Skip to content

fix(scripts): query workflow runs by branch name instead of pull_requests field #3794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aterga merged 1 commit into from
Apr 21, 2026
Merged

fix(scripts): query workflow runs by branch name instead of pull_requests field #3794

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions scripts/deploy-pr-to-beta
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,12 +197,15 @@ AUTH_HEADER="Authorization: token $GITHUB_TOKEN"

echo "Fetching workflow runs for PR #$PR_NUMBER..."

# Fetch the most recent workflow run for this PR (regardless of overall conclusion)
# Get the branch name for this PR
BRANCH=$(gh pr view "$PR_NUMBER" --json headRefName -q '.headRefName')
Copy link

Copilot AI Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gh pr view here relies on the current directory’s repo context, but the script’s API calls are hard-coded to $REPO. If someone runs this from a fork/other checkout, gh may fetch the wrong PR (or fail), producing an incorrect BRANCH. Pass --repo "$REPO" and add a small guard that BRANCH is non-empty/non-null before continuing.

Suggested change
BRANCH=$(gh pr view "$PR_NUMBER" --json headRefName -q '.headRefName')
BRANCH=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json headRefName -q '.headRefName')
if [ -z "$BRANCH" ] || [ "$BRANCH" = "null" ]; then
echo "Error: Could not determine branch name for PR #$PR_NUMBER in repository $REPO"
exit 1
fi

Copilot uses AI. Check for mistakes.

# Fetch the most recent workflow run for this PR's branch
RUN_ID=$(curl -sf -H "$AUTH_HEADER" \
"https://api.github.com/repos/$REPO/actions/runs?event=push&per_page=100" \
| jq -r --arg PR "$PR_NUMBER" --arg WF "$WORKFLOW_FILE" '
"https://api.github.com/repos/$REPO/actions/runs?per_page=100" \
| jq -r --arg BRANCH "$BRANCH" --arg WF "$WORKFLOW_FILE" '
Comment on lines 204 to +206
Copy link

Copilot AI Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The repo runs API supports server-side filtering by branch (and you can also query runs for a specific workflow file). Right now you fetch the last 100 runs across all branches and then filter in jq, which can miss the PR’s run if it’s not in that first page on a busy repo. Consider adding branch=$BRANCH (and ideally using the workflow-specific runs endpoint for $WORKFLOW_FILE) to make this robust.

Copilot uses AI. Check for mistakes.
[.workflow_runs[]
| select(.pull_requests[]?.number == ($PR|tonumber))
| select(.head_branch == $BRANCH)
| select(.path == (".github/workflows/" + $WF))
Comment on lines +206 to 209
Copy link

Copilot AI Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Filtering workflow runs only by .head_branch == $BRANCH can select the wrong run when multiple PRs (especially from forks) use the same branch name (e.g. main, feature/foo). That can lead to deploying artifacts from an unrelated PR. To uniquely identify the run, also match the PR’s head SHA (via gh pr view --json headRefOid) and/or the PR’s head repository (e.g. headRepository.nameWithOwner) against the run’s head_sha / head_repository fields.

Copilot uses AI. Check for mistakes.
]
| sort_by(.run_number)
Expand Down
Loading