Skip to content

Fix/setup api client coverage gaps #1189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stranske merged 4 commits into from
Feb 2, 2026
Merged

Fix/setup api client coverage gaps #1189

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
73525e1
docs: add setup-api-client coverage audit spreadsheet
stranske Feb 2, 2026
626e159
fix: add setup-api-client to all jobs making GitHub API calls
stranske Feb 2, 2026
597b098
docs: update audit spreadsheet with PR#1189
stranske Feb 2, 2026
ade45b2
fix: address review comment - use correct checkout path per job
stranske Feb 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions .github/workflows/agents-autofix-loop.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,6 @@ jobs:
.github/scripts/github-rate-limited-wrapper.js
.github/scripts/token_load_balancer.js
sparse-checkout-cone-mode: false

- name: Setup API client
uses: ./.github/actions/setup-api-client
with:
Expand Down Expand Up @@ -408,7 +407,6 @@ jobs:
sparse-checkout: |
.github/scripts/github-api-with-retry.js
sparse-checkout-cone-mode: false

- name: Add needs-human label and comment
uses: actions/github-script@v8
with:
Expand Down Expand Up @@ -478,8 +476,17 @@ jobs:
with:
sparse-checkout: |
.github/scripts/github-api-with-retry.js
.github/actions/setup-api-client
.github/scripts/github-rate-limited-wrapper.js
.github/scripts/token_load_balancer.js
sparse-checkout-cone-mode: false

- name: Setup API client
uses: ./.github/actions/setup-api-client
with:
secrets: ${{ toJSON(secrets) }}
github_token: ${{ github.token }}

- name: Collect metrics
id: collect
uses: actions/github-script@v8
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/agents-bot-comment-handler.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,17 @@ jobs:
ref: ${{ github.event.pull_request.base.sha || github.event.pull_request.base.ref || github.event.repository.default_branch || github.ref_name }}
sparse-checkout: |
.github/scripts/github-api-with-retry.js
.github/actions/setup-api-client
.github/scripts/github-rate-limited-wrapper.js
.github/scripts/token_load_balancer.js
sparse-checkout-cone-mode: false

- name: Setup API client
uses: ./.github/actions/setup-api-client
with:
secrets: ${{ toJSON(secrets) }}
github_token: ${{ github.token }}

- name: Remove trigger label
uses: actions/github-script@v8
with:
Expand Down
16 changes: 16 additions & 0 deletions .github/workflows/reusable-10-ci-python.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2044,6 +2044,22 @@ jobs:
contents: read
actions: read
steps:
- name: Checkout (for setup-api-client)
uses: actions/checkout@v6
with:
sparse-checkout: |
.github/actions/setup-api-client
.github/scripts/github-api-with-retry.js
.github/scripts/github-rate-limited-wrapper.js
.github/scripts/token_load_balancer.js
sparse-checkout-cone-mode: false

- name: Setup API client
uses: ./.github/actions/setup-api-client
with:
secrets: ${{ toJSON(secrets) }}
github_token: ${{ github.token }}

- name: Summarize check outcomes
run: |
python - <<'PY'
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/reusable-16-agents.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,8 +283,17 @@ jobs:
with:
sparse-checkout: |
.github/scripts/github-api-with-retry.js
.github/actions/setup-api-client
.github/scripts/github-rate-limited-wrapper.js
.github/scripts/token_load_balancer.js
sparse-checkout-cone-mode: false

- name: Setup API client
uses: ./.github/actions/setup-api-client
with:
secrets: ${{ toJSON(secrets) }}
github_token: ${{ github.token }}
Copy link

Copilot AI Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

workflow_call defines service_bot_pat as a lower-case secret name, but setup-api-client’s toJSON(secrets) parsing only extracts SERVICE_BOT_PAT (upper-case). As a result this step won’t export the service bot token unless you also pass the action’s service_bot_pat input (or update parsing to handle lower-case keys).

Suggested change
github_token: ${{ github.token }}
github_token: ${{ github.token }}
service_bot_pat: ${{ secrets.service_bot_pat }}

Copilot uses AI. Check for mistakes.

- name: Preflight probe
uses: actions/github-script@v8
env:
Expand Down
21 changes: 21 additions & 0 deletions .github/workflows/reusable-20-pr-meta.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,7 @@ jobs:
ref: ${{ steps.workflows_ref.outputs.ref }}
sparse-checkout: |
.github/scripts
.github/actions/setup-api-client
sparse-checkout-cone-mode: false
path: workflows-lib
fetch-depth: 1
Expand All @@ -276,6 +277,12 @@ jobs:
run: |
echo "WORKFLOWS_SCRIPTS_PATH=${GITHUB_WORKSPACE}/workflows-lib" >> "$GITHUB_ENV"

- name: Setup API client
uses: ./workflows-lib/.github/actions/setup-api-client
with:
secrets: ${{ toJSON(secrets) }}
github_token: ${{ github.token }}

