Fix module cleanup workflow#18658
Merged
trask merged 13 commits intoMay 10, 2026
Merged
Conversation
trask
force-pushed
the
fix-module-cleanup-dispatch-token
branch
from
9cf953a to
a33fa02
Compare
trask
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes reliability issues in the automated module-cleanup workflow by separating credentials for PR creation vs workflow self-dispatch, eliminating shallow-history pitfalls in the finalize job, and hardening how inflight PR bodies are parsed to compute the “already processed” set.
Changes:
- Split tokens so PR creation/push uses the GitHub App token (to ensure downstream workflows run), while workflow self-dispatch uses the default
GITHUB_TOKEN. - Stop using shallow history in finalize (checkout
fetch-depth: 0; remove depth-limitedgit fetchinfinalize.sh) to prevent incorrectorigin/main..origin/module-cleanup-wipranges. - Restrict inflight PR parsing to the
## Modules in this batchsection terminated by---to reduce the chance of processed-set poisoning from unrelated backticked lines.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/module-cleanup.md | Updates module-cleanup workflow logic: token split, full-history checkout in finalize, and tighter inflight PR body parsing. |
| .github/workflows/module-cleanup.lock.yml | Regenerated locked workflow reflecting the same functional changes (token split, full-history checkout, parsing hardening). |
| .github/scripts/module-cleanup/finalize.sh | Removes self-dispatch, avoids depth-limited fetches, and relies on full repo history for accurate diff/log computation. |
laurit
approved these changes
May 10, 2026
Ari4ka
approved these changes
May 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Several fixes to the module cleanup workflow:
fetch-depth: 1plusgit fetch origin main --depth=1,origin/mainwas grafted, soorigin/main..origin/module-cleanup-wiplog/diff included main's own ancestors that happened to be reachable from wip's recently-fetched history. That made the batch PR title and "Modules in this batch" section list ~50 merged-main PRs instead of the actual cleanup commits, and (because the dispatch step scraped those backticked lines from open module-cleanup PR bodies into the "already processed" set) it poisoned the queue, droppedqueue_remainingto 0, and triggered the queue-exhausted flush branch — bypassing the 10-fileFLUSH_THRESHOLD. See Module cleanup: batch of modules (run 25590902041) #18654 for the resulting bad PR.processed.txton the memory branch is now the sole source of truth for the "already processed" set, with inflight modules derived from cleanup commit subjects on the wip branch — so a malformed PR body can no longer poison the processed set.otelbot/module-cleanup-wipto match other otelbot-owned branches.