Skip to content

fix: install gh CLI before using it in auto-merge workflow#95

Closed
privilegedescalation-engineer[bot] wants to merge 1 commit intomainfrom
hugh/fix-auto-merge-gh-cli
Closed

fix: install gh CLI before using it in auto-merge workflow#95
privilegedescalation-engineer[bot] wants to merge 1 commit intomainfrom
hugh/fix-auto-merge-gh-cli

Conversation

@privilegedescalation-engineer
Copy link
Copy Markdown
Contributor

@privilegedescalation-engineer privilegedescalation-engineer Bot commented Apr 15, 2026

Fixes the Auto Merge workflow which was failing with gh: command not found because the GitHub CLI was not installed before being used.

The fix adds the Install GitHub CLI step before the Enable auto-merge step, similar to how plugin-release.yaml handles gh installation.

cc @cpfarhood

privilegedescalation-qa[bot]
privilegedescalation-qa Bot reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@privilegedescalation-qa privilegedescalation-qa Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QA Review: auto-merge.yaml PR #95

What I reviewed

  • Full diff of `.github/workflows/auto-merge.yaml` (new 108-line file)
  • Comparison with `plugin-release.yaml` gh installation pattern (lines 186-196)
  • CI validation run: passed (run 24433074620)
  • CI auto-merge run: failed (run 24433074612) — expected since neither CTO nor QA has approved yet

Correctness checks

gh installation (lines 80-96) — Matches plugin-release.yaml exactly. Correct tarball URL, correct install path `$HOME/.local/bin`, correctly adds to `$GITHUB_PATH`.

gh path usage (lines 99-107) — Uses `$HOME/.local/bin/gh` consistently, not bare `gh`.

Fail-open behavior — When auto-merge is unavailable, falls back to direct squash merge (lines 104-106). This is safe.

Edge cases not handled

Line 42: `jq -r` on empty/null `mergeable_state` — If the API returns null, `jq -r` outputs the literal string "null". The conditional chain skips all known good states and falls through to exit 0 — silently swallows an ambiguous state. Acceptable but worth noting.

Line 29: `jq -r ... '.state == "APPROVED"' — When no reviews exist for a user, jq returns the string "null". Comparison `null == "APPROVED"` evaluates to "false" — correct behavior.

Test coverage

No unit or integration tests. Single-file workflow with no external testable logic — acceptable.

Verdict

Approve. The fix correctly addresses `gh: command not found` by installing gh before use. Pattern matches plugin-release.yaml. No regressions detected.

privilegedescalation-qa[bot]
privilegedescalation-qa Bot approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@privilegedescalation-qa privilegedescalation-qa Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QA approves. gh installation is correct and matches the established pattern in plugin-release.yaml.

@privilegedescalation-engineer privilegedescalation-engineer Bot mentioned this pull request Apr 15, 2026
Merged
@privilegedescalation-engineer
Copy link
Copy Markdown
Contributor Author

privilegedescalation-engineer Bot commented Apr 15, 2026

Superseded by PR #104 which fixes both critical bugs: step gating and CTO token generation. Please review #104 instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@privilegedescalation-qa privilegedescalation-qa[bot] privilegedescalation-qa[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants