Resolve PR merge conflicts by syncing fork's dev branch with upstream#1
Conversation
Claude
AI
force-pushed
the
claude/update-branch-to-latest-upstream
branch
from
5183c01 to
fd4a76f
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Configure Git | ||
| run: | | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
|
|
||
| - name: Add upstream remote | ||
| run: | | ||
| git remote add upstream https://github.com/anomalyco/models.dev || true | ||
| git fetch upstream | ||
|
|
||
| - name: Sync dev branch | ||
| run: | | ||
| git checkout dev || git checkout -b dev | ||
| git reset --hard upstream/dev | ||
| git push --force origin dev | ||
|
|
||
| - name: Sync other branches if needed | ||
| run: | | ||
| # Add additional branch syncing here if needed | ||
| echo "Main dev branch synced successfully" |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 days ago
In general, this problem is fixed by adding an explicit permissions block either at the workflow root (applies to all jobs) or at the individual job level, granting only the minimum scopes required. This ensures the GITHUB_TOKEN does not inherit broader default permissions from the repository or organization.
For this specific workflow, the sync job needs to push branches back to the repository (git push --force origin dev), which requires contents: write. It does not interact with issues, pull requests, or other resources, so we can keep those permissions at their default of none by omitting them. The simplest, least-privilege change is therefore to add a job-level permissions block under jobs: sync: with contents: write.
Concretely:
- Edit
.github/workflows/sync-upstream.yml. - Under
jobs:, inside thesyncjob (right beneathruns-on: ubuntu-latestor above it), add:
permissions:
contents: writeNo additional imports or external dependencies are required; this is purely a YAML configuration change in the workflow file.
| @@ -13,6 +13,8 @@ | ||
| jobs: | ||
| sync: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 |
Claude
AI
changed the title
Claude
AI
changed the title
Co-authored-by: brunusansi <173689862+brunusansi@users.noreply.github.com>
Co-authored-by: brunusansi <173689862+brunusansi@users.noreply.github.com>
Claude
AI
force-pushed
the
claude/update-branch-to-latest-upstream
branch
from
49dcebb to
febb593
Compare
Claude
AI
changed the title
Claude
AI
changed the title
2 participants
PR #1 was in a dirty/conflicted state because the fork's
devbranch was 2,202 commits behindanomalyco/models.dev, causing GitHub to report conflicts when attempting to merge.Changes
devbranch to matchupstream/dev(829756f) and force-pushed to originThe PR is now in a clean mergeable state with correct file change stats (5 files, 155 additions).