From 6ccb00d56f2fb9792e78a1c51fd633ba7db7b854 Mon Sep 17 00:00:00 2001 From: Adam Crawford Date: Wed, 4 Mar 2026 21:19:29 -0500 Subject: [PATCH 1/3] fix(actions): switch auto-merge back to gh cli to handle graphql unstable status --- .github/workflows/dependabot-auto-merge.yaml | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml index fb4993a..5d6ccc7 100644 --- a/.github/workflows/dependabot-auto-merge.yaml +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -30,19 +30,7 @@ jobs: }); - name: Enable auto-merge - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - await github.graphql(` - mutation($pullRequestId: ID!) { - enablePullRequestAutoMerge(input: { - pullRequestId: $pullRequestId, - mergeMethod: SQUASH - }) { - clientMutationId - } - } - `, { - pullRequestId: context.payload.pull_request.node_id - }); + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} From 26ba37df050047cee4390a1250e5441930d2a74e Mon Sep 17 00:00:00 2001 From: Adam Crawford Date: Wed, 4 Mar 2026 21:28:20 -0500 Subject: [PATCH 2/3] feat(actions): auto-install and update gh cli and tailscale on runner --- .github/workflows/deploy-prod.yaml | 36 +++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index 48c5dca..eb8b4ad 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -26,6 +26,36 @@ jobs: echo "Checking age version..." age --version + - name: Install or Update GitHub CLI (gh) + run: | + echo "Checking for latest gh release..." + ARCH=$(uname -m) + if [ "$ARCH" = "aarch64" ]; then GH_ARCH="arm64"; elif [[ "$ARCH" == armv* ]]; then GH_ARCH="armv6"; else GH_ARCH="amd64"; fi + GH_VERSION=$(curl -sH "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') + + INSTALL_GH=false + if ! command -v gh &> /dev/null; then + echo "gh not found. Will install version $GH_VERSION" + INSTALL_GH=true + else + CURRENT_VERSION=$(gh --version | head -n 1 | awk '{print $3}') + if [ "$CURRENT_VERSION" != "$GH_VERSION" ]; then + echo "gh version mismatch (current: $CURRENT_VERSION, latest: $GH_VERSION). Updating..." + INSTALL_GH=true + else + echo "gh is up-to-date (version $CURRENT_VERSION)." + fi + fi + + if [ "$INSTALL_GH" = true ]; then + echo "Downloading gh version $GH_VERSION for $GH_ARCH..." + curl -sL "https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_${GH_ARCH}.tar.gz" -o gh.tar.gz + tar xzf gh.tar.gz + # Install globally so it's persistent and usable by all workflows + sudo cp "gh_${GH_VERSION}_linux_${GH_ARCH}/bin/gh" "/usr/local/bin/" + echo "Installation complete." + fi + - name: Decrypt secrets.sops.env to .env file on Pi env: SOPS_AGE_KEY: ${{ secrets.RUNNER_AGE_PRIVATE_KEY }} @@ -37,12 +67,12 @@ jobs: sudo -E chmod 600 "${TARGET_ENV_FILE}" echo ".env file created at ${TARGET_ENV_FILE} with restricted permissions." - - name: Check for Tailscale and Install if Missing + - name: Install or Update Tailscale run: | - # This step is already quiet, no changes needed. if command -v tailscale &> /dev/null then - echo "Tailscale is already installed. Skipping installation." + echo "Tailscale is already installed. Attempting update..." + sudo tailscale update --yes || echo "Tailscale update failed or unsupported via this method, continuing..." else echo "Tailscale not found. Installing..." curl -fsSL https://tailscale.com/install.sh | sudo sh From bcae04a2b508a3744d9406bac9955eef8621cf8f Mon Sep 17 00:00:00 2001 From: Adam Crawford Date: Wed, 4 Mar 2026 21:30:30 -0500 Subject: [PATCH 3/3] fix(actions): switch dependabot approval back to native gh cli --- .github/workflows/dependabot-auto-merge.yaml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml index 5d6ccc7..0beb45b 100644 --- a/.github/workflows/dependabot-auto-merge.yaml +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -18,16 +18,10 @@ jobs: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Approve PR - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - await github.rest.pulls.createReview({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.issue.number, - event: 'APPROVE' - }); + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} - name: Enable auto-merge run: gh pr merge --auto --squash "$PR_URL"