From f2c9c059394034c7059b1dd8afee169d6b36750a Mon Sep 17 00:00:00 2001 From: jacobjmc Date: Sat, 7 Mar 2026 15:48:07 +1100 Subject: [PATCH 1/4] fix: keep release green when auto PR creation is blocked --- .github/workflows/release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7e4b3d9..94b3e74 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -688,8 +688,10 @@ jobs: git commit -m "chore: bump version to ${NEXT_VERSION}" git push origin "chore/bump-version-${NEXT_VERSION}" - gh pr create \ + if ! gh pr create \ --title "chore: bump version to ${NEXT_VERSION}" \ --body "Post-release version bump to ${NEXT_VERSION}." \ --base main \ - --head "chore/bump-version-${NEXT_VERSION}" + --head "chore/bump-version-${NEXT_VERSION}"; then + echo "::warning::GitHub Actions could not create the post-release PR. The branch chore/bump-version-${NEXT_VERSION} was pushed successfully; open the PR manually." + fi From b13b40f521bb204d4e7166710a327566cf2add8a Mon Sep 17 00:00:00 2001 From: jacobjmc Date: Sat, 7 Mar 2026 16:04:13 +1100 Subject: [PATCH 2/4] ci: skip tauri build matrix on non-code PRs --- .github/workflows/ci.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75bbfb6..ac6f57b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,6 +7,28 @@ on: branches: ["main"] jobs: + changes: + runs-on: ubuntu-latest + outputs: + tauri_build: ${{ steps.filter.outputs.tauri_build }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - id: filter + uses: dorny/paths-filter@v3 + with: + filters: | + tauri_build: + - 'src/**' + - 'src-tauri/**' + - 'package.json' + - 'package-lock.json' + - 'index.html' + - 'vite.config.*' + - 'tsconfig*.json' + - 'scripts/**' + lint: runs-on: ubuntu-latest steps: @@ -102,10 +124,12 @@ jobs: name: Tauri build (${{ matrix.platform.name }}) runs-on: ${{ matrix.platform.os }} needs: + - changes - lint - typecheck - test-js - test-tauri + if: github.event_name != 'pull_request' || needs.changes.outputs.tauri_build == 'true' strategy: fail-fast: false matrix: From fb3b2ab170f326061eb64a2d5085a03eac4c6f9f Mon Sep 17 00:00:00 2001 From: jacobjmc Date: Sat, 7 Mar 2026 16:05:31 +1100 Subject: [PATCH 3/4] ci: grant path filter read access --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ac6f57b..cdc4047 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,6 +6,10 @@ on: pull_request: branches: ["main"] +permissions: + contents: read + pull-requests: read + jobs: changes: runs-on: ubuntu-latest From 1547d835d21c70582c521e2c631842d42e5d6f0e Mon Sep 17 00:00:00 2001 From: jacobjmc Date: Sat, 7 Mar 2026 16:10:05 +1100 Subject: [PATCH 4/4] fix: only ignore expected post-release PR error --- .github/workflows/release.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 94b3e74..42e1f70 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -688,10 +688,21 @@ jobs: git commit -m "chore: bump version to ${NEXT_VERSION}" git push origin "chore/bump-version-${NEXT_VERSION}" + PR_CREATE_LOG=$(mktemp) if ! gh pr create \ --title "chore: bump version to ${NEXT_VERSION}" \ --body "Post-release version bump to ${NEXT_VERSION}." \ --base main \ - --head "chore/bump-version-${NEXT_VERSION}"; then - echo "::warning::GitHub Actions could not create the post-release PR. The branch chore/bump-version-${NEXT_VERSION} was pushed successfully; open the PR manually." + --head "chore/bump-version-${NEXT_VERSION}" >"$PR_CREATE_LOG" 2>&1; then + if grep -q "GitHub Actions is not permitted to create or approve pull requests" "$PR_CREATE_LOG"; then + echo "::warning::GitHub Actions could not create the post-release PR due to repository policy. The branch chore/bump-version-${NEXT_VERSION} was pushed successfully; open the PR manually." + cat "$PR_CREATE_LOG" + else + cat "$PR_CREATE_LOG" + rm -f "$PR_CREATE_LOG" + exit 1 + fi + else + cat "$PR_CREATE_LOG" fi + rm -f "$PR_CREATE_LOG"