Skip to content

Improve cleanup workflow resilience and fork compatibility #6822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jstirnaman merged 4 commits into from
Feb 17, 2026
Merged

Improve cleanup workflow resilience and fork compatibility #6822

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c6671b2
Initial plan
Copilot Feb 12, 2026
cf67e9d
fix(ci): improve cleanup workflow resilience and fork compatibility
Copilot Feb 12, 2026
8c68aae
fix(ci): add error handling and security documentation
Copilot Feb 12, 2026
3f3bf6f
fix(ci): make merge strategy explicit in fallback
Copilot Feb 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .claude/commands/plan.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,4 +181,4 @@ Agent: Updated PLAN.md:
- PLAN.md is ephemeral - delete before merging to main
- Use `/finish` skill to properly cleanup and merge
- Tasks use standard markdown checkbox format: `- [ ]` and `- [x]`
- The startup hook auto-injects PLAN.md at session start
- A startup hook can be configured to auto-inject PLAN.md at session start
18 changes: 16 additions & 2 deletions .github/workflows/cleanup-ephemeral-docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
# These files are tracked on feature branches but should be deleted before
# merge. If they slip through, this action cleans them up.
#
# Security Note: Uses pull_request_target to ensure write permissions for
# PRs from forks. This is safe because:
# 1. The workflow only checks out the base branch (not PR code)
# 2. File paths are validated (hardcoded list of allowed files)
# 3. No PR-controlled code is executed
#
# To use in your repo:
# 1. Copy this file to .github/workflows/cleanup-ephemeral-docs.yml
# 2. Update the 'branches' list to match your main branch (master or main)
Expand All @@ -20,7 +26,7 @@
name: Cleanup ephemeral docs

on:
pull_request:
pull_request_target:
types: [closed]
branches:
- master
Expand All @@ -40,7 +46,7 @@ jobs:
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.base.ref }}
fetch-depth: 1
fetch-depth: 0

- name: Check for ephemeral files
id: check
Expand Down Expand Up @@ -72,6 +78,14 @@ jobs:
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"

# Pull latest changes to avoid non-fast-forward errors
# If rebase fails due to conflicts, fall back to regular merge
if ! git pull --rebase origin ${{ github.event.pull_request.base.ref }}; then
echo "Rebase failed, falling back to merge"
git rebase --abort
git pull --no-rebase --no-edit origin ${{ github.event.pull_request.base.ref }}
fi

# Remove files
git rm -f ${{ steps.check.outputs.files }}

Expand Down