chore(ci): use github.token for draft conversion in auto-draft workflow#8903
Merged
chore(ci): use github.token for draft conversion in auto-draft workflow#8903
Conversation
Fine-grained PATs don't support the convertPullRequestToDraft GraphQL mutation. Split the step so the draft conversion uses github.token (which has pull-requests: write from the permissions block) and the comment still uses MISE_PR_COMMENT_TOKEN. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
Contributor
Greptile SummaryThis PR fixes a CI failure in the The root cause was that the Key changes:
Confidence Score: 5/5This PR is safe to merge — it is a minimal, correct fix for a known CI failure with no logic changes to the filtering conditions or permissions. The change is a single-file, two-step split of an existing CI step. The job-level No files require special attention. Important Files Changed
Sequence DiagramsequenceDiagram
participant PR as Pull Request (opened)
participant GHA as GitHub Actions Runner
participant GH as GitHub API (github.token)
participant PAT as GitHub API (MISE_PR_COMMENT_TOKEN)
PR->>GHA: pull_request_target (opened, non-collaborator, non-draft)
GHA->>GHA: Evaluate if condition
GHA->>GH: gh pr ready --undo PR_NUMBER<br/>(convertPullRequestToDraft mutation)
GH-->>GHA: PR converted to draft ✓
GHA->>PAT: gh pr comment PR_NUMBER<br/>(post informational comment)
PAT-->>GHA: Comment posted ✓
Reviews (1): Last reviewed commit: "chore(ci): use github.token for draft co..." | Re-trigger Greptile |
Hyperfine Performance
|
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.4.3 x -- echo |
22.3 ± 0.9 | 21.3 | 35.6 | 1.00 |
mise x -- echo |
23.0 ± 0.6 | 21.8 | 27.3 | 1.03 ± 0.05 |
mise env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.4.3 env |
22.2 ± 0.8 | 20.9 | 27.4 | 1.00 ± 0.04 |
mise env |
22.1 ± 0.4 | 21.2 | 24.1 | 1.00 |
mise hook-env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.4.3 hook-env |
22.4 ± 0.4 | 21.6 | 24.0 | 1.00 |
mise hook-env |
23.0 ± 0.5 | 21.9 | 24.8 | 1.03 ± 0.03 |
mise ls
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.4.3 ls |
19.8 ± 0.4 | 19.1 | 21.3 | 1.00 |
mise ls |
20.2 ± 1.0 | 19.3 | 33.8 | 1.02 ± 0.05 |
xtasks/test/perf
| Command | mise-2026.4.3 | mise | Variance |
|---|---|---|---|
| install (cached) | 151ms | 150ms | +0% |
| ls (cached) | 79ms | 78ms | +1% |
| bin-paths (cached) | 84ms | 83ms | +1% |
| task-ls (cached) | 814ms | 798ms | +2% |
jdx
pushed a commit
that referenced
this pull request
Apr 5, 2026
### 🚀 Features - **(ci)** auto-convert external PRs to draft mode by @jdx in [#8896](#8896) - **(deps)** add `depends` field for user-specified tool dependencies by @cprecioso in [#8776](#8776) - **(dotnet)** support runtime-only installs by @fragon10 in [#8524](#8524) - **(npm)** apply install_before to transitive dependencies by @risu729 in [#8851](#8851) - **(task)** allow passing arguments to task dependencies via {{usage.*}} templates by @jdx in [#8893](#8893) - add options field to BackendListVersionsCtx by @esteve in [#8875](#8875) ### 🐛 Bug Fixes - **(backend)** filter PEP 440 .dev versions in fuzzy version matching by @richardthe3rd in [#8849](#8849) - **(ci)** update COPR BuildRequires rust version to match MSRV 1.88 by @jdx in [#8911](#8911) - **(ci)** add Ruby build dependencies to e2e Docker image by @jdx in [#8910](#8910) - **(ci)** add missing build dependencies to e2e Docker image by @jdx in [#8912](#8912) - **(ci)** add missing build dependencies to e2e Docker image by @jdx in [#8914](#8914) - **(ci)** use Node 24 LTS for corepack e2e test by @jdx in [#8915](#8915) - **(ci)** add libxml2 and pkg-config to e2e Docker image by @jdx in [#8917](#8917) - **(ci)** add libxml2-dev to e2e image and disable Swift SPM tests by @jdx in [#8918](#8918) - **(docs)** use sans-serif font for badges by @jdx in [#8887](#8887) - **(env)** parse --env=VALUE and -E=VALUE flag forms correctly by @jdx in [#8889](#8889) - **(exec)** use i64::from() for seccomp syscall numbers to survive autofix by @jdx in [#8882](#8882) - **(github)** preserve tool options like filter_bins when version specified via CLI by @jdx