Claude fix issue workflow: properly reference issue in PR title #5093
Claude fix issue workflow: properly reference issue in PR title #5093staabm wants to merge 2 commits intophpstan:2.2.xfrom
Conversation
before this PR, the issue number was relative to phpstan-src repo, which means it somtimes reference other pull requests
5a5242b to
57c3694
Compare
|
You've opened the pull request against the latest branch 2.2.x. PHPStan 2.2 is not going to be released for months. If your code is relevant on 2.1.x and you want it to be released sooner, please rebase your pull request and change its target to 2.1.x. |
| You are working on phpstan/phpstan-src, the source code of PHPStan - a PHP static analysis tool. | ||
|
|
||
| Your task is to fix the following GitHub issue from the phpstan/phpstan repository: | ||
| Issue phpstan/phpstan#${{ inputs.issue-number }}: ${{ steps.issue.outputs.title }} |
Check failure
Code scanning / zizmor
code injection via template expansion Error
| ## Test | ||
| Describe the regression test that was added. | ||
|
|
||
| Fixes phpstan/phpstan#${{ inputs.issue-number }} |
Check failure
Code scanning / zizmor
code injection via template expansion Error
| fail-fast: false | ||
| matrix: | ||
| issue: ${{ fromJson(needs.pick-issues.outputs.matrix) }} | ||
| uses: ./.github/workflows/claude-fix-issue.yml |
Check warning
Code scanning / zizmor
secrets unconditionally inherited by called workflow Warning
|
|
||
| permissions: | ||
| contents: read | ||
| issues: read |
Check warning
Code scanning / zizmor
permissions without explanatory comments Warning
| - name: Trigger Claude Random Easy Fixes | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: gh workflow run claude-random-easy-fixes.yml -f issue_count=5 --repo ${{ github.repository }} |
Check warning
Code scanning / zizmor
code injection via template expansion Warning
| timeout-minutes: 60 | ||
| permissions: | ||
| contents: read | ||
| issues: read |
Check warning
Code scanning / zizmor
permissions without explanatory comments Warning
| name: "Claude Fix Issue" | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| issue-number: | ||
| description: "Issue number from phpstan/phpstan repository" | ||
| required: true | ||
| type: string | ||
| workflow_call: | ||
| inputs: | ||
| issue-number: | ||
| description: "Issue number from phpstan/phpstan repository" | ||
| required: true | ||
| type: string | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| fix: | ||
| name: "Fix #${{ inputs.issue-number }}" | ||
| runs-on: "ubuntu-latest" | ||
| timeout-minutes: 60 | ||
| permissions: | ||
| contents: read | ||
| issues: read | ||
| pull-requests: write | ||
|
|
||
| steps: | ||
| - name: Harden the runner (Audit all outbound calls) | ||
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: "Checkout" | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | ||
| with: | ||
| ref: 2.1.x | ||
| repository: phpstan/phpstan-src | ||
| fetch-depth: 0 | ||
|
|
||
| - name: "Install PHP" | ||
| uses: "shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1" # v2 | ||
| with: | ||
| coverage: "none" | ||
| php-version: "8.4" | ||
| ini-file: development | ||
| extensions: mbstring | ||
|
|
||
| - uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # v3 | ||
|
|
||
| - name: "Install Claude Code" | ||
| run: npm install -g @anthropic-ai/claude-code | ||
|
|
||
| - name: "Fetch issue details" | ||
| id: issue | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| ISSUE_NUMBER: ${{ inputs.issue-number }} | ||
| run: | | ||
| ISSUE_JSON=$(gh issue view "$ISSUE_NUMBER" \ | ||
| --repo phpstan/phpstan \ | ||
| --json title,body,url) | ||
|
|
||
| TITLE=$(echo "$ISSUE_JSON" | jq -r '.title') | ||
| URL=$(echo "$ISSUE_JSON" | jq -r '.url') | ||
| echo "title=$TITLE" >> "$GITHUB_OUTPUT" | ||
| echo "url=$URL" >> "$GITHUB_OUTPUT" | ||
