Skip to content

Add auto-heal workflow#2695

Merged
robgruen merged 2 commits into
mainfrom
dev/robgruen/heal_lockfile
Jul 18, 2026
Merged

Add auto-heal workflow#2695
robgruen merged 2 commits into
mainfrom
dev/robgruen/heal_lockfile

Conversation

@robgruen

Copy link
Copy Markdown
Collaborator

This pull request introduces robust automation and improved handling for merge conflicts in generated files, specifically the pnpm-lock.yaml lockfile and autogenerated README.AUTOGEN.md files. It does this by adding a GitHub Actions workflow to auto-heal these conflicts, local git merge drivers to automate conflict resolution, and scripts to support these workflows. Additionally, it enhances Azure Key Vault secret management by improving privilege elevation logic.

The most important changes are:

Automated merge conflict healing and merge driver setup

  • Add GitHub Actions workflow to auto-heal generated file conflicts: Introduces .github/workflows/heal-generated-files.yml and the supporting script ts/tools/scripts/heal-generated-files.mjs to automatically resolve conflicts in generated files on open PRs, merging main and pushing resolved branches. This keeps the merge queue moving without manual intervention. [1] [2]
  • Register local git merge drivers for generated files: Adds ts/tools/scripts/setup-merge-driver.mjs and updates .gitattributes to register merge drivers for pnpm-lock.yaml (regenerated on merge) and README.AUTOGEN.md (keep ours), ensuring safe and automatic conflict resolution during merges. [1] [2]
  • Implement custom merge driver for pnpm-lock.yaml: Adds ts/tools/scripts/merge-pnpm-lock.mjs to rebuild the lockfile from merged manifests, preventing silent corruption from text merges.
  • Update ts/package.json to automate merge driver setup: Ensures merge drivers are registered on every pnpm install by adding a postinstall script. [1] [2]

Azure Key Vault secret management improvements

  • Refactor and enhance privilege elevation for secret access: Refactors the elevation logic in ts/tools/scripts/getKeys.mjs to self-activate the minimum required Azure roles for both reading and writing secrets, improving reliability and maintainability of secret operations. [1] [2] [3] [4] [5]

These changes collectively automate and safeguard the handling of merge conflicts in critical generated files and streamline secret management workflows.

@robgruen
robgruen marked this pull request as ready for review July 18, 2026 00:05
@robgruen
robgruen enabled auto-merge July 18, 2026 00:05
@robgruen
robgruen added this pull request to the merge queue Jul 18, 2026
@github-merge-queue
github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jul 18, 2026
@robgruen
robgruen added this pull request to the merge queue Jul 18, 2026
Merged via the queue into main with commit 793dc7f Jul 18, 2026
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants