Skip to content

Fix issue-to-PR handoff when created issue output is empty #603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
strawgate wants to merge 4 commits into from
Closed

Fix issue-to-PR handoff when created issue output is empty #603

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2e07f40
Add fallback issue resolution for remediation PR handoff.
strawgate Mar 8, 2026
cc0ade5
Use safe-output artifact as source of truth for remediation handoff.
strawgate Mar 8, 2026
861b0ad
Expose issue number and URL outputs in remediation handoff job.
strawgate Mar 8, 2026
ff7fbc9
Use run output as issue-number source for remediation chaining.
strawgate Mar 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 27 additions & 3 deletions .github/workflows/trigger-docs-patrol.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,36 @@ jobs:
secrets:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

create_pr_from_issue:
resolve_created_issue:
needs: run
if: ${{ needs.run.outputs.created_issue_number != '' }}
runs-on: ubuntu-slim
outputs:
created_issue_number: ${{ steps.resolve.outputs.created_issue_number }}
steps:
- name: Resolve created issue number
id: resolve
env:
CREATED_ISSUE_NUMBER: ${{ needs.run.outputs.created_issue_number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ github.repository }}
RUN_ID: ${{ github.run_id }}
run: |
number="$CREATED_ISSUE_NUMBER"
if [ -z "$number" ]; then
number="$(gh issue list \
--repo "$REPOSITORY" \
--search "in:body \"actions/runs/$RUN_ID\" author:github-actions[bot] is:issue" \
--json number,createdAt \
--jq 'sort_by(.createdAt) | reverse | .[0].number // empty')"
fi
echo "created_issue_number=$number" >> "$GITHUB_OUTPUT"

create_pr_from_issue:
needs: resolve_created_issue
if: ${{ needs.resolve_created_issue.outputs.created_issue_number != '' }}
uses: ./.github/workflows/gh-aw-create-pr-from-issue.lock.yml
with:
target-issue-number: ${{ needs.run.outputs.created_issue_number }}
target-issue-number: ${{ needs.resolve_created_issue.outputs.created_issue_number }}
additional-instructions: "Create a focused pull request that resolves this issue."
secrets:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}
Expand Down
30 changes: 27 additions & 3 deletions .github/workflows/trigger-framework-best-practices.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,36 @@ jobs:
secrets:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

create_pr_from_issue:
resolve_created_issue:
needs: run
if: ${{ needs.run.outputs.created_issue_number != '' }}
runs-on: ubuntu-slim
outputs:
created_issue_number: ${{ steps.resolve.outputs.created_issue_number }}
steps:
- name: Resolve created issue number
id: resolve
env:
CREATED_ISSUE_NUMBER: ${{ needs.run.outputs.created_issue_number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ github.repository }}
RUN_ID: ${{ github.run_id }}
run: |
number="$CREATED_ISSUE_NUMBER"
if [ -z "$number" ]; then
number="$(gh issue list \
--repo "$REPOSITORY" \
--search "in:body \"actions/runs/$RUN_ID\" author:github-actions[bot] is:issue" \
--json number,createdAt \
--jq 'sort_by(.createdAt) | reverse | .[0].number // empty')"
fi
echo "created_issue_number=$number" >> "$GITHUB_OUTPUT"

create_pr_from_issue:
needs: resolve_created_issue
if: ${{ needs.resolve_created_issue.outputs.created_issue_number != '' }}
uses: ./.github/workflows/gh-aw-create-pr-from-issue.lock.yml
with:
target-issue-number: ${{ needs.run.outputs.created_issue_number }}
target-issue-number: ${{ needs.resolve_created_issue.outputs.created_issue_number }}
additional-instructions: "Create a focused pull request that resolves this issue."
secrets:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}
Expand Down
30 changes: 27 additions & 3 deletions .github/workflows/trigger-text-auditor.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,36 @@ jobs:
secrets:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

create_pr_from_issue:
resolve_created_issue:
needs: run
if: ${{ needs.run.outputs.created_issue_number != '' }}
runs-on: ubuntu-slim
outputs:
created_issue_number: ${{ steps.resolve.outputs.created_issue_number }}
steps:
- name: Resolve created issue number
id: resolve
env:
CREATED_ISSUE_NUMBER: ${{ needs.run.outputs.created_issue_number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ github.repository }}
RUN_ID: ${{ github.run_id }}
run: |
number="$CREATED_ISSUE_NUMBER"
if [ -z "$number" ]; then
number="$(gh issue list \
--repo "$REPOSITORY" \
--search "in:body \"actions/runs/$RUN_ID\" author:github-actions[bot] is:issue" \
--json number,createdAt \
--jq 'sort_by(.createdAt) | reverse | .[0].number // empty')"
fi
echo "created_issue_number=$number" >> "$GITHUB_OUTPUT"

create_pr_from_issue:
needs: resolve_created_issue
if: ${{ needs.resolve_created_issue.outputs.created_issue_number != '' }}
uses: ./.github/workflows/gh-aw-create-pr-from-issue.lock.yml
with:
target-issue-number: ${{ needs.run.outputs.created_issue_number }}
target-issue-number: ${{ needs.resolve_created_issue.outputs.created_issue_number }}
additional-instructions: "Create a focused pull request that resolves this issue."
secrets:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}
Expand Down
30 changes: 27 additions & 3 deletions scripts/dogfood.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,12 +115,36 @@ for f in gh-agent-workflows/*/example.yml; do

cat >> "$target" <<'EOF'

create_pr_from_issue:
resolve_created_issue:
needs: run
if: ${{ needs.run.outputs.created_issue_number != '' }}
runs-on: ubuntu-slim
outputs:
created_issue_number: ${{ steps.resolve.outputs.created_issue_number }}
steps:
- name: Resolve created issue number
id: resolve
env:
CREATED_ISSUE_NUMBER: ${{ needs.run.outputs.created_issue_number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ github.repository }}
RUN_ID: ${{ github.run_id }}
run: |
number="$CREATED_ISSUE_NUMBER"
if [ -z "$number" ]; then
number="$(gh issue list \
--repo "$REPOSITORY" \
--search "in:body \"actions/runs/$RUN_ID\" author:github-actions[bot] is:issue" \

@github-actions github-actions Bot Mar 8, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[HIGH] Fallback issue lookup is restricted to a single author

The resolver only searches for issues authored by github-actions[bot], but issue creation in these workflows uses $\{\{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}. When GH_AW_GITHUB_TOKEN is set to a different bot/user token, the issue is created by that actor, this query returns nothing, and create_pr_from_issue is skipped even though an issue exists.

Suggested change
--search "in:body \"actions/runs/$RUN_ID\" author:github-actions[bot] is:issue" \
--search "in:body \"actions/runs/$RUN_ID\" is:issue" \

--json number,createdAt \
--jq 'sort_by(.createdAt) | reverse | .[0].number // empty')"
fi
echo "created_issue_number=$number" >> "$GITHUB_OUTPUT"

create_pr_from_issue:
needs: resolve_created_issue
if: ${{ needs.resolve_created_issue.outputs.created_issue_number != '' }}
uses: ./.github/workflows/gh-aw-create-pr-from-issue.lock.yml
with:
target-issue-number: ${{ needs.run.outputs.created_issue_number }}
target-issue-number: ${{ needs.resolve_created_issue.outputs.created_issue_number }}
additional-instructions: "Create a focused pull request that resolves this issue."
secrets:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}
Expand Down
Loading