| echo "$ISSUE_JSON" | jq -r '.body' > /tmp/issue-body.txt | ||
|
|
||
| - name: "Run Claude Code" | ||
| env: | ||
| CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | ||
| GH_TOKEN: ${{ secrets.PHPSTAN_BOT_FORK_TOKEN }} | ||
| run: | | ||
| git config user.name "phpstan-bot" | ||
| git config user.email "ondrej+phpstanbot@mirtes.cz" | ||
|
|
||
| claude --model claude-opus-4-6 \ | ||
| --dangerously-skip-permissions \ | ||
| -p "$(cat << 'PROMPT_EOF' | ||
| You are working on phpstan/phpstan-src, the source code of PHPStan - a PHP static analysis tool. | ||
|
|
||
| Your task is to fix the following GitHub issue from the phpstan/phpstan repository: | ||
| Issue phpstan/phpstan#${{ inputs.issue-number }}: ${{ steps.issue.outputs.title }} | ||
| URL: ${{ steps.issue.outputs.url }} | ||
|
|
||
| Issue body is in the file /tmp/issue-body.txt — read it before proceeding. | ||
|
|
||
| ## Step 1: Write a regression test | ||
|
|
||
| Read .claude/skills/regression-test/SKILL.md for detailed guidance on writing regression tests for PHPStan bugs. | ||
|
|
||
| The issue body is already provided above — start from Step 2 of the skill (deciding test type). For Step 1 (gathering context), you only need to fetch the playground samples from any playground links found in the issue body. | ||
|
|
||
| Skip Steps 5-6 of the skill (reverting fix and committing) — those are not needed here. | ||
|
|
||
| The regression test should fail without the fix — verify this by running it before implementing the fix. | ||
|
|
||
| ## Step 2: Fix the bug | ||
|
|
||
| Implement the fix in the source code under src/. Common areas to look: | ||
| - src/Analyser/NodeScopeResolver.php - AST traversal and scope management | ||
| - src/Analyser/MutatingScope.php - Type tracking | ||
| - src/Analyser/TypeSpecifier.php - Type narrowing from conditions | ||
| - src/Type/ - Type system implementations | ||
| - src/Rules/ - Rule implementations | ||
| - src/Reflection/ - Reflection layer | ||
|
|
||
| Read CLAUDE.md for important guidelines about the codebase architecture and common patterns. | ||
|
|
||
| ## Step 3: Verify the fix | ||
|
|
||
| 1. Run the regression test to confirm it passes now | ||
| 2. Run the full test suite: make tests | ||
| 3. Run PHPStan self-analysis: make phpstan | ||
| 4. Fix any failures that come up | ||
| 5. Run make cs-fix to fix any coding standard violations | ||
| 6. Run make name-collision and fix violations - add different tests in unique namespaces. If the function and class declarations are exactly the same, you can reuse them across files instead of duplicating them. | ||
|
|
||
| Do not create a branch, push, or create a PR - this will be handled automatically. | ||
|
|
||
| ## Step 4: Write a summary | ||
|
|
||
| After completing the fix, write two files: | ||
|
|
||
| 1. /tmp/commit-message.txt - A concise commit message (first line: short summary under 72 chars, then a blank line, then a few bullet points describing key changes). Example: | ||
| Fix array_key_exists narrowing for template types | ||
|
|
||
| - Added handling for TemplateType in TypeSpecifier when processing array_key_exists | ||
| - New regression test in tests/PHPStan/Analyser/nsrt/bug-12345.php | ||
| - The root cause was that TypeSpecifier did not unwrap template bounds before narrowing | ||
|
|
||
| 2. /tmp/pr-description.md - A pull request description in this format: | ||
| ## Summary | ||
| Brief description of what the issue was about and what the fix does. | ||
|
|
||
| ## Changes | ||
| - Bullet points of specific code changes made | ||
| - Reference file paths where changes were made | ||
|
|
||
| ## Root cause | ||
| Explain why the bug happened and how the fix addresses it. | ||
|
|
||
| ## Test | ||
| Describe the regression test that was added. | ||
|
|
||
