Skip to content

ci: push ecosystem history from the downstream workflow#61

Open
stormslowly wants to merge 2 commits into
mainfrom
ci/move-data-push-downstream
Open

ci: push ecosystem history from the downstream workflow#61
stormslowly wants to merge 2 commits into
mainfrom
ci/move-data-push-downstream

Conversation

@stormslowly

@stormslowly stormslowly commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Why

The data-branch push (the CI history that feeds the website) runs inside the upstream ecosystem_ci_per_commit composite action. Because that action runs in the consumer repo, every consumer's dispatch token (e.g. rspack's REPO_RSTACK_ECO_CI_GITHUB_TOKEN) must carry Contents read/write on this repo just to push that data — broader than it should be.

Moving the push into the downstream *-from-commit workflow lets it use this repo's own GITHUB_TOKEN, so the consumer token only needs Actions read/write.

before after
who pushes data upstream composite action downstream update-history job
token used consumer PAT downstream GITHUB_TOKEN
consumer token scope Actions RW + Contents RW Actions RW

What

  • Remove the Update Ecosystem History + Publish History steps (and the checkout/setup-node that only fed them) from ecosystem_ci_per_commit. It now only dispatches, summarizes, and posts the commit comment on failure.
  • Add an update-history job to all six *-ecosystem-ci-from-commit.yml workflows (needs: [execute-all], if: always() && inputs.suite == '-', permissions: { contents: write, actions: read }). It summarizes the current run via ecosystem-ci-result, builds the payload with update-ecosystem-history.mjs, and pushes to the data branch with secrets.GITHUB_TOKEN.
  • Update the from-commit execution-flow diagram in AGENTS.md.

Observable behavior is unchanged: failure commit comments, website data, and the from-pr flow all work the same.

Rollout (per SHA Pin Update Policy)

This touches ecosystem_ci_per_commit/**, so after merge: cut a release, bump the SHA pins in the upstream repos, then tighten each consumer token to Actions-RW. Bump the SHA before dropping Contents from the token — otherwise the old action's upstream push 403s (the downstream push already succeeded, so only a cosmetic red step). A transient, idempotent double-push to data is expected during the window before consumers bump.

Validation

pnpm lint (rslint + prettier) clean; YAML parses for all six workflows and the action.

@stormslowly
ci: push ecosystem history from the downstream workflow
bbea702 
Move the data-branch push out of the upstream ecosystem_ci_per_commit
action into each from-commit workflow's new update-history job, which
uses the downstream GITHUB_TOKEN (contents: write + actions: read).
The consumer dispatch token no longer needs Contents RW.
@coderabbitai

coderabbitai Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ab3d25e0-8902-4e81-a1b7-92e68d664b1a

📥 Commits

Reviewing files that changed from the base of the PR and between bbea702 and d79e6bc.

📒 Files selected for processing (2)
  • .agents/skills/eco-ci-selfcheck/SKILL.md
  • AGENTS.md
✅ Files skipped from review due to trivial changes (1)
  • AGENTS.md
📝 Walkthrough

Walkthrough

The ecosystem history update and GitHub Pages publish logic is removed from the upstream ecosystem_ci_per_commit composite action. The upstream action now only retrieves the downstream run result and creates a commit comment when the downstream run fails. Six downstream workflows (rsbuild, rsdoctor, rslib, rspack, rspress, rstest) each gain an identical new update-history job that runs after execute-all when inputs.suite == '-', using the downstream repo's own GITHUB_TOKEN to run scripts/update-ecosystem-history.mjs and deploy artifacts to the data branch. AGENTS.md is updated to document the new flow with corrected token scope requirements, and SKILL.md receives minor formatting adjustments.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title concisely summarizes the main change: moving ecosystem history pushes from upstream to downstream workflow.
Description check ✅ Passed The description is comprehensive and directly related to the changeset, explaining the rationale, technical changes, and rollout strategy.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/move-data-push-downstream

Comment @coderabbitai help to get the list of available commands and usage tips.

@stormslowly stormslowly requested review from chenjiahan and fi3ework and removed request for chenjiahan June 17, 2026 18:24
@stormslowly
chore: fix prettier formatting to unblock _selftest lint
d79e6bc 
prettier -c . (run by the rspack _selftest suite) was failing on
pre-existing drift in AGENTS.md and the eco-ci-selfcheck skill doc.
Formatting only; no behavior change.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fi3ework fi3ework Awaiting requested review from fi3ework

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stormslowly