fix: sync-preview pushes directly on clean merge, PRs only on conflict (#1078)

notgitika · web-flow · commit 01536945c54d · 2026-05-12T17:46:59.000-04:00
* fix: sync-preview workflow restores version instead of ignoring files Instead of keeping preview's entire package.json/package-lock.json (which discards new deps, scripts, etc. from main), accept main's content and surgically restore only the version field to preview's value after merge. * fix: push directly to preview on clean merge via GitHub App bypass Use agentcore-devx-automation app token to bypass branch protection and push directly when the merge is clean (or only version conflicts). Only creates a PR when there are real conflicts in other files. * chore: use app-slug instead of app-id for token generation * fix: address review feedback on sync-preview workflow - Pass PREVIEW_VERSION via env var instead of string interpolation in node -e scripts (safer against special chars) - Make git add of package-lock.json conditional on file existence to match the earlier -f guard - Replace loose title search for dedup with headRefName prefix filter to avoid false positives from unrelated PRs - Clarify why package.json/package-lock.json are special-cased (preview carries a different version string that needs preserving) * fix: restore preview-owned files after sync merge Adds a step to restore schemas/agentcore.schema.v1.json and CHANGELOG.md to preview's versions after merging main. These files are auto-generated during preview releases — schema-check CI rejects direct modifications to schemas/, and CHANGELOG.md tracks preview releases separately. * fix: use app-id instead of app-slug for GitHub App token Aligns with the pattern in PR #1210 and ci-failure-issue.yml.
diff --git a/.github/workflows/sync-preview.yml b/.github/workflows/sync-preview.yml
@@ -17,101 +17,161 @@ jobs:
     name: Merge main into preview
     runs-on: ubuntu-latest
     steps:
+      - name: Generate GitHub App Token
+        id: app-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - name: Checkout preview
         uses: actions/checkout@v6
         with:
           ref: preview
           fetch-depth: 0
+          token: ${{ steps.app-token.outputs.token }}
 
       - name: Configure git
         run: |
           git config --global user.name "github-actions[bot]"
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
 
-      - name: Merge main into preview
-        id: merge
+      - name: Check if sync needed
+        id: check
         run: |
           git fetch origin main
           MAIN_SHA=$(git rev-parse origin/main)
           MERGE_BASE=$(git merge-base HEAD origin/main)
 
           if [[ "$MAIN_SHA" == "$MERGE_BASE" ]]; then
             echo "✅ preview already contains all of main"
-            echo "status=up-to-date" >> $GITHUB_OUTPUT
-            exit 0
+            echo "needed=false" >> $GITHUB_OUTPUT
+          else
+            echo "needed=true" >> $GITHUB_OUTPUT
           fi
 
-          echo "ℹ️  Merging main into preview..."
+      - name: Skip if already synced
+        if: steps.check.outputs.needed == 'false'
+        run: echo "Nothing to sync."
+
+      - name: Merge main into preview
+        if: steps.check.outputs.needed == 'true'
+        id: merge
+        run: |
+          # Save preview's version before merge so we can restore it after
+          PREVIEW_VERSION=$(node -p "require('./package.json').version")
+          echo "preview_version=$PREVIEW_VERSION" >> $GITHUB_OUTPUT
 
           if git merge origin/main --no-edit -m "chore: merge main into preview"; then
-            git push origin preview
-            echo "✅ main merged into preview and pushed"
-            echo "status=merged" >> $GITHUB_OUTPUT
+            echo "status=clean" >> $GITHUB_OUTPUT
           else
-            git merge --abort
-            echo "status=conflict" >> $GITHUB_OUTPUT
+            # preview carries a higher version string than main (e.g. 1.0.0-preview.X vs 0.13.X).
+            # This means package.json/package-lock.json almost always conflict on the version field.
+            # Accept main's content here; the version is restored in the next step.
+            for f in package.json package-lock.json; do
+              if git diff --name-only --diff-filter=U | grep -qx "$f"; then
+                git checkout --theirs "$f"
+                git add "$f"
+                echo "  ↳ resolved $f conflict (accepted main, will restore version)"
+              fi
+            done
+
+            # Check if all conflicts are now resolved
+            if [[ -z "$(git diff --name-only --diff-filter=U)" ]]; then
+              git commit --no-edit -m "chore: merge main into preview"
+              echo "status=clean" >> $GITHUB_OUTPUT
+            else
+              echo "status=conflict" >> $GITHUB_OUTPUT
+            fi
           fi
 
-      - name: Generate GitHub App Token
-        if: steps.merge.outputs.status == 'conflict'
-        id: app-token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ vars.APP_ID }}
-          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+      - name: Restore preview-owned files
+        if: steps.merge.outputs.status == 'clean'
+        run: |
+          # These files are auto-generated during preview releases and must not
+          # be overwritten by main's versions (schema-check CI will reject changes
+          # to schemas/, and CHANGELOG.md tracks preview releases separately).
+          PREVIEW_HEAD=$(git rev-parse HEAD^1)
+          for f in schemas/agentcore.schema.v1.json CHANGELOG.md; do
+            if git show "$PREVIEW_HEAD:$f" > /dev/null 2>&1; then
+              git show "$PREVIEW_HEAD:$f" > "$f"
+              git add "$f"
+              echo "  ↳ restored preview's $f"
+            fi
+          done
+          if ! git diff --cached --quiet; then
+            git commit -m "chore: restore preview-owned files (schema, changelog)"
+          fi
 
