Skip to content

ci: use peter-evans/create-pull-request in update-help-command workflow#2602

Merged
leifdreizler merged 2 commits into
mainfrom
use-signed-commits
May 5, 2026
Merged

ci: use peter-evans/create-pull-request in update-help-command workflow#2602
leifdreizler merged 2 commits into
mainfrom
use-signed-commits

Conversation

@leifdreizler
Copy link
Copy Markdown
Contributor

@leifdreizler leifdreizler commented May 4, 2026
edited
Loading

Summary

  • Replace the manual git checkout -b / git config / git commit / git push / gh pr create block in .github/workflows/update-help-command.yml with a single peter-evans/create-pull-request step that handles branch creation, staging, commit, push, and PR open-or-update.
  • Pin actions/checkout and peter-evans/create-pull-request to commit SHAs per the supply-chain policy.

Test plan

  • Trigger the workflow via workflow_dispatch and confirm it opens (or updates) a PR titled Update help command output for Semgrep <version> with the expected file changes.
  • Re-run with no upstream changes and confirm the action exits cleanly (no PR / no-op) instead of failing.

@leifdreizler @claude
ci: use step-security/create-pull-request in update-help-command
26f0bde 
Replaces the manual git checkout/config/commit/push and `gh pr create`
plumbing with a single step that opens or updates the PR. Also pins
actions/checkout to a commit SHA per supply-chain policy.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@netlify
Copy link
Copy Markdown

netlify Bot commented May 4, 2026
edited
Loading

Deploy Preview for semgrep-docs-prod ready!

Name Link
🔨 Latest commit 8be0995
🔍 Latest deploy log https://app.netlify.com/projects/semgrep-docs-prod/deploys/69f92d8578b92a0009690bee
😎 Deploy Preview https://deploy-preview-2602--semgrep-docs-prod.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@leifdreizler @claude
ci: swap step-security/create-pull-request for peter-evans/create-pul…
8be0995 
…l-request

The step-security fork's runtime subscription check 403s on this org,
failing the workflow. Switch back to the upstream peter-evans action,
which has identical inputs/outputs and no gate. Pinned to v8.1.1 SHA.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@leifdreizler leifdreizler changed the title ci: use step-security/create-pull-request in update-help-command workflow ci: use peter-evans/create-pull-request in update-help-command workflow May 4, 2026
@leifdreizler leifdreizler marked this pull request as ready for review May 4, 2026 23:41
@leifdreizler leifdreizler requested a review from khorne3 May 4, 2026 23:41
@leifdreizler leifdreizler enabled auto-merge (squash) May 4, 2026 23:43
@leifdreizler leifdreizler merged commit 4ad9900 into main May 5, 2026
9 checks passed
@leifdreizler leifdreizler deleted the use-signed-commits branch May 5, 2026 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@khorne3 khorne3 khorne3 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leifdreizler @khorne3