in [#8888](#8888) - **(github)** use alias-specific options when tool_alias has its own config by @jdx in [#8892](#8892) - **(install)** add locked_verify_provenance setting and detect github attestations at lock time by @jdx in [#8901](#8901) - **(lock)** prune stale version entries during filtered `mise lock <tool>` runs by @altendky in [#8599](#8599) - **(python)** use lockfile URL for precompiled installs by @hehaoqian in [#8750](#8750) - **(release)** verify all build targets succeed before releasing by @jdx in [#8886](#8886) - **(ruby)** support build revisions for precompiled binaries in mise.lock by @jdx in [#8900](#8900) - **(swift)** fall back to Ubuntu 24.04 for unsupported Ubuntu versions by @jdx in [#8916](#8916) - **(zsh)** avoid duplicate trust warning after cd by @timothysparg in [#8898](#8898) - update flake.lock and add fix for rust-bindgen to default.nix by @esteve in [#8874](#8874) - when direnv diff is empty, do not try to parse it by @yaleman in [#8857](#8857) - skip trust check for plain .tool-versions in task list by @dportalesr in [#8876](#8876) ### 🚜 Refactor - **(go)** rename go_* settings to go.* namespace by @jdbruijn in [#8598](#8598) ### 📚 Documentation - **(tasks)** clarify task_config.includes behavior by @risu729 in [#8905](#8905) ### 🧪 Testing - **(ci)** run e2e tests inside Docker containers by @jdx in [#8899](#8899) ### 📦️ Dependency Updates - bump ubi from 0.8 to 0.9 by @jdx in [#8906](#8906) - bump zip from 3 to 8 by @jdx in [#8908](#8908) - update lockfile deps (hold back rattler) by @jdx in [#8909](#8909) - update bun.lock by @jdx in [#8913](#8913) ### 📦 Registry - add turso ([github:tursodatabase/turso-cli](https://github.com/tursodatabase/turso-cli)) by @kenn in [#8884](#8884) - remove carp test by @jdx in [#8894](#8894) ### Chore - **(ci)** add workflow to warn PRs modifying vendored aqua-registry by @jdx in [#8897](#8897) - **(ci)** use github.token for draft conversion in auto-draft workflow by @jdx in [#8903](#8903) - remove deprecated settings older than 12 months by @jdx in [#8904](#8904) ### New Contributors - @dportalesr made their first contribution in [#8876](#8876) - @timothysparg made their first contribution in [#8898](#8898) - @hehaoqian made their first contribution in [#8750](#8750) - @jdbruijn made their first contribution in [#8598](#8598) - @cprecioso made their first contribution in [#8776](#8776) - @yaleman made their first contribution in [#8857](#8857) - @kenn made their first contribution in [#8884](#8884) - @fragon10 made their first contribution in [#8524](#8524) ## 📦 Aqua Registry Updates #### New Packages (6) - [`ahkohd/oyo`](https://github.com/ahkohd/oyo) - [`bellicose100xp/jiq`](https://github.com/bellicose100xp/jiq) - [`kurama/dealve-tui`](https://github.com/kurama/dealve-tui) - [`micahkepe/jsongrep`](https://github.com/micahkepe/jsongrep) - [`textfuel/lazyjira`](https://github.com/textfuel/lazyjira) - [`ubugeeei/vize`](https://github.com/ubugeeei/vize) #### Updated Packages (1) - [`sigstore/cosign`](https://github.com/sigstore/cosign)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
github.token, comment usesMISE_PR_COMMENT_TOKENconvertPullRequestToDraftGraphQL mutation, causing the workflow to fail withResource not accessible by personal access tokengithub.tokenwithpull-requests: writepermission supports this mutationFixes the failure seen in https://github.com/jdx/mise/actions/runs/23982740067/job/69949629833
Test plan
🤖 Generated with Claude Code
Note
Low Risk
Low risk workflow-only change that adjusts which token is used for PR draft conversion; main risk is unintended permissions/token behavior in
pull_request_targetruns.Overview
Fixes the
auto-draft-prworkflow by splitting the single “convert + comment” step into two steps.Draft conversion now uses
github.token(withpull-requests: write) to rungh pr ready --undo, while the follow-up comment continues to useMISE_PR_COMMENT_TOKEN, avoiding failures from PATs that can’t perform the draft-conversion mutation.Reviewed by Cursor Bugbot for commit 9170338. Bugbot is set up for automated code reviews on this repo. Configure here.