Fix PR checkout to support fork PRs#851
Merged
ashwin-ant merged 1 commit intoanthropics:mainfrom Feb 10, 2026
Merged
Conversation
|
@ashwin-ant @chrislloyd, sorry for the direct ping, but this fix is blocking PyTorch's adoption of claude-code-action, as we rely heavily on fork PRs from external contributors. Would appreciate a review if possible. see also: #821 |
przemien
approved these changes
Jan 28, 2026
Collaborator
|
Has this been tested on a branch? |
good question. tested it just now. it works with a caveat. In the case when the forked branch name doesn't exist in the upstream repo everything works: however, if the forked branch conflicts with the branch in original repo, it fails (in this example using the currently working case of non-forked PRs still work as before. @ashwin-ant, in the current state it's better than nothing (e.g. for PyTorch 90+% all of the forked PRs would work vs 0% currently), but if you think that's not enough I could create another PR with a proper fix (like, generating unique branch names for forked PRs that are guaranteed to not conflict) please let me know your thoughts. |
ashwin-ant
approved these changes
Jan 28, 2026
ashwin-ant
requested changes
Jan 28, 2026
Collaborator
ashwin-ant
left a comment
There was a problem hiding this comment.
Actually, does this allow the fork repo to make use of the source repo's ANTHROPIC_API_KEY? That's probably not something most open source repos would want.
how so? could you please elaborate? for the context: the PR is still opened in the source repo, just from the fork here's a concrete example of the issue we're trying to fix here |
Contributor
Author
Not by default, you would need to enable it in the fork settings, My usage scenario is for only private repos and was thinking only of my personal use but, I do think it would be better to be explicit about this tbh when considering OSS projects. I would imagine that OSS would need to have a similar set up to here were the CI doesn't run until a review is completed but that really needs to have some additional documentation to outline the risks. |
|
@ashwin-ant, sorry for the direct ping again, but do you mind clarifying what you mean by:
I don't understand how this fix is related to the source repo's secret. Could you please describe the specific scenario you're concerned about, and, if possible, provide a direction on how we can address the existing bug with the constraints that you have in mind. |
No it should not have access to the API key since that's only a secret that would exist in the source repo. The action also does not run in the forked repository so there's no way for the secret to actually be accessible. |
pytorchmergebot
pushed a commit
to pytorch/pytorch
that referenced
this pull request
Jan 29, 2026
While anthropics/claude-code-action#851 is under review, switching claude code action to our own fork that has proper support for the forked PRs. tested in ciforge Here's the [patch to the forked action.](https://github.com/izaitsevfb/claude-code-action/compare/main...izaitsevfb:claude-code-action:forked-pr-fix?expand=1) Pull Request resolved: #173748 Approved by: https://github.com/huydhn
|
Should the edge case described by @izaitsevfb with matching branch names perhaps be handled as well? I believe he has suggested solution for that here. |
kapilsh
pushed a commit
to kapilsh/pytorch
that referenced
this pull request
Feb 2, 2026
) While anthropics/claude-code-action#851 is under review, switching claude code action to our own fork that has proper support for the forked PRs. tested in ciforge Here's the [patch to the forked action.](https://github.com/izaitsevfb/claude-code-action/compare/main...izaitsevfb:claude-code-action:forked-pr-fix?expand=1) Pull Request resolved: pytorch#173748 Approved by: https://github.com/huydhn
|
We are also blocked by this and have resorted to maintaining a fork similar to pytorch |
ashwin-ant
previously approved these changes
Feb 3, 2026
Collaborator
|
Can we run |
Use GitHub's PR refs (pull/NUMBER/head) instead of fetching branch
by name. This works for both same-repo and fork PRs because GitHub
automatically creates these refs in the base repository for all PRs.
The branch name doesn't exist on origin for fork PRs, causing:
fatal: couldn't find remote ref <branch-name>
Using pull/${entityNumber}/head:${branchName} fetches the PR head
and creates a local branch with the correct name.
Fixes issues with tag mode failing on fork PRs.
