From 6d1e8426f8055683e59fbff7cc7be8931c3f21ba Mon Sep 17 00:00:00 2001 From: eric-wang-1990 Date: Thu, 16 Jul 2026 17:36:07 -0700 Subject: [PATCH 1/2] fix(bots): revert poetry lock/pyproject churn before author/followup publish MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The engineer-bot author run on issue #860 failed at "Open / update fix PR": publish's leftover safety-net found poetry.lock + pyproject.toml unstaged and not in the agent's touched_files, so it refused to open the PR — even though the agent's fix + tests were correct (494 passed). Root cause: the shared setup-poetry action runs `poetry lock` (to reconcile the lock with the internal JFrog source it injects), which REWRITES the tracked poetry.lock / pyproject.toml in the working tree. That churn is harmless for the 5 real-CI consumers of the action (they commit nothing) but poisons the two engineer-bot workflows, which publish a PR from the working tree. Fix (engineer-bot side only — leave the shared action untouched): after the Poetry setup, `git checkout -- poetry.lock pyproject.toml` to drop the churn once the venv is built, so only the agent's edits remain in the tree at publish time. Applied to both engineer-bot.yml (author) and engineer-bot-followup.yml. Signed-off-by: eric-wang-1990 Co-authored-by: Isaac --- .github/workflows/engineer-bot-followup.yml | 9 +++++++++ .github/workflows/engineer-bot.yml | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/.github/workflows/engineer-bot-followup.yml b/.github/workflows/engineer-bot-followup.yml index 230f8d0ef..13da1c6d6 100644 --- a/.github/workflows/engineer-bot-followup.yml +++ b/.github/workflows/engineer-bot-followup.yml @@ -94,6 +94,15 @@ jobs: with: python-version: '3.11' + # setup-poetry runs `poetry lock` (to reconcile the lock with the internal + # JFrog source it injects), which REWRITES tracked poetry.lock / pyproject.toml + # in the working tree. The venv is already built, so the tree no longer needs + # that churn — revert it, else the followup's fixup commit (or its leftover + # check) would sweep up these bot-untouched dirty files. Keep ONLY the + # agent's edits in the tree. + - name: Revert poetry lock/pyproject churn (keep only the agent's edits) + run: git checkout -- poetry.lock pyproject.toml || true + # Shared prelude: mint the engineer-bot token (pushes fixup commits, posts # replies) + the engine-scoped token, set up Node, install the engine. - name: Bot prelude (tokens + Node + engine install) diff --git a/.github/workflows/engineer-bot.yml b/.github/workflows/engineer-bot.yml index eee9d7784..740f22022 100644 --- a/.github/workflows/engineer-bot.yml +++ b/.github/workflows/engineer-bot.yml @@ -81,6 +81,15 @@ jobs: with: python-version: '3.11' + # setup-poetry runs `poetry lock` (to reconcile the lock with the internal + # JFrog source it injects), which REWRITES tracked poetry.lock / pyproject.toml + # in the working tree. The venv is already built, so the tree no longer needs + # that churn — revert it, else publish's leftover safety-net sees these + # bot-untouched dirty files and refuses to open the PR (they aren't in the + # agent's touched_files). Keep ONLY the agent's edits in the tree. + - name: Revert poetry lock/pyproject churn (keep only the agent's edits) + run: git checkout -- poetry.lock pyproject.toml || true + # Shared prelude: mint the engineer-bot token (pushes the fix branch, # comments) + the engine-scoped token, set up Node, install the pinned # engine (PAT-free). `token` output is used by the steps below. From 24cbafcc7fcdcb9bfa1990134a5d77a8d590b6d7 Mon Sep 17 00:00:00 2001 From: "peco-engineer-bot[bot]" Date: Fri, 17 Jul 2026 00:56:13 +0000 Subject: [PATCH 2/2] ai: apply changes for #866 (1 review thread) Addresses: - #3599651153 at .github/workflows/engineer-bot.yml:89 Signed-off-by: peco-engineer-bot[bot] --- .github/workflows/engineer-bot-followup.yml | 7 ++++++- .github/workflows/engineer-bot.yml | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/engineer-bot-followup.yml b/.github/workflows/engineer-bot-followup.yml index 13da1c6d6..bf4be5117 100644 --- a/.github/workflows/engineer-bot-followup.yml +++ b/.github/workflows/engineer-bot-followup.yml @@ -101,7 +101,12 @@ jobs: # check) would sweep up these bot-untouched dirty files. Keep ONLY the # agent's edits in the tree. - name: Revert poetry lock/pyproject churn (keep only the agent's edits) - run: git checkout -- poetry.lock pyproject.toml || true + # No `|| true`: `git checkout -- ` exits 0 for both the + # clean and the reverted-churn cases, so a non-zero exit means the revert + # genuinely failed (e.g. the files went untracked/missing) and the dirty + # tree would otherwise be swept into the followup's fixup commit. Fail + # loudly here instead of masking it. + run: git checkout -- poetry.lock pyproject.toml # Shared prelude: mint the engineer-bot token (pushes fixup commits, posts # replies) + the engine-scoped token, set up Node, install the engine. diff --git a/.github/workflows/engineer-bot.yml b/.github/workflows/engineer-bot.yml index 740f22022..03ba0f307 100644 --- a/.github/workflows/engineer-bot.yml +++ b/.github/workflows/engineer-bot.yml @@ -88,7 +88,12 @@ jobs: # bot-untouched dirty files and refuses to open the PR (they aren't in the # agent's touched_files). Keep ONLY the agent's edits in the tree. - name: Revert poetry lock/pyproject churn (keep only the agent's edits) - run: git checkout -- poetry.lock pyproject.toml || true + # No `|| true`: `git checkout -- ` exits 0 for both the + # clean and the reverted-churn cases, so a non-zero exit means the revert + # genuinely failed (e.g. the files went untracked/missing) and the dirty + # tree would otherwise resurface as a confusing publish-time error. Fail + # loudly here instead of masking it. + run: git checkout -- poetry.lock pyproject.toml # Shared prelude: mint the engineer-bot token (pushes the fix branch, # comments) + the engine-scoped token, set up Node, install the pinned