-      - name: Get original commit author
-        if: steps.merge.outputs.status == 'conflict'
-        id: author
+      - name: Restore preview version and push
+        if: steps.merge.outputs.status == 'clean'
         run: |
-          AUTHOR=$(git log origin/main -1 --format='%an')
-          GH_USER=$(git log origin/main -1 --format='%ae' | grep -oP '.*(?=@users\.noreply\.github\.com)' || echo "")
-          if [[ -z "$GH_USER" ]]; then
-            # Try to get GitHub username from the commit
-            GH_USER=$(gh api "/repos/${{ github.repository }}/commits/$(git rev-parse origin/main)" --jq '.author.login // empty' 2>/dev/null || echo "")
+          PREVIEW_VERSION="${{ steps.merge.outputs.preview_version }}"
+          CURRENT_VERSION=$(node -p "require('./package.json').version")
+
+          if [[ "$CURRENT_VERSION" != "$PREVIEW_VERSION" ]]; then
+            PREVIEW_VERSION="$PREVIEW_VERSION" node -e "
+              const fs = require('fs');
+              const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
+              pkg.version = process.env.PREVIEW_VERSION;
+              fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');
+            "
+            if [[ -f package-lock.json ]]; then
+              PREVIEW_VERSION="$PREVIEW_VERSION" node -e "
+                const fs = require('fs');
+                const lock = JSON.parse(fs.readFileSync('package-lock.json', 'utf8'));
+                lock.version = process.env.PREVIEW_VERSION;
+                if (lock.packages && lock.packages['']) {
+                  lock.packages[''].version = process.env.PREVIEW_VERSION;
+                }
+                fs.writeFileSync('package-lock.json', JSON.stringify(lock, null, 2) + '\n');
+              "
+            fi
+            git add package.json
+            [[ -f package-lock.json ]] && git add package-lock.json
+            git commit -m "chore: restore preview version ($PREVIEW_VERSION)"
           fi
-          echo "name=$AUTHOR" >> $GITHUB_OUTPUT
-          echo "gh_user=$GH_USER" >> $GITHUB_OUTPUT
-        env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+
+          git push origin HEAD:preview
+          echo "✅ main merged into preview and pushed"
 
       - name: Create PR for conflict resolution
         if: steps.merge.outputs.status == 'conflict'
         env:
           GH_TOKEN: ${{ steps.app-token.outputs.token }}
-          AUTHOR_NAME: ${{ steps.author.outputs.name }}
-          AUTHOR_GH: ${{ steps.author.outputs.gh_user }}
         run: |
-          BRANCH="sync-preview/merge-main-$(date +%Y%m%d-%H%M%S)"
-
-          # Check if there's already an open sync PR
-          EXISTING=$(gh pr list --base preview --search "sync-preview: merge main into preview" --state open --json number --jq 'length')
-          if [[ "$EXISTING" != "0" ]]; then
+          # Check if there's already an open sync PR (match by branch prefix, not title search)
+          COUNT=$(gh pr list --base preview --state open --json headRefName \
+            --jq '[.[] | select(.headRefName | startswith("sync-preview/"))] | length')
+          if [[ "$COUNT" != "0" ]]; then
             echo "ℹ️  Sync PR already open — skipping duplicate."
             exit 0
           fi
 
-          # Create a branch from preview with the conflict markers
+          # Abort the failed merge and redo on a branch for the PR
+          git merge --abort
+
+          BRANCH="sync-preview/merge-main-$(date +%Y%m%d-%H%M%S)"
           git checkout -b "$BRANCH"
-          git merge origin/main --no-edit -m "chore: merge main into preview" || true
+          git merge origin/main --no-edit -m "chore: merge main into preview (conflicts need resolution)" || true
           git add -A
           git commit --no-edit -m "chore: merge main into preview (conflicts need resolution)" || true
           git push origin "$BRANCH"
 
-          # Build mention string
+          GH_USER=$(gh api "/repos/${{ github.repository }}/commits/$(git rev-parse origin/main)" --jq '.author.login // empty' 2>/dev/null || echo "")
           MENTION=""
-          if [[ -n "$AUTHOR_GH" ]]; then
-            MENTION="cc @${AUTHOR_GH}"
+          if [[ -n "$GH_USER" ]]; then
+            MENTION="cc @${GH_USER}"
           fi
 
           gh pr create \
             --base preview \
             --head "$BRANCH" \
-            --title "sync-preview: merge main into preview" \
+            --title "sync-preview: merge main into preview (conflicts)" \
             --body "$(cat <<BODY
-          The automated sync-preview workflow could not cleanly merge \`main\` into \`preview\`.
+          The automated sync could not cleanly merge \`main\` into \`preview\`.
 
-          **This PR contains the merge with conflict markers.** To resolve:
+          **This PR contains conflict markers.** To resolve:
 
           1. Check out this branch locally:
              \`\`\`bash
@@ -124,8 +184,6 @@ jobs:
           3. Keep preview-specific values (package version, preview tests, etc.) — accept main's changes for everything else.
           4. Commit and push, then merge this PR.
 
-          This must be resolved before the next coordinated release.
-
           ${MENTION}
 
           _Opened automatically by the sync-preview workflow._
