Skip to content

Fix Rerun Unstable Failures workflow: bind job to Official-Build environment#7857

Merged
aholstrup1 merged 1 commit intomainfrom
copilot/investigate-unstable-failures
Apr 27, 2026
Merged

Fix Rerun Unstable Failures workflow: bind job to Official-Build environment#7857
aholstrup1 merged 1 commit intomainfrom
copilot/investigate-unstable-failures

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 27, 2026
edited by github-actions Bot
Loading

The new Rerun Unstable Failures workflow (failed run) errored with [@octokit/auth-app] privateKey option is required, then Failed to fetch run because GH_TOKEN was empty.

secrets.PRIVATE_KEY is scoped to the Official-Build environment in this repo — every other workflow consuming it (SubmitStabilityJobs, UpdateBCArtifactVersion, UpdateALGoProjects, UpdatePackageVersions, UpdateGitHubGoSystemFiles) declares that environment on the job. This one did not, so the secret expanded to empty, the app-token action failed, and the secrets.RERUNPAT fallback was empty too.

Changes to .github/workflows/RerunUnstableFailures.yaml

  • Add environment: Official-Build to the RerunUnstableFailures job so secrets.PRIVATE_KEY resolves.
  • Drop the now-redundant if: vars.APP_ID != '', continue-on-error: true, and || secrets.RERUNPAT fallback so the wiring matches the other Official-Build workflows.
  RerunUnstableFailures:
    if: github.repository_owner == 'microsoft' && github.event.workflow_run.conclusion == 'failure'
    runs-on: ubuntu-slim
    environment: Official-Build
    ...
      - name: Create GitHub App Token
        id: app-token
        uses: actions/create-github-app-token@... # v3.1.1
        with:
          app-id: ${{ vars.APP_ID }}
          private-key: ${{ secrets.PRIVATE_KEY }}

      - name: Rerun unstable failures
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}

Fixes AB#632025

@github-actions github-actions Bot added the Build: Automation Workflows and other setup in .github folder label Apr 27, 2026
@aholstrup1 aholstrup1 marked this pull request as ready for review April 27, 2026 11:07
@aholstrup1 aholstrup1 requested a review from a team as a code owner April 27, 2026 11:07
Copilot AI review requested due to automatic review settings April 27, 2026 11:07
@aholstrup1 aholstrup1 enabled auto-merge (squash) April 27, 2026 11:07
@github-actions github-actions Bot added this to the Version 29.0 milestone Apr 27, 2026
Copilot AI reviewed Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes the Rerun Unstable Failures GitHub Actions workflow by ensuring it runs in the Official-Build environment so the GitHub App credentials resolve correctly and the workflow can mint a usable GH_TOKEN for rerun operations.

Changes:

  • Bind the RerunUnstableFailures job to environment: Official-Build so secrets.PRIVATE_KEY is available.
  • Remove the now-redundant guard/soft-failure behavior around GitHub App token creation.
  • Remove the PAT fallback and rely exclusively on the GitHub App token output.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@aholstrup1 aholstrup1 disabled auto-merge April 27, 2026 11:18
@aholstrup1 aholstrup1 merged commit 73aba25 into main Apr 27, 2026
19 of 20 checks passed
@aholstrup1 aholstrup1 deleted the copilot/investigate-unstable-failures branch April 27, 2026 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aholstrup1 aholstrup1 aholstrup1 approved these changes

+1 more reviewer

@mazhelez mazhelez mazhelez approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mazhelez mazhelez

Copilot code review Copilot

Labels

Build: Automation Workflows and other setup in .github folder

Projects

None yet

Milestone

Version 29.0

Development

Successfully merging this pull request may close these issues.

4 participants

@mazhelez @aholstrup1