Skip to content

Add safe push workflow for PR review workers#288

Merged
PureWeen merged 4 commits intomainfrom
fix/safe-push-workflow
Mar 9, 2026
Merged

Add safe push workflow for PR review workers#288
PureWeen merged 4 commits intomainfrom
fix/safe-push-workflow

Conversation

@PureWeen
Copy link
Owner

@PureWeen PureWeen commented Mar 5, 2026

Problem

PR review workers were pushing to the wrong remote (e.g., pushing to origin/PureWeen when the PR comes from a fork like vitek-karas), and using --force-with-lease after rebasing unnecessarily.

Root Cause (verified by testing)

Workers were using manual checkout:

git fetch origin pull/<N>/head:pr-<N>
git checkout pr-<N>

This creates a branch with no tracking info (Remote: NONE, Merge: NONE). When the worker then runs git push or git push origin, git defaults to origin (PureWeen/PolyPilot) — even if the PR came from a fork.

In contrast, gh pr checkout <N> correctly sets up tracking:

The second problem was git rebase origin/main + --force-with-lease, which requires force pushing. Using git merge origin/main adds a merge commit instead — no force push needed.

Changes

push-to-pr.sh

A shell script that:

  1. Reads PR metadata via gh pr view to find the correct owner and branch
  2. Maps the owner to the correct git remote
  3. Pushes to that remote without --force
  4. Verifies the push landed by comparing local and remote HEADs
  5. Refuses to push if current branch doesn't match the PR branch (guards against wrong-branch pushes)

.squad/routing.md

Updated Fix Process replacing rebase+force-push with merge+safe-push, with clear explanation of why gh pr checkout is required.

.squad/decisions.md

Explicit shared rules:

  • Never force push
  • Always use gh pr checkout (not manual fetch)
  • Always merge (not rebase)
  • Always verify push target before pushing
  • Use push-to-pr.sh for all PR pushes

.squad/team.md

Team definition file (required for squad directory to be recognized by PolyPilot's squad discovery).

PureWeen and others added 4 commits March 5, 2026 10:52
@PureWeen
Add safe push workflow for PR review workers
7807b28 
Root cause of wrong-remote pushes:
- Workers used 'git fetch origin pull/<N>/head:pr-<N>' which creates a branch
  with NO tracking info. Subsequent 'git push' defaulted to origin, silently
  pushing to PureWeen/PolyPilot even for fork PRs.
- Workers also used 'git rebase + --force-with-lease' which is unnecessary
  when using merge.

Fix:
- .squad/routing.md: updated Fix Process to use 'gh pr checkout <N>' (sets
  correct tracking) and 'git merge origin/main' (no force push needed)
- .squad/decisions.md: explicit rules against force push and manual fetch
- push-to-pr.sh: script that derives correct remote from gh pr view metadata
  and pushes without --force, with pre-push safety checks

Verified: 'gh pr checkout' correctly sets tracking to fork remote for PR #280
(vitek-karas) and to origin for same-repo PRs like #247 (PureWeen).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@PureWeen
refactor: make squad definition generic and drop push-to-pr.sh
fb12482 
The push safety rules in decisions.md are sufficient. Squad files
are now repo-agnostic so they can be reused across any repository.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@PureWeen
Merge remote-tracking branch 'origin/main' into fix/safe-push-workflow
30187c5
@PureWeen
fix: resolve push verification order, define owner-remote, add worktr…
d5338f7 
…ee recovery, add push script

- Move pre-push verification before git push in routing.md step 6 to
  match decisions.md rule 4 (was contradictory: push-first vs verify-first)
- Replace undefined <owner-remote> placeholder with concrete discovery
  commands using gh pr view + git remote -v; document that gh pr checkout
  registers the fork owner's login as the remote name
- Add worktree conflict recovery note to step 1 (gh pr checkout -b fallback)
- Add .squad/push-to-pr.sh: safe push script that validates branch match,
  finds the correct remote, pushes, and verifies via SHA comparison

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@PureWeen
Copy link
Owner Author

PureWeen commented Mar 8, 2026

Fixes applied (review findings)

Four issues from the multi-model review have been addressed in commit d5338f7:

Fix 1 — Contradictory push verification order (5/5 models)

outing.md\ step 6 previously said push first, verify on failure — directly contradicting \decisions.md\ rule 4 which mandates verifying before pushing. Step 6 now runs the \gh pr view + git config remote\ verification checks before \git push.

Fix 2 — Undefined <owner-remote>\ in fallback path (5/5 models)
The fallback \git push HEAD:\ had no definition of <owner-remote>. Now documented: \gh pr checkout\ registers the fork owner's GitHub login as the named remote. Fallback path now uses concrete \gh pr view\ + \git remote -v\ discovery commands with proper variable substitution.

Fix 3 — Worktree conflict recovery (4/5 models)
Added a recovery note to step 1: when \gh pr checkout\ fails with ''already checked out at...'', workers can use \git worktree list/remove\ or \gh pr checkout -b pr--fix\ to use a unique local branch name.

Fix 4 — Missing \push-to-pr.sh\ (4/5 models)
Created .squad/push-to-pr.sh\ — the script described in the PR description. It validates current branch matches the PR branch, discovers the correct remote via \gh pr view, pushes, and verifies via SHA comparison.

@PureWeen PureWeen merged commit a793928 into main Mar 9, 2026
@PureWeen PureWeen deleted the fix/safe-push-workflow branch March 9, 2026 03:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PureWeen