| Fixes phpstan/phpstan#${{ inputs.issue-number }} | ||
|
|
||
| These files are critical - they will be used for the commit message and PR description. | ||
| PROMPT_EOF | ||
| )" | ||
|
|
||
| - name: "Read Claude's summary" | ||
| id: claude-summary | ||
| env: | ||
| ISSUE_NUMBER: ${{ inputs.issue-number }} | ||
| run: | | ||
| if [ -f /tmp/commit-message.txt ]; then | ||
| delimiter="EOF_$(openssl rand -hex 16)" | ||
| { | ||
| echo "commit_message<<${delimiter}" | ||
| cat /tmp/commit-message.txt | ||
| echo "${delimiter}" | ||
| } >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "commit_message=Fix #$ISSUE_NUMBER" >> "$GITHUB_OUTPUT" | ||
| fi | ||
|
|
||
| if [ -f /tmp/pr-description.md ]; then | ||
| delimiter="EOF_$(openssl rand -hex 16)" | ||
| { | ||
| echo "pr_body<<${delimiter}" | ||
| cat /tmp/pr-description.md | ||
| echo "${delimiter}" | ||
| } >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "pr_body=Fixes phpstan/phpstan#$ISSUE_NUMBER" >> "$GITHUB_OUTPUT" | ||
| fi |
Check warning
Code scanning / zizmor
insufficient job-level concurrency limits Warning
|
|
||
| Your task is to fix the following GitHub issue from the phpstan/phpstan repository: | ||
| Issue phpstan/phpstan#${{ inputs.issue-number }}: ${{ steps.issue.outputs.title }} | ||
| URL: ${{ steps.issue.outputs.url }} |
Check notice
Code scanning / zizmor
code injection via template expansion Note
| contents: read | ||
|
|
||
| jobs: | ||
| trigger: |
Check notice
Code scanning / zizmor
workflow or action definition without a name Note
| You are working on phpstan/phpstan-src, the source code of PHPStan - a PHP static analysis tool. | ||
|
|
||
| Your task is to fix the following GitHub issue from the phpstan/phpstan repository: | ||
| Issue phpstan/phpstan#${{ inputs.issue-number }}: ${{ steps.issue.outputs.title }} |
Check notice
Code scanning / zizmor
code injection via template expansion Note
| - name: "Checkout" | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | ||
| with: | ||
| ref: 2.1.x |
Check failure
Code scanning / octoscan
Use of 'actions/checkout' with a custom ref. Error
| ISSUE_JSON=$(gh issue view "$ISSUE_NUMBER" \ | ||
| --repo phpstan/phpstan \ | ||
| --json title,body,url) | ||
|
|
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
| --repo phpstan/phpstan \ | ||
| --json title,body,url) | ||
|
|
||
| TITLE=$(echo "$ISSUE_JSON" | jq -r '.title') |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
| CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | ||
| GH_TOKEN: ${{ secrets.PHPSTAN_BOT_FORK_TOKEN }} | ||
| run: | | ||
| git config user.name "phpstan-bot" |
Check failure
Code scanning / octoscan
Expression injection, "steps..outputs." is potentially untrusted. Error
| PROMPT_EOF | ||
| )" | ||
|
|
||
| - name: "Read Claude's summary" |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
| { | ||
| echo "commit_message<<${delimiter}" | ||
| cat /tmp/commit-message.txt | ||
| echo "${delimiter}" |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
| cat /tmp/commit-message.txt | ||
| echo "${delimiter}" | ||
| } >> "$GITHUB_OUTPUT" | ||
| else |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
| echo "${delimiter}" | ||
| } >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "commit_message=Fix #$ISSUE_NUMBER" >> "$GITHUB_OUTPUT" |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
| echo "### Selected issue: #$NUMBER - $TITLE" >> "$GITHUB_STEP_SUMMARY" | ||
| done | ||
|
|
||
| echo "matrix=$(echo "$SELECTED" | jq -c '.')" >> "$GITHUB_OUTPUT" |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
| fail-fast: false | ||
| matrix: | ||
| issue: ${{ fromJson(needs.pick-issues.outputs.matrix) }} | ||
| uses: ./.github/workflows/claude-fix-issue.yml |
Check failure
Code scanning / octoscan
Use of local workflow "./.github/workflows/claude-fix-issue.yml" Error
No description provided.