Contributor
Author
Thanks @ashwin-ant, updated the PR |
Contributor
Author
|
@ashwin-ant Just wondering if we could get this merged |
ashwin-ant
approved these changes
Feb 10, 2026
Collaborator
|
Sorry for the delay here! |
kirisame-wang
pushed a commit
to kirisame-wang/claude-code-action
that referenced
this pull request
Feb 11, 2026
The previous implementation used the PR's original branch name when
fetching, which could conflict with existing local or remote branches
of the same name. This caused checkout failures for PRs with common
branch names like 'main' or 'feature/xyz'.
Changes:
- Use 'pr-{number}' format for local branch names (e.g., pr-385)
- Preserve original branch name for logging purposes
- Add detailed logging showing original -> local branch mapping
This ensures uniqueness since PR numbers are unique per repository,
while maintaining support for both same-repo and fork PRs via
GitHub's pull/{number}/head refs.
Fixes the issue introduced in anthropics#851 where fork PR support was added.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
kirisame-wang
pushed a commit
to kirisame-wang/claude-code-action
that referenced
this pull request
Feb 11, 2026
The previous implementation used the PR's original branch name when
fetching, which could conflict with existing local or remote branches
of the same name. This caused checkout failures for PRs with common
branch names like 'main' or 'feature/xyz'.
Changes:
- Use 'pr-{number}' format for local branch names (e.g., pr-385)
- Preserve original branch name for logging purposes
- Add detailed logging showing original -> local branch mapping
This ensures uniqueness since PR numbers are unique per repository,
while maintaining support for both same-repo and fork PRs via
GitHub's pull/{number}/head refs.
Fixes the issue introduced in anthropics#851 where fork PR support was added.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Contributor
|
This probably caused #930 Action is broken now. |
I tried.. |
This was referenced Feb 11, 2026
ashwin-ant
pushed a commit
that referenced
this pull request
Feb 12, 2026
…#931) The previous implementation used the PR's original branch name when fetching, which could conflict with existing local or remote branches of the same name. This caused checkout failures for PRs with common branch names like 'main' or 'feature/xyz'. Changes: - Use 'pr-{number}' format for local branch names (e.g., pr-385) - Preserve original branch name for logging purposes - Add detailed logging showing original -> local branch mapping This ensures uniqueness since PR numbers are unique per repository, while maintaining support for both same-repo and fork PRs via GitHub's pull/{number}/head refs. Fixes the issue introduced in #851 where fork PR support was added. Co-authored-by: Yi-Cheng Wang <yicheng.wang@heph-ai.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
ashwin-ant
added a commit
that referenced
this pull request
Feb 12, 2026
Reverts the following commits: - f669191 fix: use unique local branch names for PR checkout to avoid conflicts (#931) - 21e3fe0 Fix PR checkout to support fork PRs (#851) Simplifies PR branch checkout back to using headRefName directly instead of the pr-{number} local branch naming scheme introduced in #931 and the GitHub pull ref fetch approach introduced in #851. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3 tasks
ashwin-ant
added a commit
that referenced
this pull request
Feb 12, 2026
Reverts the following commits: - f669191 fix: use unique local branch names for PR checkout to avoid conflicts (#931) - 21e3fe0 Fix PR checkout to support fork PRs (#851) Simplifies PR branch checkout back to using headRefName directly instead of the pr-{number} local branch naming scheme introduced in #931 and the GitHub pull ref fetch approach introduced in #851. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Collaborator
|
Had to back this out due to #936 |
mergify bot
added a commit
to ArcadeData/arcadedb
that referenced
this pull request
Feb 15, 2026
