Skip to content

Avoid red mirror-sync runs when the mirror PAT is not configured #221

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
NagyVikt merged 1 commit into from
Apr 21, 2026
Merged

Avoid red mirror-sync runs when the mirror PAT is not configured #221

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/workflows/sync-frontend-mirror.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,16 @@ jobs:
SOURCE_PREFIX: frontend
SYNC_TOKEN: ${{ secrets.GUARDEX_FRONTEND_MIRROR_PAT }}
steps:
- name: Skip when mirror PAT is missing
if: ${{ env.SYNC_TOKEN == '' }}
run: echo "GUARDEX_FRONTEND_MIRROR_PAT is not configured; skipping frontend mirror sync."

- name: Checkout
if: ${{ env.SYNC_TOKEN != '' }}
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0

- name: Sync frontend subtree to mirror repo
if: ${{ env.SYNC_TOKEN != '' }}
run: bash scripts/sync-frontend-mirror.sh
2 changes: 2 additions & 0 deletions ...pec/changes/agent-codex-skip-mirror-sync-when-pat-missing-2026-04-21-13-00/.openspec.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
schema: spec-driven
created: 2026-04-21
5 changes: 5 additions & 0 deletions ...changes/agent-codex-skip-mirror-sync-when-pat-missing-2026-04-21-13-00/notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# T1 Notes

- Make the frontend mirror workflow skip cleanly when `GUARDEX_FRONTEND_MIRROR_PAT` is unset instead of failing the whole job.
- Keep the secret wired through `env.SYNC_TOKEN` and gate workflow steps on `env` checks rather than direct `secrets.*` expressions.
- Add a metadata regression so future mirror-link changes keep the skip behavior and the canonical mirror token wiring aligned.
10 changes: 10 additions & 0 deletions test/metadata.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,16 @@ test('code review workflow does not gate startup on secrets context', () => {
assert.match(workflow, /if:\s+\$\{\{\s*env\.OPENAI_API_KEY != ''\s*\}\}/);
});

test('frontend mirror workflow skips cleanly when the mirror PAT is missing', () => {
const workflowPath = path.join(repoRoot, '.github', 'workflows', 'sync-frontend-mirror.yml');
const workflow = fs.readFileSync(workflowPath, 'utf8');
assert.doesNotMatch(workflow, /if:\s+\$\{\{\s*secrets\.GUARDEX_FRONTEND_MIRROR_PAT/);
assert.match(workflow, /SYNC_TOKEN:\s+\$\{\{\s*secrets\.GUARDEX_FRONTEND_MIRROR_PAT\s*\}\}/);
assert.match(workflow, /name:\s+Skip when mirror PAT is missing/);
assert.match(workflow, /if:\s+\$\{\{\s*env\.SYNC_TOKEN == ''\s*\}\}/);
assert.match(workflow, /if:\s+\$\{\{\s*env\.SYNC_TOKEN != ''\s*\}\}/);
});

test('critical runtime helper scripts stay in sync with templates', () => {
const pairs = [
['templates/scripts/codex-agent.sh', 'scripts/codex-agent.sh'],
Expand Down