vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 15:50:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(pr): prefer verified GitHub commits for prep pushes (#76323) thanks @BunsDev

Browse Source 
Route maintainer prepare pushes through GitHub createCommitOnBranch by default so PR repair branches do not accumulate unsigned git-protocol commits. Keeps git-protocol pushes behind an explicit override.
This commit is contained in:
Val Alexander
2026-05-02 19:11:04 -05:00
committed by GitHub
parent afe42fc977
commit a81c7f5d32
2 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
scripts/pr-lib/push.sh
View File

@@ -202,6 +202,27 @@ resolve_prhead_remote_sha() {
printf '%s\n' "$remote_sha"
}
push_prep_head_once() {
local pr_head="$1"
local lease_sha="$2"
local prep_head_sha="$3"
if [ -n "${PR_HEAD_OWNER:-}" ] && [ -n "${PR_HEAD_REPO_NAME:-}" ] && [ "${OPENCLAW_PR_PUSH_MODE:-graphql}" != "git" ]; then
echo "Pushing PR branch through GitHub createCommitOnBranch so the prepared commit is verified." >&2
graphql_push_to_fork "${PR_HEAD_OWNER}/${PR_HEAD_REPO_NAME}" "$pr_head" "$lease_sha"
return $?
fi
if [ "${OPENCLAW_ALLOW_UNSIGNED_GIT_PUSH:-}" != "1" ]; then
echo "Refusing git-protocol PR branch push because it can publish unsigned commits." >&2
echo "Use the default GitHub createCommitOnBranch path, or set OPENCLAW_ALLOW_UNSIGNED_GIT_PUSH=1 for an explicit manual override." >&2
return 2
fi
git push --force-with-lease=refs/heads/$pr_head:$lease_sha prhead HEAD:$pr_head >&2
printf '%s\n' "$prep_head_sha"
}
push_prep_head_to_pr_branch() {
local pr="$1"
local pr_head="$2"
@@ -226,9 +247,7 @@ push_prep_head_to_pr_branch() {
fi
pushed_from_sha="$lease_sha"
local push_output
if ! push_output=$(
git push --force-with-lease=refs/heads/$pr_head:$lease_sha prhead HEAD:$pr_head 2>&1
); then
if ! push_output=$(push_prep_head_once "$pr_head" "$lease_sha" "$prep_head_sha" 2>&1); then
echo "Push failed: $push_output"
if printf '%s' "$push_output" | grep -qiE '(permission|denied|403|forbidden)'; then
@@ -253,9 +272,7 @@ push_prep_head_to_pr_branch() {
run_prepare_push_retry_gates "$docs_only"
fi
if ! push_output=$(
git push --force-with-lease=refs/heads/$pr_head:$lease_sha prhead HEAD:$pr_head 2>&1
); then
if ! push_output=$(push_prep_head_once "$pr_head" "$lease_sha" "$prep_head_sha" 2>&1); then
echo "Retry push failed: $push_output"
if [ -n "${PR_HEAD_OWNER:-}" ] && [ -n "${PR_HEAD_REPO_NAME:-}" ]; then
echo "Retry failed; trying GraphQL createCommitOnBranch fallback..."
@@ -266,8 +283,12 @@ push_prep_head_to_pr_branch() {
echo "Git push failed and no fork owner/repo info for GraphQL fallback."
exit 1
fi
else
prep_head_sha=$(printf '%s\n' "$push_output" | tail -n 1)
fi
fi
else
prep_head_sha=$(printf '%s\n' "$push_output" | tail -n 1)
fi
fi