Bumps the github-actions group with 2 updates: [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `anthropics/claude-code-action` from 1.0.46 to 1.0.51 Release notes *Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).* > v1.0.51 > ------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.51> > > v1.0.50 > ------- > > What's Changed > -------------- > > * revert: undo PR checkout fork support and unique branch naming by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#937](https://redirect.github.com/anthropics/claude-code-action/pull/937) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.50> > > v1.0.49 > ------- > > What's Changed > -------------- > > * fix: replace deprecated :\* with modern \* wildcard in git permissions by [`@Dave-London`](https://github.com/Dave-London) in [anthropics/claude-code-action#929](https://redirect.github.com/anthropics/claude-code-action/pull/929) > * fix: skip CI MCP server installation when actions:read permission is missing by [`@OctavianGuzu`](https://github.com/OctavianGuzu) in [anthropics/claude-code-action#933](https://redirect.github.com/anthropics/claude-code-action/pull/933) > * Fix/PR checkout branch name conflicts by [`@kirisame-wang`](https://github.com/kirisame-wang) in [anthropics/claude-code-action#931](https://redirect.github.com/anthropics/claude-code-action/pull/931) > > New Contributors > ---------------- > > * [`@OctavianGuzu`](https://github.com/OctavianGuzu) made their first contribution in [anthropics/claude-code-action#933](https://redirect.github.com/anthropics/claude-code-action/pull/933) > * [`@kirisame-wang`](https://github.com/kirisame-wang) made their first contribution in [anthropics/claude-code-action#931](https://redirect.github.com/anthropics/claude-code-action/pull/931) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.49> > > v1.0.48 > ------- > > What's Changed > -------------- > > * Fix PR checkout to support fork PRs by [`@Tsuesun`](https://github.com/Tsuesun) in [anthropics/claude-code-action#851](https://redirect.github.com/anthropics/claude-code-action/pull/851) > > New Contributors > ---------------- > > * [`@Tsuesun`](https://github.com/Tsuesun) made their first contribution in [anthropics/claude-code-action#851](https://redirect.github.com/anthropics/claude-code-action/pull/851) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.48> > > v1.0.47 > ------- > > What's Changed > -------------- > > * Update claude-opus-4-5 to claude-opus-4-6 in workflow by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#909](https://redirect.github.com/anthropics/claude-code-action/pull/909) > * fix: skip dev dependencies in CI install step by [`@Dave-London`](https://github.com/Dave-London) in [anthropics/claude-code-action#919](https://redirect.github.com/anthropics/claude-code-action/pull/919) > > New Contributors > ---------------- > > * [`@Dave-London`](https://github.com/Dave-London) made their first contribution in [anthropics/claude-code-action#919](https://redirect.github.com/anthropics/claude-code-action/pull/919) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.47> Commits * [`ea36d6a`](anthropics/claude-code-action@ea36d6a) chore: bump Claude Code to 2.1.42 and Agent SDK to 0.2.42 * [`c22f7c3`](anthropics/claude-code-action@c22f7c3) revert: undo PR checkout fork support and unique branch naming ([#937](https://redirect.github.com/anthropics/claude-code-action/issues/937)) * [`f669191`](anthropics/claude-code-action@f669191) fix: use unique local branch names for PR checkout to avoid conflicts ([#931](https://redirect.github.com/anthropics/claude-code-action/issues/931)) * [`8c383c5`](anthropics/claude-code-action@8c383c5) fix: skip CI MCP server installation when actions:read permission is missing ... * [`1bb0e74`](anthropics/claude-code-action@1bb0e74) fix: replace deprecated :\* with modern \* wildcard in git permissions ([#929](https://redirect.github.com/anthropics/claude-code-action/issues/929)) * [`23ed4cb`](anthropics/claude-code-action@23ed4cb) chore: bump Claude Code to 2.1.39 and Agent SDK to 0.2.39 * [`21e3fe0`](anthropics/claude-code-action@21e3fe0) Fix PR checkout to support fork PRs ([#851](https://redirect.github.com/anthropics/claude-code-action/issues/851)) * [`b433f16`](anthropics/claude-code-action@b433f16) chore: bump Claude Code to 2.1.38 and Agent SDK to 0.2.38 * [`7695f78`](anthropics/claude-code-action@7695f78) fix: skip dev dependencies in CI install step ([#919](https://redirect.github.com/anthropics/claude-code-action/issues/919)) * [`d5b01b6`](anthropics/claude-code-action@d5b01b6) Update claude-opus-4-5 to claude-opus-4-6 in workflow ([#909](https://redirect.github.com/anthropics/claude-code-action/issues/909)) * See full diff in [compare view](anthropics/claude-code-action@6c61301...ea36d6a) Updates `github/codeql-action` from 4.32.2 to 4.32.3 Release notes *Sourced from [github/codeql-action's releases](https://github.com/github/codeql-action/releases).* > v4.32.3 > ------- > > * Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [#3466](https://redirect.github.com/github/codeql-action/pull/3466) Changelog *Sourced from [github/codeql-action's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).