From 3c2490a081d6c48b5ad8f28afb839b9dcd65e76f Mon Sep 17 00:00:00 2001 From: Mary Dickson Date: Fri, 10 Apr 2026 13:35:12 -0700 Subject: [PATCH] fix(ci): sign bot commits and auto-update specs on build failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use the numeric user ID prefix in the github-actions[bot] email so commits are verified (required by branch protection). Make the update-vendored-specs workflow callable via workflow_call, and invoke it from test-deploy when the build fails — so stale specs get refreshed automatically without using the workflow_run trigger. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/test-deploy.yaml | 5 +++++ .github/workflows/update-vendored-specs.yaml | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-deploy.yaml b/.github/workflows/test-deploy.yaml index 2e95bed9..9fa16b4e 100644 --- a/.github/workflows/test-deploy.yaml +++ b/.github/workflows/test-deploy.yaml @@ -26,3 +26,8 @@ jobs: run: npm run build env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + update-vendored-specs: + needs: test-deploy + if: failure() + uses: ./.github/workflows/update-vendored-specs.yaml diff --git a/.github/workflows/update-vendored-specs.yaml b/.github/workflows/update-vendored-specs.yaml index 83a14634..8ca2cd1d 100644 --- a/.github/workflows/update-vendored-specs.yaml +++ b/.github/workflows/update-vendored-specs.yaml @@ -2,6 +2,7 @@ name: Update vendored OpenAPI specs on: workflow_dispatch: + workflow_call: concurrency: group: update-vendored-specs @@ -26,7 +27,7 @@ jobs: - name: Set up git identity run: | git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - name: Install dependencies run: npm ci