chore(lightspeed): update workflow to handle release branches

[Jdubrick]

Description

• Adds handling of different branches for the Lightspeed sync workflow to cover the release branch
  Similar change on Helm chart: chore(lightspeed): update lightspeed sync workflow to handle release branch rhdh-chart#397

Which issue(s) does this PR fix or relate to

N/A

PR acceptance criteria

• Tests
• Documentation

How to test changes / Special notes to the reviewer

[rhdh-qodo-merge]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0)

Context used

✅ Compliance rules (platform): 18 rules

1. Unauthenticated upstream API fetch 🐞 Bug ☼ Reliability

Description

The workflow now runs the sync job for multiple branches via a matrix, but
hack/sync-lightspeed-configs.sh still fetches upstream files from api.github.com without
authentication; any API rate-limit/403 response will cause curl to fail and the job to abort. With
two matrix branches, the workflow makes more unauthenticated API calls per run and is therefore more
fragile.

Code

.github/workflows/sync-lightspeed-configs.yaml[R13-22]

+    strategy:
+      fail-fast: false
+      matrix:
+        branch:
+          - main
+          - release-1.10
+
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.branch }}
+      cancel-in-progress: true

Relevance

⭐ Low

Same unauthenticated api.github.com curl was introduced/merged without objections in
hack/sync-lightspeed-configs.sh.

PR-#2645
PR-#2748

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The workflow matrix runs the job for both main and release-1.10, increasing the number of sync
executions. The sync script performs upstream fetches via GitHub API curl calls without any
Authorization header, so any API rate-limit/403 will fail the step and abort the job.

.github/workflows/sync-lightspeed-configs.yaml[13-22]
.github/workflows/sync-lightspeed-configs.yaml[50-52]
hack/sync-lightspeed-configs.sh[50-57]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The sync script downloads upstream files via unauthenticated `curl` requests to the GitHub REST API. With the workflow now running as a branch matrix, the number of API calls per workflow run increases, and any GitHub API rate-limit/403 response will fail the script (due to `set -e` + `curl -f`) and thus fail the workflow.

## Issue Context
- The workflow runs two jobs (main + release-1.10) via a matrix.
- The sync script uses `curl -fsSL` against `https://api.github.com/.../contents/...` without an `Authorization` header.

## Fix Focus Areas
- Add optional auth header in the sync script when a token env var is present (e.g., `GITHUB_TOKEN` or `GH_TOKEN`).
- Export `${{ secrets.GITHUB_TOKEN }}` into the sync step env so the script can authenticate.

### Code pointers
- .github/workflows/sync-lightspeed-configs.yaml[13-22]
- .github/workflows/sync-lightspeed-configs.yaml[50-52]
- hack/sync-lightspeed-configs.sh[50-57]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[rhdh-qodo-merge]

Review Summary by Qodo

Add multi-branch support to Lightspeed sync workflow

✨ Enhancement

Walkthroughs

Description

• Add matrix strategy to handle multiple branches (main and release-1.10)
• Move concurrency configuration to job level with branch-specific grouping
• Update workflow to checkout and sync specific branch references
• Modify PR creation logic to target correct base branch per matrix iteration

Diagram

flowchart LR
  A["Workflow Trigger"] --> B["Matrix Strategy<br/>main + release-1.10"]
  B --> C["Checkout Branch<br/>ref: matrix.branch"]
  C --> D["Sync Lightspeed Configs<br/>--ref matrix.branch"]
  D --> E["Create/Update PR<br/>base: matrix.branch"]

Loading

File Changes

1. .github/workflows/sync-lightspeed-configs.yaml ✨ Enhancement +19/-10

Multi-branch matrix support for Lightspeed sync

• Introduced matrix strategy to run workflow for both main and release-1.10 branches
• Moved concurrency configuration from workflow level to job level with branch-specific grouping
• Added ref: ${{ matrix.branch }} to checkout step to fetch correct branch
• Updated sync script invocation to pass --ref ${{ matrix.branch }} parameter
• Modified PR creation logic to use TARGET_BRANCH environment variable for branch-specific PR
 targeting and base branch specification
• Enhanced PR body to include target branch reference in upstream repository link

.github/workflows/sync-lightspeed-configs.yaml

---

[Jdubrick]

/cc @rm3l