Closed
Conversation
- Add id-token: write to permissions for OIDC authentication - Move checkout to first step (was at step 10 of 11) - Add --delete flag to rsync to keep VPS in sync - Create and sync .env file with DD_API_KEY before deployment - Recreate .env during remote deploy to ensure secrets are loaded This fixes critical issues preventing the workflow from executing correctly on GitHub Actions, aligning it with the proven patterns in packages-deploy.yml Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Use heredoc syntax for multi-line PR body instead of inline string - Fixes GitHub Actions validation error on line 193 Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Use variable assignment instead of inline command substitution - Separate PR body creation from gh pr create command - Fixes YAML parsing errors Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Replace heredoc PR body with single-line string - Heredoc with emoji was causing YAML parsing errors Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…-alignment Fix: Align rollback workflow with best practices
The rollback PR step creates a branch from a release tag that contains workflow files, which requires the workflows permission. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…-alignment Fix: Add workflows permission to rollback workflow
- workflows is not a valid job-level permission in GitHub Actions - GITHUB_TOKEN cannot push branches containing workflow files - Use GH_PAT secret (needs workflow scope) for the git push instead Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…-permissions Fix: Remove invalid workflows permission and use PAT for branch push
The actions/checkout configures git credentials internally via http.extraheader, overriding any subsequent remote set-url. Passing the PAT directly to the token parameter ensures all git operations (including push) use the PAT with workflow scope. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…-pat Fix: Pass GH_PAT to checkout to allow pushing workflow files
GITHUB_TOKEN is not permitted to create PRs via GitHub Actions. Using GH_PAT (with pull-requests write scope) fixes the error: 'GitHub Actions is not permitted to create or approve pull requests' Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ion-pat Fix: Use GH_PAT for rollback PR creation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…tion-log feat: Add connection string log before engine build
…rrect tag commit Without fetch-tags, the tag is not resolved locally and the rollback branch ends up pointing to the same commit as main. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix: Add fetch-tags to checkout for correct rollback branch creation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.