ci: harden auto-approve against self-modification (handle #159) (#160)

* docs: capture auto-approve self-modification lesson and other session learnings

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* ci: harden auto-approve against self-modification (handle #159)

- Make wf-changes detection resilient (|| echo) so it cannot fail the job after the approve step has run.
- Use || echo on enable auto-merge (pattern from patchloom) so the workflow run succeeds even on GITHUB_TOKEN fallback for workflow-touching PRs.
- Approval step remains early and unconditional for trusted actors.
- Update AGENTS.md gotcha note with the resilience details and reference to patchloom + ci-branch-protection.

This ensures reviews are submitted (when PR events run the main definition) and Auto-approve check reports success for such infra PRs.

Fixes #159

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

---------

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

Author: SebTardif

.github/workflows/auto-approve.yml

@@ -34,14 +34,16 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: gh pr review --approve "${{ github.event.pull_request.number }}" --repo "${{ github.repository }}"
 
-      # Check for workflow file changes early (to decide whether we can safely use App token for auto-merge)
+      # Check for workflow file changes early (to decide whether we can safely use App token for auto-merge).
+      # This step is made robust so a transient gh failure does not fail the job (approve step already ran).
       - name: Check for workflow file changes (use GITHUB_TOKEN fallback to avoid needing workflows:write on App)
         id: wf-changes
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           pr="${{ github.event.pull_request.number }}"
-          if gh pr view "$pr" --json files --jq '.files[].path' | grep -q '^\.github/workflows/'; then
+          files=$(gh pr view "$pr" --json files --jq '.files[].path' || echo "")
+          if echo "$files" | grep -q '^\.github/workflows/'; then
             echo "changes=true" >> "$GITHUB_OUTPUT"
             echo "PR touches .github/workflows/; will use GITHUB_TOKEN for auto-merge (no workflows:write needed on App)"
           else
@@ -79,4 +81,6 @@ jobs:
           steps.release-guard.outputs.is_release_pr != 'true'
         env:
           GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
-        run: gh pr merge --auto --squash "${{ github.event.pull_request.number }}" --repo "${{ github.repository }}"
+        run: |
+          gh pr merge --auto --squash "${{ github.event.pull_request.number }}" --repo "${{ github.repository }}" \
+            || echo "Could not enable auto-merge (common when PR modifies .github/workflows/* using GITHUB_TOKEN fallback, or release guard, or other). Approval from prior step still applies; use manual merge if needed."

AGENTS.md

@@ -133,6 +133,16 @@ All I/O-dependent functions accept an `inputs` object with injectable callbacks
   changes are ready for review/merge. This ensures every pushed branch is
   backed by an open (draft) PR from the start. See `~/.grok/skills/owned-repo-gate/SKILL.md`.
 
+- **Auto-approve self-modification:** PRs that change `.github/workflows/auto-approve.yml`
+  cause GitHub to emit only "push" validation runs (0 jobs, failure) using the PR's workflow content
+  (the pull_request runs use the definition from main). The approve step runs early using
+  GITHUB_TOKEN (before wf-changes detection or merge logic) so reviews are added when the
+  pull_request workflow runs from main. The Enable auto-merge step uses `|| echo` so the
+  workflow reports success even when merge enable falls back or is restricted. In rare cases
+  where no review appears, use the emergency bypass in ci-branch-protection skill + #159
+  (add bypass actor, `gh pr merge --admin`, remove bypass immediately). See also patchloom's
+  auto-approve.yml for the reference pattern.
+
 ## Release PRs - Strong Guard
 
 Release PRs (created by release-please, titled "chore: release ..." or "chore(main): release ...", or labeled `autorelease: pending`) MUST NEVER be merged (with `gh pr merge`, `--auto`, or otherwise) without the user's explicit approval.