Add workflow to update bundle and licenses

[cheshire137]

This adds a new workflow that's intended to run on pull requests when their CI builds fail. It will run licensed cache and npm run bundle, committing any changes from those. The goal is to reproduce the manual commits I made in a PR like #61, without having to get a human involved. I want to make it easier to land Dependabot version updates.

I sampled from https://github.com/github/github-mcp-server/blob/f62ff634c53b94e9cf38a80ee1fc93fef8d532fb/.github/workflows/license-check.yml#L62 for the commit attribution.

[cheshire137]

Hmm, I wonder if there's a good way to do this. The workflow is mirroring the manual steps a person has to take on their own computer or in a codespace today.

[Copilot]

Pull request overview

This PR adds an automated workflow to fix CI failures related to licensed cache and bundle generation. The workflow triggers when the Continuous Integration workflow fails on a pull request, automatically running licensed cache and npm run bundle to regenerate any stale artifacts, then committing the changes back to the PR branch.

Changes:

• Added .github/workflows/ci-auto-fix.yml workflow that triggers on CI failure to automatically update licensed cache and rebuild bundle

Comments suppressed due to low confidence (3)

.github/workflows/ci-auto-fix.yml:97

• The git diff --quiet command only checks unstaged changes, but npm run bundle may create new untracked files. This check should use git diff --quiet && git diff --cached --quiet && [ -z "$(git ls-files --others --exclude-standard)" ] or alternatively git status --porcelain to properly detect all changes including untracked files.

          if git diff --quiet; then

.github/workflows/ci-auto-fix.yml:106

• The push operation on line 106 could fail if another commit was pushed to the branch between the previous push and this one (for example, if line 85's push triggered another CI run that made changes). Consider adding retry logic or pulling before pushing, or document that manual intervention may be needed in such cases.

          git push https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${HEAD_REPO}.git HEAD:${HEAD_BRANCH}

.github/workflows/ci-auto-fix.yml:19

• The workflow could potentially trigger itself in an infinite loop: when this workflow commits changes, it may trigger the CI workflow again, which if it fails, could trigger this auto-fix workflow again. Consider adding a check to prevent running if the previous commit was made by github-actions[bot], or use a special commit message prefix that the CI workflow can check to skip certain validations.

    if: >-
      github.event.workflow_run.event == 'pull_request' &&
      github.event.workflow_run.conclusion == 'failure'

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The git diff --quiet command only checks unstaged changes, but licensed cache may create new untracked files. This check should use git diff --quiet && git diff --cached --quiet && [ -z "$(git ls-files --others --exclude-standard)" ] or alternatively git status --porcelain to properly detect all changes including untracked files.

This issue also appears in the following locations of the same file:

• line 97

[Copilot]

The workflow runs on all CI failures, not just license or bundle related failures. This could result in unnecessary workflow runs and commits for failures unrelated to licenses or bundles. Consider adding logic to check if the failure is actually related to licenses or bundles before attempting fixes, or document this behavior if it's intentional.

This issue also appears in the following locations of the same file:

• line 17

[Copilot]

The git add -A command stages all changes in the entire repository. Since this step is specifically for committing licensed cache changes, it would be safer and more explicit to use git add .licenses/ to only stage the licensed cache directory. This prevents accidentally committing unrelated changes and makes the commit's intent clearer.

Suggested change

	git add -A
	git add .licenses/

[Copilot]

The workflow doesn't handle the case where github.event.workflow_run.pull_requests array is empty. If the workflow_run is not associated with a pull request, PR_NUMBER will be empty, and subsequent steps will fail or behave unexpectedly. Consider adding a check to ensure the array is not empty before proceeding.

Suggested change

PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}

[Copilot]

The push operation on line 85 could fail if another commit was pushed to the branch between the checkout and this push, resulting in a non-fast-forward error. Consider adding retry logic or pulling before pushing, or document that manual intervention may be needed in such cases.

This issue also appears in the following locations of the same file:

• line 106

[Copilot]

Consider using the licensee/setup-licensed action instead of manually installing licensed via gem, as this is consistent with the existing licensed.yml workflow and provides better version management and caching. The existing workflow uses licensee/[email protected] with version: 4.x.

Suggested change

	run: gem install licensed
	uses: licensee/setup-licensed@v1.3.2
	with:
	version: 4.x

[Copilot]

The Ruby version is hardcoded to '3.3', but the existing licensed.yml workflow uses 'ruby' which automatically detects the version from .ruby-version or .tool-versions files. Consider using 'ruby' for consistency with the existing workflow, or ensure both workflows use the same explicit version.

Suggested change

	ruby-version: '3.3'
	ruby-version: 'ruby'

[Copilot]

The step uses npm install which can update package-lock.json, but the other workflows in this repository use npm ci which provides a clean, reproducible install from the existing package-lock.json. Consider using npm ci for consistency, unless the intention is to allow package-lock.json updates as part of the auto-fix.

Suggested change

	run: npm install
	run: npm ci