Summary
When create-pull-request is configured with target-repo pointing to a different repository, the compiler-generated checkout step in the safe_outputs job uses the triggering repository's ref instead of the target repository's default branch. This causes the checkout to fail when the workflow is dispatched from a branch that does not exist in the target repo.
Steps to Reproduce
- Create a workflow in Repo A with a
create-pull-request safe output configured with target-repo pointing to a different Repo B
- Add a
checkout: entry for Repo B in the frontmatter (with ref: main)
- Compile the workflow
- Dispatch the workflow from a feature branch (e.g.,
my-feature-branch) in Repo A
Expected Behavior
The safe_outputs job should checkout Repo B at its default branch (e.g., main), since the PR will be created against that repo.
Actual Behavior
The compiler generates this checkout ref expression in the safe_outputs job for the target repo:
ref: ${{ github.base_ref || github.event.pull_request.base.ref || github.ref_name || github.event.repository.default_branch }}For a workflow_dispatch event from a feature branch:
github.base_ref → emptygithub.event.pull_request.base.ref → emptygithub.ref_name → my-feature-branch ← this winsgithub.event.repository.default_branch → never reached
The checkout then tries to fetch my-feature-branch from Repo B, which does not exist, causing a git fetch failure (exit code 1). This fails the entire safe_outputs job.
Root Cause
The ref expression at the checkout step (around the create_pull_request conditional block in the compiled lock file) is designed for same-repo PRs where the triggering branch exists in the target repo. When target-repo is a different repository, the branch is unlikely to exist there.
Suggested Fix
When target-repo is set on create-pull-request, the compiler should hardcode the ref for the safe_outputs checkout to the target repo's default branch, or use a different expression that does not fall through to github.ref_name. For example:
# For cross-repo target, use a fixed ref (e.g., from the checkout config or the target repo's default branch)
ref: main
Or the expression could be adjusted to prefer github.event.repository.default_branch over github.ref_name when target-repo is set.
Workaround
Run the workflow from the default branch (main) so that github.ref_name resolves to main, which exists in both repos.
Environment
- gh-aw compiler version: v0.68.3
- Trigger event:
workflow_dispatch from a non-default branch
Summary
When
create-pull-requestis configured withtarget-repopointing to a different repository, the compiler-generated checkout step in thesafe_outputsjob uses the triggering repository's ref instead of the target repository's default branch. This causes the checkout to fail when the workflow is dispatched from a branch that does not exist in the target repo.Steps to Reproduce
create-pull-requestsafe output configured withtarget-repopointing to a different Repo Bcheckout:entry for Repo B in the frontmatter (withref: main)my-feature-branch) in Repo AExpected Behavior
The
safe_outputsjob should checkout Repo B at its default branch (e.g.,main), since the PR will be created against that repo.Actual Behavior
The compiler generates this checkout ref expression in the
safe_outputsjob for the target repo:For a
workflow_dispatchevent from a feature branch:github.base_ref→ emptygithub.event.pull_request.base.ref→ emptygithub.ref_name→my-feature-branch← this winsgithub.event.repository.default_branch→ never reachedThe checkout then tries to fetch
my-feature-branchfrom Repo B, which does not exist, causing a git fetch failure (exit code 1). This fails the entiresafe_outputsjob.Root Cause
The ref expression at the checkout step (around the
create_pull_requestconditional block in the compiled lock file) is designed for same-repo PRs where the triggering branch exists in the target repo. Whentarget-repois a different repository, the branch is unlikely to exist there.Suggested Fix
When
target-repois set oncreate-pull-request, the compiler should hardcode the ref for the safe_outputs checkout to the target repo's default branch, or use a different expression that does not fall through togithub.ref_name. For example:Or the expression could be adjusted to prefer
github.event.repository.default_branchovergithub.ref_namewhentarget-repois set.Workaround
Run the workflow from the default branch (
main) so thatgithub.ref_nameresolves tomain, which exists in both repos.Environment
workflow_dispatchfrom a non-default branch