[build] require ci rbe to pass to merge pin browsers#17431
Closed
titusfortner wants to merge 1 commit into
Closed
Conversation
Contributor
Review Summary by QodoImplement CI-RBE gated auto-merge for pin browser PRs
WalkthroughsDescription• Create automerge workflow triggered by CI-RBE completion • Validate PR eligibility before auto-merging pin browser updates • Check for failed checks to prevent merging broken PRs • Replace direct merge with automerge label application Diagramflowchart LR
A["CI-RBE Workflow Completes"] -->|success event| B["Automerge Workflow Triggered"]
B --> C["Check PR Eligibility"]
C -->|open, correct SHA, automerge label| D["Check for Failed Checks"]
D -->|no failures| E["Enable Auto-Merge"]
D -->|failures found| F["Skip Merge"]
C -->|ineligible| F
G["Pin Browsers Workflow"] -->|add automerge label| H["PR Ready for Auto-Merge"]
File Changes1. .github/workflows/automerge.yml
|
Contributor
Code Review by Qodo
1. Missed failures due pagination
|
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a dedicated auto-merge mechanism for the pinned browser update PRs so they only become merge-eligible after CI - RBE completes successfully, preventing auto-merges when RBE fails.
Changes:
- Update the pinned browsers workflow to label the created PR with
automergeinstead of enabling auto-merge immediately. - Add a new
automergeworkflow triggered by successful CI - RBEworkflow_runevents that enables auto-merge for eligible PRs.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| .github/workflows/pin-browsers.yml | Switches from immediate gh pr merge --auto to applying an automerge label on the bot-created PR. |
| .github/workflows/automerge.yml | New workflow that runs after successful CI-RBE completion and enables auto-merge for labeled PRs from selenium-ci. |
| if: steps.eligible.outputs.eligible == 'true' | ||
| id: checks | ||
| run: | | ||
| failed=$(gh api "repos/$REPO/commits/$SHA/check-runs" --jq 'any(.check_runs[]; .conclusion == "failure" or .conclusion == "cancelled")') |
Member
There was a problem hiding this comment.
I think having .conclusion != "success" is better than checking for other states. After changing this, we should be good to merge.
Comment on lines
+39
to
+41
| run: | | ||
| failed=$(gh api "repos/$REPO/commits/$SHA/check-runs" --jq 'any(.check_runs[]; .conclusion == "failure" or .conclusion == "cancelled")') | ||
| echo "failed=$failed" >> "$GITHUB_OUTPUT" |
Contributor
There was a problem hiding this comment.
1. Missed failures due pagination 🐞 Bug ☼ Reliability
The automerge job queries the Checks API without pagination, so it can miss failures beyond the first page and still enable auto-merge even though some checks already failed.
Agent Prompt
### Issue description
The automerge workflow checks `check-runs` for a commit SHA without pagination, so it may miss failed checks that appear on later pages and incorrectly proceed to enable auto-merge.
### Issue Context
This repo’s CI workflow fans out into many jobs/reusable workflows, increasing the likelihood that check runs exceed the default page size.
### Fix Focus Areas
- .github/workflows/automerge.yml[36-41]
### Suggested approach
- Use `gh api --paginate` and aggregate pages before applying `jq`, e.g.:
- `gh api --paginate "repos/$REPO/commits/$SHA/check-runs?per_page=100" | jq -s 'any(.[].check_runs[]; ... )'`
- Alternatively, use a PR-centric command that already handles pagination (e.g., `gh pr checks`) if it provides the needed signal.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| pr="${pr_url##*/}" | ||
| fi | ||
| gh pr merge "$pr" --auto --squash --delete-branch | ||
| gh pr edit "$pr" --add-label automerge |
Contributor
There was a problem hiding this comment.
2. Label timing blocks automerge 🐞 Bug ☼ Reliability
pin-browsers.yml now only applies the "automerge" label; if a pinned-browser PR already exists and CI - RBE already succeeded before the label is added, the workflow_run-triggered automerge workflow will not run and the PR can remain unmerged.
Agent Prompt
### Issue description
When `pin-browsers.yml` finds an existing PR, it adds the `automerge` label but does not guarantee an additional `CI - RBE` completion event will occur afterward. If `CI - RBE` already passed for the current head SHA, the automerge workflow won’t run and the PR can get stuck.
### Issue Context
This is most likely during rollout/transition (existing open PRs) or any scenario where the label is applied after CI has already completed.
### Fix Focus Areas
- .github/workflows/pin-browsers.yml[46-58]
- .github/workflows/automerge.yml[3-7]
### Suggested approach (pick one)
1) **Trigger automerge evaluation on labeling**
- Add `pull_request: { types: [labeled] }` (and/or `pull_request_target` if appropriate) to `automerge.yml`, and re-check eligibility + CI status before enabling auto-merge.
2) **One-shot evaluation in pin-browsers**
- After adding the label, query whether `CI - RBE` already succeeded for the PR head SHA; if yes and no failed checks exist, run `gh pr merge ... --auto --match-head-commit` immediately (single query, no polling).
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Member
Author
|
I've changed my mind; we may want this approach for something later, but for now we just won't auto-merge and that's fine. |
Member
|
👍 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The problem is that right now the pin browser PRs are being auto-merged even when they fail. The way GitHub manages what "pass all tests" is very strict. When we say nothing can get merged that doesn't pass CI-RBE tests, then no one can push directly to trunk even with admin permissions.
💥 What does this PR do?
Whenever ci-rbe workflow passes, the automerge workflow will run to see if it is a PR by ci-selenium and if it has an automerge label, and merges it.
🔧 Implementation Notes
We could poll to wait for all passing checks, but that seems wasteful
I added logic so that while it won't wait for other checks, it won't merge if another check has already come back as failed.
🤖 AI assistance
💡 Additional Considerations
🔄 Types of changes