* > CodeQL Action Changelog > ======================= > > See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. > > [UNRELEASED] > ------------ > > No user facing changes. > > 4.32.3 - 13 Feb 2026 > -------------------- > > * Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [#3466](https://redirect.github.com/github/codeql-action/pull/3466) > > 4.32.2 - 05 Feb 2026 > -------------------- > > * Update default CodeQL bundle version to [2.24.1](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1). [#3460](https://redirect.github.com/github/codeql-action/pull/3460) > > 4.32.1 - 02 Feb 2026 > -------------------- > > * A warning is now shown in Default Setup workflow logs if a [private package registry is configured](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries) using a GitHub Personal Access Token (PAT), but no username is configured. [#3422](https://redirect.github.com/github/codeql-action/pull/3422) > * Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. [#3421](https://redirect.github.com/github/codeql-action/pull/3421) > > 4.32.0 - 26 Jan 2026 > -------------------- > > * Update default CodeQL bundle version to [2.24.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0). [#3425](https://redirect.github.com/github/codeql-action/pull/3425) > > 4.31.11 - 23 Jan 2026 > --------------------- > > * When running a Default Setup workflow with [Actions debugging enabled](https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging), the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. [#3409](https://redirect.github.com/github/codeql-action/pull/3409) > * Improved error handling throughout the CodeQL Action. [#3415](https://redirect.github.com/github/codeql-action/pull/3415) > * Added experimental support for automatically excluding [generated files](https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github) from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. [#3318](https://redirect.github.com/github/codeql-action/pull/3318) > * The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. [#3403](https://redirect.github.com/github/codeql-action/pull/3403) > > 4.31.10 - 12 Jan 2026 > --------------------- > > * Update default CodeQL bundle version to 2.23.9. [#3393](https://redirect.github.com/github/codeql-action/pull/3393) > > 4.31.9 - 16 Dec 2025 > -------------------- > > No user facing changes. > > 4.31.8 - 11 Dec 2025 > -------------------- > > * Update default CodeQL bundle version to 2.23.8. [#3354](https://redirect.github.com/github/codeql-action/pull/3354) > > 4.31.7 - 05 Dec 2025 > -------------------- > > * Update default CodeQL bundle version to 2.23.7. [#3343](https://redirect.github.com/github/codeql-action/pull/3343) > > 4.31.6 - 01 Dec 2025 > -------------------- ... (truncated) Commits * [`9e907b5`](github/codeql-action@9e907b5) Merge pull request [#3479](https://redirect.github.com/github/codeql-action/issues/3479) from github/update-v4.32.3-4bf6fa4e2 * [`1814c9f`](github/codeql-action@1814c9f) Update changelog for v4.32.3 * [`4bf6fa4`](github/codeql-action@4bf6fa4) Merge pull request [#3478](https://redirect.github.com/github/codeql-action/issues/3478) from github/mbg/changelog/add-connection-test-entry * [`9658e23`](github/codeql-action@9658e23) Merge pull request [#3476](https://redirect.github.com/github/codeql-action/issues/3476) from github/henrymercer/retry-auth-errors * [`be75dd9`](github/codeql-action@be75dd9) Add changelog entry for [#3466](https://redirect.github.com/github/codeql-action/issues/3466) * [`05bca54`](github/codeql-action@05bca54) Apply suggestion from [`@Copilot`](https://github.com/Copilot) * [`2d6b98c`](github/codeql-action@2d6b98c) Merge pull request [#3475](https://redirect.github.com/github/codeql-action/issues/3475) from github/henrymercer/retry-auth-errors * [`876cecb`](github/codeql-action@876cecb) Avoid requesting features in CCR * [`43b46a1`](github/codeql-action@43b46a1) Retry API authentication errors since these can be transient * [`8ad4b6e`](github/codeql-action@8ad4b6e) Merge pull request [#3472](https://redirect.github.com/github/codeql-action/issues/3472) from github/dependabot/github\_actions/dot-github/wor... * Additional commits viewable in [compare view](github/codeql-action@45cbd0c...9e907b5) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Use GitHub's PR refs (pull/NUMBER/head) instead of fetching branch by name. This works for both same-repo and fork PRs because GitHub automatically creates these refs in the base repository for all PRs.
The branch name doesn't exist on origin for fork PRs, causing:
fatal: couldn't find remote ref
Using pull/${entityNumber}/head:${branchName} fetches the PR head and creates a local branch with the correct name.
Fixes issues with tag mode failing on fork PRs.