-
由 Will Chen 提交于
## Summary - Labels added by `GITHUB_TOKEN` don't trigger `pull_request_target` events (GitHub limitation to prevent loops) - `label-rebase-prs.yml` was adding `cc:rebase` via the default token, so `claude-rebase.yml` never fired - Switch to `GITHUB_PR_RW_TOKEN` (fine-grained PAT with PR read/write) so label events trigger the rebase workflow - Added `environment: ai-bots` to access the secret - Documented the `GITHUB_TOKEN` workflow chaining gotcha in `rules/git-workflow.md` ## Test plan - Add `GITHUB_PR_RW_TOKEN` as a fine-grained PAT secret in the `ai-bots` environment (needs `Pull requests: Read and write` permission on `dyad-sh/dyad`) - Push to `main` while a conflicting PR exists from an allowed author — verify `cc:rebase` label is added AND `claude-rebase.yml` triggers #skip-bugbot
🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- devin-review-badge-begin --> --- <a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2596" target="_blank"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1"> <img src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1" alt="Open with Devin"> </picture> </a> <!-- devin-review-badge-end --> <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Switch label-rebase-prs to use a fine-grained PAT (PR_RW_GITHUB_TOKEN) so adding cc:rebase triggers the claude-rebase pull_request_target workflow. Document the GITHUB_TOKEN workflow-chaining limitation and load the token from the ai-bots environment. - **Migration** - Add PR_RW_GITHUB_TOKEN as an environment secret in ai-bots (fine-grained PAT with Pull requests: Read and write on dyad-sh/dyad). <sup>Written for commit 2ff7d85a011aa53cff631f6490795ca4148f9f1c. Summary will update on new commits.</sup> <!-- End of auto-generated description by cubic. --> Co-authored-by:Claude Opus 4.6 <noreply@anthropic.com>
