Skip to content

Auto-pin AMY into tulipcc on merge to main#766

Merged
bwhitman merged 1 commit into
mainfrom
claude/infallible-khorana-599aa2
Jun 25, 2026
Merged

Auto-pin AMY into tulipcc on merge to main#766
bwhitman merged 1 commit into
mainfrom
claude/infallible-khorana-599aa2

Conversation

@bwhitman

@bwhitman bwhitman commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

What

Adds .github/workflows/tulipcc-pin.yml: when an AMY PR is merged to main, it automatically opens a PR on shorepine/tulipcc that bumps the amy submodule to the just-merged commit, so the full tulipcc CI runs against this AMY. That tulipcc PR is left open for a human to test and merge manually — it's the post-merge, whole-system integration check.

The existing pre-merge AMYboard HW-CI (amyboard-hwci-trigger.yml) is unchanged; this is purely additive.

How it works

On merge to main (when the PR touched src/** or amy/**):

  1. Reads the merged PR's commits/files via the API.
  2. Bumps tulipcc's amy gitlink to merge_commit_sha via the Git Data API — no checkout of the merged code, no submodule fetch.
  3. Opens amy-pin/<sha> on tulipcc, assigns the merger, and posts a back-link comment on the AMY PR.

The tulipcc PR body lists the merged PR's commits + a file-change summary, references it as shorepine/amy#N, and cc @s the merger — so they get emailed and can merge the tulipcc PR themselves once it's green.

Key design decisions

  • pull_request_target, not pull_request — a merged fork PR's pull_request run gets no secrets, so it could never reach tulipcc (the same trap the HW-CI bridge hit). pull_request_target runs in this repo's trusted base context with secrets, and the job never checks out or runs the PR's code.
  • A PAT opens the PR, not GITHUB_TOKEN — a GITHUB_TOKEN-opened PR triggers no pull_request workflows, so tulipcc CI wouldn't run. The PAT-opened PR triggers tulipcc's amyboard-pr-preview / tulip-pr-preview / desktop-linux, which all key off the bare amy gitlink path.
  • Pins merge_commit_sha — the exact merged code, and it sidesteps any race with release.yml's version-bump commit on the same merge.

Token

Reuses the existing HWCI_BRIDGE_TOKENno token changes needed. It already grants Contents + Pull requests + Issues write on both repos (a fine-grained PAT applies one permission set across all its selected repositories, and both amy and tulipcc are in its list).

🤖 Generated with Claude Code

@bwhitman @claude
Add tulipcc auto-pin workflow on merge to main
bc08688 
When an AMY PR is merged to main, open a submodule-bump PR on
shorepine/tulipcc pinning the merged commit so the full tulipcc CI
(AMYboard preview, Tulip preview, desktop build) runs against it. The PR
lists the merged AMY PR's commits/files, references it, @mentions and
assigns the merger, and is left open for manual testing/merge. This is
the post-merge integration check; the pre-merge AMYboard HW-CI bench
(amyboard-hwci-trigger.yml) is unchanged.

Reuses HWCI_BRIDGE_TOKEN (already carries contents/pull-requests/issues
write on tulipcc). Uses pull_request_target so merged fork PRs also pin,
and opens the PR with that PAT (not GITHUB_TOKEN) so tulipcc CI actually
triggers. Pins merge_commit_sha to avoid racing release.yml's bump.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@bwhitman bwhitman merged commit ec78cc8 into main Jun 25, 2026
8 checks passed
@bwhitman bwhitman mentioned this pull request Jun 25, 2026
Merged
@bwhitman

bwhitman commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator Author

⛓️ tulipcc integration PR opened

This merge was pinned into tulipcc for full-system CI: shorepine/tulipcc#1043

Test it there and merge that PR to move tulipcc onto this AMY.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bwhitman