auto-fix-ci.yml

name: Fix CI Failures

on:
  workflow_run:
    workflows: [CI Pipeline]
    types: [completed]
  workflow_dispatch:
    inputs:
      workflow_run_id:
        description: 'Failed workflow run ID to fix'
        required: true
        type: string

permissions:
  contents: write      # ✅ Push branches, create commits
  pull-requests: write # ✅ Comment on PRs  
  actions: write       # 🆕 Trigger workflows on verification branch
  checks: write        # 🆕 Create/update check runs for verification status

jobs:
  attempt-fix:
    if: >-
      (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.name != 'Fix CI Failures') ||
      github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install Cursor CLI
        run: |
          curl https://cursor.com/install -fsS | bash
          echo "$HOME/.cursor/bin" >> $GITHUB_PATH

      - name: Configure git identity
        run: |
          git config user.name "Cursor Agent"
          git config user.email "cursoragent@cursor.com"

      - name: Fix CI failure
        env:
          CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
          MODEL: gpt-5
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          BRANCH_PREFIX: ci-fix
        run: |
          # Determine workflow run ID based on trigger type
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            WORKFLOW_RUN_ID="${{ github.event.inputs.workflow_run_id }}"
          else
            WORKFLOW_RUN_ID="${{ github.event.workflow_run.id }}"
          fi
          
          cursor-agent -p "You are operating in a GitHub Actions runner.

          The GitHub CLI is available as \`gh\` and authenticated via \`GH_TOKEN\`. Git is available. You have write access to repository contents and can comment on pull requests, but you must not create or edit PRs directly.

          # Context:
          - Repo: ${{ github.repository }}
          - Owner: ${{ github.repository_owner }}
          - Workflow Run ID: \${WORKFLOW_RUN_ID}
          - Fix Branch Prefix: ${{ env.BRANCH_PREFIX }}

          # Goal:
          - Fix the CI failure by identifying the failing workflow, branch, and making targeted fixes. Handle both PR-based and direct branch workflow runs.

          # Requirements:
          1) Identify the workflow run details using \`gh run view \${WORKFLOW_RUN_ID}\` to get:
             - The branch that triggered the workflow
             - The workflow name and file
             - The specific job that failed
             - Any associated PR (if exists)
          2) Determine the target branch for fixes:
             - If associated with a PR: use the PR's head branch
             - If direct branch run: use the branch that triggered the workflow
          3) Create or update a persistent fix branch using the Fix Branch Prefix + branch name
          4) Attempt to resolve the CI failure by making minimal, targeted edits consistent with the repo's style
          5) If associated with a PR: post a comment with fix details and compare link
          6) If not PR-related: create a fix branch and provide instructions for manual review

          # Inputs and conventions:
          - Use \`gh run view\`, \`gh run download\`, \`gh pr view\`, \`gh pr list\`, and git commands as needed
          - For PR-related runs: avoid duplicate comments; update existing bot comments instead
          - For non-PR runs: create descriptive commit messages and branch names
          - If no actionable fix is possible, make no changes and post no comment

          # Verification Process:
          - Create verification branch: git checkout -b verify-fix-\${WORKFLOW_RUN_ID} {TARGET_BRANCH}
          - Merge your fix: git merge {CI_FIX_BRANCH}
          - Push verification branch: git push origin verify-fix-\${WORKFLOW_RUN_ID}
          - Trigger the same CI workflow that failed using the workflow file name from the original run
          - Wait for CI completion and check results
          - Only proceed with compare link if CI passes on verification branch

          # Deliverables:
          - Pushed commits to the persistent fix branch
          - For PR runs: A single natural-language PR comment with compare link
          - For non-PR runs: A descriptive commit message with fix details
          " --force --model "$MODEL" --output-format=text