- name: Mint GitHub App token (preferred)
id: app_token
continue-on-error: true
Expand Down Expand Up @@ -331,6 +338,7 @@ jobs:
ref: ${{ steps.workflows_ref.outputs.ref }}
sparse-checkout: |
.github/scripts
.github/actions/setup-api-client
sparse-checkout-cone-mode: false
path: workflows-lib
fetch-depth: 1
Expand All @@ -339,6 +347,12 @@ jobs:
run: |
echo "WORKFLOWS_SCRIPTS_PATH=${GITHUB_WORKSPACE}/workflows-lib" >> "$GITHUB_ENV"

- name: Setup API client
uses: ./workflows-lib/.github/actions/setup-api-client
with:
secrets: ${{ toJSON(secrets) }}
github_token: ${{ github.token }}

- name: Evaluate keepalive gate
id: gate
uses: actions/github-script@v8
Expand Down Expand Up @@ -464,6 +478,7 @@ jobs:
ref: ${{ steps.workflows_ref.outputs.ref }}
sparse-checkout: |
.github/scripts
.github/actions/setup-api-client
sparse-checkout-cone-mode: false
path: workflows-lib
fetch-depth: 1
Expand All @@ -472,6 +487,12 @@ jobs:
run: |
echo "WORKFLOWS_SCRIPTS_PATH=${GITHUB_WORKSPACE}/workflows-lib" >> "$GITHUB_ENV"

- name: Setup API client
uses: ./workflows-lib/.github/actions/setup-api-client
with:
secrets: ${{ toJSON(secrets) }}
github_token: ${{ github.token }}

- name: Upsert PR body sections
uses: actions/github-script@v8
env:
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/reusable-bot-comment-handler.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -393,8 +393,17 @@ jobs:
with:
sparse-checkout: |
.github/scripts/github-api-with-retry.js
.github/actions/setup-api-client
.github/scripts/github-rate-limited-wrapper.js
.github/scripts/token_load_balancer.js
sparse-checkout-cone-mode: false

- name: Setup API client
uses: ./.github/actions/setup-api-client
with:
secrets: ${{ toJSON(secrets) }}
github_token: ${{ github.token }}
Copy link

Copilot AI Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this reusable workflow, workflow_call secrets like service_bot_pat / gh_app_id are lower-case. setup-api-client’s JSON parsing looks for upper-case keys (e.g., SERVICE_BOT_PAT, GH_APP_ID), so passing only secrets: ${{ toJSON(secrets) }} won’t export these tokens to the environment. Pass the action’s individual inputs (service_bot_pat, gh_app_id, gh_app_private_key, etc.) or update setup-api-client to also recognize lower-case secret keys.

Suggested change
github_token: ${{ github.token }}
github_token: ${{ github.token }}
service_bot_pat: ${{ secrets.service_bot_pat }}
gh_app_id: ${{ secrets.gh_app_id }}
gh_app_private_key: ${{ secrets.gh_app_private_key }}

Copilot uses AI. Check for mistakes.

- name: Assign agent and post context comment
id: dispatch
uses: actions/github-script@v8
Expand Down
11 changes: 11 additions & 0 deletions docs/fixes/setup-api-client-coverage-audit.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
workflow,job,github_script_count,has_setup_api_client,coverage_status,fix_status,fix_pr,fix_date,notes
agents-autofix-loop.yml,metrics,1,Yes,Covered,Fixed,PR#1189,2026-02-02,Added sparse-checkout deps + setup-api-client step
agents-bot-comment-handler.yml,cleanup,1,Yes,Covered,Fixed,PR#1189,2026-02-02,Added sparse-checkout deps + setup-api-client step
reusable-10-ci-python.yml,logs_summary,1,Yes,Covered,Fixed,PR#1189,2026-02-02,Added checkout + setup-api-client (was missing checkout)
reusable-16-agents.yml,preflight,3,Yes,Covered,Fixed,PR#1189,2026-02-02,Added sparse-checkout deps + setup-api-client step
reusable-16-agents.yml,verify_issue_summary,2,No,FALSE_POSITIVE,N/A,,,Uses github-script but only writes to core.summary - no API calls
reusable-20-pr-meta.yml,keepalive_dispatch,1,Yes,Covered,Existing,PR#1183,,Already had setup-api-client via consumer checkout
reusable-20-pr-meta.yml,keepalive_orchestrator,1,Yes,Covered,Fixed,PR#1189,2026-02-02,Added workflows-lib sparse-checkout + setup-api-client
reusable-20-pr-meta.yml,keepalive_from_gate,1,Yes,Covered,Fixed,PR#1189,2026-02-02,Added workflows-lib sparse-checkout + setup-api-client
reusable-20-pr-meta.yml,pr_body_update,2,Yes,Covered,Fixed,PR#1189,2026-02-02,Added workflows-lib sparse-checkout + setup-api-client
reusable-bot-comment-handler.yml,dispatch,1,Yes,Covered,Fixed,PR#1189,2026-02-02,Added sparse-checkout deps + setup-api-client step
Loading