# Apply Patch to Subrepos After Merge (Manual Run) # -------------------------------------------------- # This GitHub Actions workflow lets you manually run the patching logic for # previously merged pull requests in the monorepo. # # It is useful for cases where the automatic patch workflow failed (e.g., due # to fork PRs lacking secrets), or if configuration or credentials have changed. # # Key Steps: # 1. Validate that the caller has 'admin' or 'maintain' permission on the monorepo. # 2. Accept PR number as input. # 3. Generate a GitHub App token for authentication. # 4. Use a Python script to detect which subtrees were modified. # 5. For each changed subtree: # - Generate a patch from the merge commit for that subtree. # - Determine the appropriate author (based on PR metadata or fallback). # - Clone the target sub-repo and apply the patch. # - Amend the commit message to include links to the monorepo PR and commit. # - Push the commit directly to the sub-repo. # # This ensures downstream sub-repositories are updated to reflect changes # made in the monorepo, even if the original automated job failed. name: Manual Patch Rerun on: workflow_dispatch: inputs: pr: description: 'Pull request number to rerun patch logic for' required: true jobs: rerun-patch: runs-on: ubuntu-24.04 steps: - name: Validate maintainer permissions env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "Actor is: ${{ github.actor }}" PERMISSION=$(gh api \ repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission \ --jq .permission) if [[ "$PERMISSION" != "admin" && "$PERMISSION" != "maintain" ]]; then echo "❌ User ${{ github.actor }} is not authorized to run this workflow" exit 1 fi - name: Generate a token id: generate-token uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: .github sparse-checkout-cone-mode: true token: ${{ steps.generate-token.outputs.token }} - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.12' - name: Install python dependencies run: | python -m pip install --upgrade pip pip install pydantic requests - name: Set up Git user run: | git config user.name "assistant-librarian[bot]" git config user.email "assistant-librarian[bot]@users.noreply.github.com" - name: Detect changed subtrees from merged PR id: detect env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | python .github/scripts/pr_detect_changed_subtrees.py \ --repo "${{ github.repository }}" \ --pr "${{ github.event.inputs.pr }}" \ --config ".github/repos-config.json" \ --require-auto-push - name: Checkout full repo with changed subtrees uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: | .github ${{ steps.detect.outputs.subtrees }} token: ${{ steps.generate-token.outputs.token }} fetch-depth: 0 - name: Generate and apply patches env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} run: | python .github/scripts/pr_merge_sync_patches.py \ --repo "${{ github.repository }}" \ --pr "${{ github.event.inputs.pr }}" \ --subtrees "${{ steps.detect.outputs.subtrees }}" \ --config ".github/repos-config.json" \ --debug