From 9e4ba2df799257237b1ee4a019f0abbb951e3b06 Mon Sep 17 00:00:00 2001
From: Shane Neuville <shneuvil@microsoft.com>
Date: Thu, 23 Apr 2026 13:53:40 -0500
Subject: [PATCH] fix: auto-fix-on-failure never triggers for workflow_dispatch
 runs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two bugs prevented the auto-fix feedback loop from ever triggering:

1. branches-ignore: main — workflow_dispatch integration tests always
   run on main (the ref input only controls checkout, not head_branch).
   Removed the filter entirely; the PR-lookup step already handles
   non-PR runs by exiting early.

2. PR lookup by head_branch — for workflow_dispatch runs, head_branch
   is 'main', not the PR branch. Now reads pr_number from the failed
   run's inputs via the API first, falls back to branch-based lookup.

Also fixed permissions: pull-requests: read → write (needed for
gh pr comment).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/workflows/auto-fix-on-failure.yml | 29 +++++++++++++++--------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/auto-fix-on-failure.yml b/.github/workflows/auto-fix-on-failure.yml
index fa1430b5d..cea313d06 100644
--- a/.github/workflows/auto-fix-on-failure.yml
+++ b/.github/workflows/auto-fix-on-failure.yml
@@ -10,8 +10,6 @@ on:
       - "Verify Build (Cross-Platform)"
       - "PolyPilot Integration Test"
     types: [completed]
-    branches-ignore:
-      - main
 
 env:
   GH_TOKEN: ${{ github.token }}
@@ -23,7 +21,7 @@ jobs:
     if: github.event.workflow_run.conclusion == 'failure'
     permissions:
       actions: write
-      pull-requests: read
+      pull-requests: write
 
     steps:
       - name: Find associated PR
@@ -36,21 +34,32 @@ jobs:
           echo "Failed workflow: $FAILED_WORKFLOW"
           echo "Failed run: $FAILED_RUN"
 
-          # Find open PR for this branch
-          PR_NUMBER=$(gh pr list --repo ${{ github.repository }} \
-            --head "$BRANCH" --state open \
-            --json number --jq '.[0].number // empty')
+          # workflow_dispatch runs execute on main but carry the PR number
+          # in their inputs. Try reading it from the API first.
+          PR_NUMBER=$(gh api "repos/${{ github.repository }}/actions/runs/$FAILED_RUN" \
+            --jq '.inputs.pr_number // empty' 2>/dev/null || true)
 
+          # Fall back to branch-based lookup for push/PR-triggered runs
           if [ -z "$PR_NUMBER" ]; then
-            echo "No open PR found for branch $BRANCH — skipping"
+            PR_NUMBER=$(gh pr list --repo ${{ github.repository }} \
+              --head "$BRANCH" --state open \
+              --json number --jq '.[0].number // empty')
+          fi
+
+          if [ -z "$PR_NUMBER" ]; then
+            echo "No associated PR found — skipping"
             echo "has_pr=false" >> $GITHUB_OUTPUT
             exit 0
           fi
 
-          echo "Found PR #$PR_NUMBER"
+          # Resolve the PR's head branch for the comment
+          PR_BRANCH=$(gh pr view "$PR_NUMBER" --repo ${{ github.repository }} \
+            --json headRefName --jq '.headRefName' 2>/dev/null || echo "$BRANCH")
+
+          echo "Found PR #$PR_NUMBER (branch: $PR_BRANCH)"
           echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT
           echo "has_pr=true" >> $GITHUB_OUTPUT
-          echo "branch=$BRANCH" >> $GITHUB_OUTPUT
+          echo "branch=$PR_BRANCH" >> $GITHUB_OUTPUT
           echo "failed_workflow=$FAILED_WORKFLOW" >> $GITHUB_OUTPUT
           echo "failed_run=$FAILED_RUN" >> $GITHUB_OUTPUT