/.github/workflows/gh-aw-estc-pr-buildkite-detective.md +++ b/.github/workflows/gh-aw-estc-pr-buildkite-detective.md @@ -102,7 +102,7 @@ steps: echo "BK_FAILURE_STATE=$(jq -r '.state' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_COMMIT_SHA=$(jq -r '.commit.sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_TARGET_URL=$(jq -r '.target_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" - echo "BK_BRANCHES=$(jq -c '[.branches[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_BRANCHES=$(jq -c '[(.branches // [])[].name]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_PR_NUMBERS=" >> "$GITHUB_ENV" else echo "BK_EVENT_ID=$(jq -r '.check_run.id' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" @@ -110,7 +110,7 @@ steps: echo "BK_COMMIT_SHA=$(jq -r '.check_run.head_sha' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_TARGET_URL=$(jq -r '.check_run.details_url // empty' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" echo "BK_BRANCHES=" >> "$GITHUB_ENV" - echo "BK_PR_NUMBERS=$(jq -c '[.check_run.pull_requests[].number]' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" + echo "BK_PR_NUMBERS=$(jq -rc '[(.check_run.pull_requests // [])[].number] | if length == 0 then "" else . end' "$GITHUB_EVENT_PATH")" >> "$GITHUB_ENV" fi - name: Repo-specific setup if: ${{ inputs.setup-commands != '' }} @@ -168,7 +168,7 @@ Classify each failure to guide your investigation: 1. Use the commit SHA provided in the Context section above. If it is empty, discover it from the PR's commit statuses or check runs. 2. Find the associated pull request(s): - If **PR Numbers** in the Context section above is non-empty (e.g., from `check_run` events), use those PR numbers directly with `pull_request_read` method `get`. - - Otherwise, use `bash` + `gh api repos/${{ github.repository }}/commits/{commit_sha}/pulls` to find PRs containing the commit SHA. If no results, also try searching open PRs whose head branch matches one of the **Branches** listed in the Context section. + - Otherwise, use `bash` + `gh api repos/${{ github.repository }}/commits/{commit_sha}/pulls` to find PRs containing the commit SHA. Filter the results to keep only PRs whose `state` is `"open"` and, when **Branches** is available, whose `head.ref` matches one of the listed branches. If no candidates remain, also try searching open PRs whose head branch matches one of the **Branches** listed in the Context section. - If no PR is found after all attempts, call `noop` with message "No pull request associated with failed commit status; nothing to do" and stop. 3. For each matching PR, call `pull_request_read` with method `get` to capture the author, branches, and fork status for downstream analysis.