Skip to content

CI/changelog bot #697

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pushpitkamboj wants to merge 4 commits into
base: master
Choose a base branch
from
Open

CI/changelog bot #697

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
81a2f8f
[ci] Add workflow for changelog bot
Mar 27, 2026
0d29a3c
Chore
Mar 27, 2026
c6ae97a
[fix] Qa fixed
Apr 12, 2026
b86efd0
[fix] Qa fix
Apr 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions .github/workflows/bot-changelog-runner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Changelog Bot Runner

on:
workflow_run:
workflows: ["Changelog Bot Trigger"]
types:
- completed

permissions:
actions: read
contents: read
pull-requests: write
issues: write

env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

jobs:
fetch-metadata:
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion == 'success'
outputs:
pr_number: ${{ steps.metadata.outputs.pr_number }}
steps:
- name: Download PR metadata
id: download
uses: actions/download-artifact@v4
with:
name: changelog-metadata
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
continue-on-error: true

Comment on lines +25 to +33
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

For actions/download-artifact@v4, what step outputs/error signals are available to distinguish “artifact not found” from transient/API failures?

💡 Result:

For actions/download-artifact@v4, there are no step outputs to distinguish "artifact not found" from transient/API failures. The only documented output is download-path, which is set to the resolved download path if successful. Both cases result in step failure (non-zero exit code) with distinct error messages in logs: - Artifact not found: "Error: Unable to download artifact(s): No artifacts found for run '' in ''" or "Artifact not found for name: " (sources 2,5,6). - Transient/API failures: "Error: Unable to download artifact(s): Unable to download and extract artifact: Artifact download failed after 5 retries." often with debug logs showing retry attempts (e.g., "Failed to download artifact after X retries due to ...") (sources 3,17,19,20). To distinguish in workflows, use if: always || success on a run: step after download-artifact to parse ${{ steps.download.outputs.download-path }} (unset on failure) or needs: download.result == 'success', but error type requires parsing runner logs via ::error:: or custom scripts, as no structured outputs exist. Official docs confirm only download-path output (sources 9,11,56,57). Source code shows uniform core.setFailed on all errors (source 58).

Citations:

Avoid silently swallowing metadata download failures.

continue-on-error: true suppresses download failures from workflow control flow, preventing subsequent steps from distinguishing "artifact doesn't exist" from transient/API failures. While error messages in logs are distinct, they are not accessible to workflow conditionals, so noteworthy PRs can silently skip changelog updates while the workflow stays green.

To harden: Explicitly check artifact existence before attempting download using the GitHub API, eliminating reliance on error message inspection:

Suggested fix 
+      - name: Check PR metadata artifact exists
+        id: artifact
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+          RUN_ID: ${{ github.event.workflow_run.id }}
+        run: |
+          set -euo pipefail
+          EXISTS=$(gh api "repos/$REPO/actions/runs/$RUN_ID/artifacts" \
+            --jq '[.artifacts[] | select(.name=="changelog-metadata" and .expired==false)] | length > 0')
+          echo "exists=$EXISTS" >> "$GITHUB_OUTPUT"
+
       - name: Download PR metadata
+        if: steps.artifact.outputs.exists == 'true'
         id: download
         uses: actions/download-artifact@v4
         with:
           name: changelog-metadata
           github-token: ${{ secrets.GITHUB_TOKEN }}
           run-id: ${{ github.event.workflow_run.id }}
-        continue-on-error: true

       - name: Read PR metadata
-        if: steps.download.outcome == 'success'
+        if: steps.artifact.outputs.exists == 'true' && steps.download.outcome == 'success'
         id: metadata
         run: |
           PR_NUMBER=$(cat pr_number)
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/bot-changelog-runner.yml around lines 25 - 33, The
workflow step named "Download PR metadata" (id: download) currently sets
continue-on-error: true which silently swallows failures; remove
continue-on-error and instead add a pre-check that queries the GitHub Actions
Artifacts API (or the Workflow Run's artifacts via REST) to confirm the artifact
named "changelog-metadata" exists for github.event.workflow_run.id before
running actions/download-artifact@v4, and if not present fail or set an
output/step-status that downstream steps can evaluate; update downstream
conditionals to rely on that explicit existence check rather than inspecting
logs.

- name: Read PR metadata
if: steps.download.outcome == 'success'
id: metadata
run: |
PR_NUMBER=$(cat pr_number)
if ! [[ "$PR_NUMBER" =~ ^[0-9]+$ ]]; then
echo "::error::Invalid PR number: $PR_NUMBER"
exit 1
fi
echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT

changelog:
needs: fetch-metadata
if: needs.fetch-metadata.outputs.pr_number != ''
uses: openwisp/openwisp-utils/.github/workflows/reusable-bot-changelog.yml@master
with:
pr_number: ${{ needs.fetch-metadata.outputs.pr_number }}
secrets:
GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
OPENWISP_BOT_APP_ID: ${{ secrets.OPENWISP_BOT_APP_ID }}
OPENWISP_BOT_PRIVATE_KEY: ${{ secrets.OPENWISP_BOT_PRIVATE_KEY }}
39 changes: 39 additions & 0 deletions .github/workflows/bot-changelog-trigger.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Changelog Bot Trigger

on:
pull_request_review:
types: [submitted]

env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

jobs:
check:
if: |
github.event.review.state == 'approved' &&
(github.event.review.author_association == 'OWNER' ||
github.event.review.author_association == 'MEMBER' ||
github.event.review.author_association == 'COLLABORATOR')
runs-on: ubuntu-latest
steps:
- name: Check for noteworthy PR
id: check
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
if echo "$PR_TITLE" | grep -qiE '^\[(feature|fix|change)\]'; then
echo "has_noteworthy=true" >> $GITHUB_OUTPUT
fi

- name: Save PR metadata
if: steps.check.outputs.has_noteworthy == 'true'
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
run: echo "$PR_NUMBER" > pr_number

- name: Upload PR metadata
if: steps.check.outputs.has_noteworthy == 'true'
uses: actions/upload-artifact@v4
with:
name: changelog-metadata
path: pr_number
Comment on lines +34 to +39
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Consider reducing artifact retention.

The artifact is only needed briefly until the runner workflow consumes it. The default 90-day retention is excessive for this temporary handoff.

♻️ Suggested improvement 
       - name: Upload PR metadata
         if: steps.check.outputs.has_noteworthy == 'true'
         uses: actions/upload-artifact@v4
         with:
           name: changelog-metadata
           path: pr_number
+          retention-days: 1
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Upload PR metadata
if: steps.check.outputs.has_noteworthy == 'true'
uses: actions/upload-artifact@v4
with:
name: changelog-metadata
path: pr_number
- name: Upload PR metadata
if: steps.check.outputs.has_noteworthy == 'true'
uses: actions/upload-artifact@v4
with:
name: changelog-metadata
path: pr_number
retention-days: 1
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/bot-changelog-trigger.yml around lines 34 - 39, The Upload
PR metadata step uses actions/upload-artifact@v4 to store changelog-metadata but
relies on the default 90-day retention; add the retention-days input to the step
(e.g., retention-days: 1 or 3) so the artifact named "changelog-metadata"
uploaded from path "pr_number" is retained only briefly for the downstream
runner workflow to consume.

Loading