Skip to content

Commit 0003598

Browse files
rdimitrovclaude
andauthored
ci: skip update-tools on the bot's own synchronize pushes (#1189)
The commit-all-changes job pushes with a GitHub App installation token so downstream workflows (notably ci.yml) re-run on the bot's commit. That deliberate behavior also re-triggers update-tools.yml itself, producing a loop where each run rewrites metadata.last_updated and commits the timestamp change, which fires another synchronize event. Guard detect-changes against pull_request synchronize events whose sender is toolhive-release-app[bot]. Other triggers - PR opened, human pushes, workflow_dispatch - still run as before, and ci.yml is unaffected so the bot's commit is still validated end-to-end. Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 1c9ccaf commit 0003598

1 file changed

Lines changed: 6 additions & 0 deletions

File tree

.github/workflows/update-tools.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,8 +94,14 @@ jobs:
9494
name: Detect Changed Servers
9595
runs-on: ubuntu-latest
9696
needs: [security-check]
97+
# Skip on the bot's own synchronize pushes: commit-all-changes pushes with
98+
# an app token, which (unlike GITHUB_TOKEN) re-triggers pull_request events.
99+
# Without this guard the workflow re-runs on its own commit and loops.
97100
if: |
98101
always() &&
102+
!(github.event_name == 'pull_request' &&
103+
github.event.action == 'synchronize' &&
104+
github.event.sender.login == 'toolhive-release-app[bot]') &&
99105
(github.event_name == 'workflow_dispatch' ||
100106
(github.event_name == 'pull_request' && needs.security-check.outputs.should-run == 'true'))
101107
outputs:

0 commit comments

Comments
 (0)