Skip to content

Add scheduled workflow to update all plugins daily #7406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JohnMcLear merged 1 commit into from
Mar 31, 2026
Merged

Add scheduled workflow to update all plugins daily #7406

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions .github/workflows/update-plugins.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: Update Plugins

on:
schedule:
- cron: '0 6 * * *' # Daily at 06:00 UTC
workflow_dispatch: # Allow manual trigger
Comment on lines +3 to +6

@qodo-free-for-open-source-projects qodo-free-for-open-source-projects Bot Mar 31, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Scheduled workflow runs by default 📘 Rule violation ☼ Reliability

The new workflow is enabled on a daily cron schedule, changing default behavior without an
enable/disable mechanism. This violates the requirement that new features be gated behind a feature
flag and disabled by default.
Agent Prompt 
## Issue description
The scheduled GitHub Actions workflow is enabled by default via `on.schedule`, which introduces new automatic behavior without a feature flag.

## Issue Context
The workflow performs automated plugin updates with `autopush`, so it should be explicitly enabled (disabled by default) to comply with the feature-flag requirement.

## Fix Focus Areas
- .github/workflows/update-plugins.yml[3-6]
- .github/workflows/update-plugins.yml[35-63]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


jobs:
update-plugins:
runs-on: ubuntu-latest
steps:
- name: Check out etherpad-lite
uses: actions/checkout@v4

- uses: pnpm/action-setup@v3
name: Install pnpm
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 22

- name: Install bin dependencies
working-directory: ./bin
run: pnpm install

- name: Configure git
run: |
git config --global user.name 'github-actions[bot]'
git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'

- name: Clone and update all plugins
env:
GH_TOKEN: ${{ secrets.PLUGINS_PAT }}
run: |
# Configure git to use the PAT for all ether/ repos
git config --global url."https://x-access-token:${GH_TOKEN}@github.com/ether/".insteadOf "https://github.com/ether/"

cd ..
# List all ep_* repos from ether org
plugins=$(gh repo list ether --limit 200 --json name --jq '.[] | select(.name | startswith("ep_")) | .name')

@qodo-free-for-open-source-projects qodo-free-for-open-source-projects Bot Mar 31, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

3. Repo list truncation 🐞 Bug ≡ Correctness

The workflow only lists the first 200 repos from the ether org, so any additional ep_* repos
beyond that will never be processed. This breaks the stated goal of updating all ether/ep_*
plugins daily.
Agent Prompt 
### Issue description
The workflow enumerates repos with `gh repo list ... --limit 200`, which can omit `ep_*` repos beyond the first 200.

### Issue Context
This workflow intends to update *all* `ether/ep_*` repos. Existing scripts in `bin/plugins/` already show multi-page enumeration patterns.

### Fix Focus Areas
- .github/workflows/update-plugins.yml[43-45]

### Suggested fix
Use a paginated API call instead of a fixed limit, for example:
- `plugins=$(gh api --paginate 'orgs/ether/repos?per_page=100' --jq '.[].name | select(startswith("ep_"))')`
Or raise the limit to a sufficiently high value *and* confirm it truly covers all repos.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


for plugin in $plugins; do
Comment on lines +44 to +46

@qodo-free-for-open-source-projects qodo-free-for-open-source-projects Bot Mar 31, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

4. Core repo not excluded 🐞 Bug ≡ Correctness

The workflow processes every repo whose name starts with ep_ without excluding ep_etherpad-lite,
which existing plugin automation explicitly skips. If ep_etherpad-lite is present in the org, this
workflow could create automated commits/pushes to that repo unintentionally.
Agent Prompt 
### Issue description
The workflow processes every `ep_*` repo and does not skip `ep_etherpad-lite`, unlike existing plugin automation.

### Issue Context
`checkPlugin` with `autopush` can modify files, commit, and push. Existing scripts/docs treat `ep_etherpad-lite` as a special-case repo to skip.

### Fix Focus Areas
- .github/workflows/update-plugins.yml[44-46]

### Suggested fix
Add an explicit exclusion in the filter or in the loop, e.g.:
- In jq: `select(.name | startswith("ep_") and .name != "ep_etherpad-lite")`
- Or in bash: `[[ "$plugin" == "ep_etherpad-lite" ]] && continue`

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

echo "============================================================"
echo "Processing $plugin"
echo "============================================================"

# Clone if not present
if [ ! -d "$plugin" ]; then
git clone "https://github.com/ether/${plugin}.git" "$plugin" || { echo "SKIP: clone failed"; continue; }
fi

# Pull latest
(cd "$plugin" && git pull --ff-only) || { echo "SKIP: pull failed"; continue; }

# Run checkPlugin with autopush
cd etherpad-lite/bin
pnpm run checkPlugin "$plugin" autopush 2>&1 | tail -20 || echo "WARN: checkPlugin failed for $plugin"
Comment on lines +60 to +61

@qodo-free-for-open-source-projects qodo-free-for-open-source-projects Bot Mar 31, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

2. Pipeline hides failures 🐞 Bug ≡ Correctness

The checkPlugin command is piped to tail, so the workflow step uses tail’s exit code and can
report success even when checkPlugin fails for a plugin. This can silently skip updates/pushes
while still printing only the last 20 lines of output.
Agent Prompt 
### Issue description
The workflow pipes `pnpm run checkPlugin ...` into `tail`, which masks `checkPlugin` failures because the pipeline exit code becomes `tail`'s exit code.

### Issue Context
`bin/plugins/checkPlugin.ts` is designed to fail the process on errors (throws/unhandled rejection) and only calls `process.exit(0)` on success. The workflow should therefore propagate the actual command exit status.

### Fix Focus Areas
- .github/workflows/update-plugins.yml[59-62]

### Suggested fix
- Add `set -euo pipefail` at the start of the run block.
- Replace the pipeline with an approach that keeps the original exit code, e.g.:
  - Capture output and status:
    - `out=$(pnpm run checkPlugin "$plugin" autopush 2>&1); status=$?; echo "$out" | tail -20; [ $status -eq 0 ] || { echo "WARN: ..."; continue; }`
  - Or use `tee` plus `PIPESTATUS[0]` under bash with `pipefail`.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

cd ../..
done
Comment on lines +10 to +63

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
Loading