Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix pull requests automatically by autofix.ci #986

Closed
2 tasks done
suzuki-shunsuke opened this issue Jan 30, 2025 · 4 comments · Fixed by #991
Closed
2 tasks done

Fix pull requests automatically by autofix.ci #986

suzuki-shunsuke opened this issue Jan 30, 2025 · 4 comments · Fixed by #991
Assignees
@osterman @suzuki-shunsuke

Comments

@suzuki-shunsuke
Copy link
Collaborator

suzuki-shunsuke commented Jan 30, 2025
edited
Loading

What

This issue proposes to fix pull requests automatically by autofix.ci. https://autofix.ci

What's autofix.ci?

https://autofix.ci
https://github.com/autofix-ci/action

autofix.ci is a GitHub App and GitHub Action to fix code via CI securely.
In general, GitHub Actions triggered by pull requests from fork don't have write permission and can't access secrets, so it's hard to fix code and push commits.
To do that, you need to trigger workflows via pull_request_target or workflow_run events, but they have security risks.

autofix.ci can push commits via pull_request events and it's designed securely.

Why?

We want to format Go code by gofumpt automatically. #982 (comment)
And we also want to fix go.mod and go.sum by go mod tidy.
autofix.ci allows us to achieve this securely.

https://autofix.ci/security

Example usage of autofix.ci

I've written an example code to format changed files by gofumpt using autofix.ci:

Tasks

Alternatives

  1. Check if code is fixed in CI <= We need to fix code manually
  2. Format code by pull_request_target
  3. Format code by workflow_run

About 2 and 3, they have a security concern that malicious code can't be run via pull requests from fork.

Note

We need to install a GitHub App and trust it.

To understand autofix.ci, maybe these issues are helpful.

What do you think about this?
@suzuki-shunsuke suzuki-shunsuke mentioned this issue Jan 30, 2025
Closed
@osterman
Copy link
Member

Wow, this solves a recurring problem we’ve had in general with our open source repos! I think we will give this a go.

@suzuki-shunsuke
Copy link
Collaborator Author

True. If you install the app, I'll set up workflows.
So please let me know.

@osterman
Copy link
Member

@suzuki-shunsuke this is now installed!

@suzuki-shunsuke suzuki-shunsuke self-assigned this Jan 30, 2025
@suzuki-shunsuke suzuki-shunsuke mentioned this issue Jan 30, 2025
Merged
@suzuki-shunsuke
Copy link
Collaborator Author

Thank you!
I created a pull request.

I tested the pull request and it worked properly. 284cdcc

@github-project-automation github-project-automation bot moved this to Done in main Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@osterman osterman

@suzuki-shunsuke suzuki-shunsuke

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: format Go code by autofix.ci cloudposse/atmos
2 participants
@osterman @suzuki-shunsuke