👷 ci(schemastore): sync fork before pushing branch#3942
Merged
gaborbernat merged 1 commit intoMay 12, 2026
Conversation
The 4.54.0 SchemaStore update run failed because force-pushing the update-tox-schema branch dragged in upstream commits that modified .github/workflows/auto-update.yml, and SCHEMASTORE_TOKEN doesn't carry the workflow scope. Sync the fork's master via the GitHub Sync API before branching, then base the working branch off origin/master. The push then carries only the tox.json bump, so the workflow-scope guard no longer trips.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
Update SchemaStorerun for the4.54.0tag failed at the push step withrefusing to allow a Personal Access Token to create or update workflow .github/workflows/auto-update.yml without workflow scope. TheSCHEMASTORE_TOKENPAT carriesreposcope only, which is correct for our use case, so the workflow itself has to stop pushing upstream workflow file changes through the fork.The root cause is that
gh repo fork --clonedoes not sync the fork when it already exists, soupstream/masterwas ahead oforigin/masterby upstream commits that touched.github/workflows/auto-update.yml. Force-pushing theupdate-tox-schemabranch — built fromupstream/master— carried those workflow edits into the fork, which trips GitHub's workflow-scope guard.The fix calls
gh repo syncon the fork'smasterfirst (the Sync API path only requiresreposcope), then bases the working branch offorigin/master. The resulting push contains a single new commit touchingsrc/schemas/json/tox.json, so no workflow files cross the boundary.