GitHub Actions workflow testing depends on the event type:
pushruns workflow files from the pushed branch.pull_requestruns workflow files from the base branch for sensitive cases.issue_commentruns workflow files from the default branch.workflow_dispatch --ref <branch>runs the workflow file from that ref.
This matters for review-app automation because comment-triggered commands such
as +review-app-deploy use default-branch workflow code. A PR that changes
workflow files or action wiring is not fully proven by commenting on that same
PR until the trusted default-branch code has those changes.
For cpflow review-app, staging, and promotion workflows, use the cpflow-specific guide:
Testing cpflow GitHub Actions Changes
- Validate generated files locally with
bin/test-cpflow-github-flow. - Open a PR and let regular CI prove GitHub can parse the workflow YAML.
- For top-level workflow-file experiments, run
workflow_dispatch --ref. - For comment-triggered review-app commands, test a real
+review-app-deployafter the trusted default-branch wrapper points at the code under test. - When testing unreleased upstream
control-plane-flowchanges downstream, pin both the reusable workflowuses:ref andcontrol_plane_flow_refto the same upstream commit SHA.
Avoid testing production automation against moving branch refs such as main or
a feature branch. Use release tags for normal operation and full commit SHAs for
temporary pre-release validation. bin/pin-cpflow-github-ref enforces that
default and requires --allow-moving-ref for one-off local branch experiments.