Skip to content

fix(ci): remove WASM auto-commit step — blocked by branch protection#424

Merged
ajitpratap0 merged 1 commit intomainfrom
fix/wasm-ci-push-protection
Mar 22, 2026
Merged

fix(ci): remove WASM auto-commit step — blocked by branch protection#424
ajitpratap0 merged 1 commit intomainfrom
fix/wasm-ci-push-protection

Conversation

@ajitpratap0
Copy link
Owner

@ajitpratap0 ajitpratap0 commented Mar 22, 2026

Problem

PR #423 introduced an auto-commit step in website.yml that rebuilds and pushes gosqlx.wasm back to main when the source changes. This step fails immediately with:

remote: error: GH013: Repository rule violations found for refs/heads/main.
error: failed to push some refs to 'https://github.com/ajitpratap0/GoSQLX'

Branch protection requires all changes to main go through PRs — even from CI bots. The push is blocked, which aborts the entire deploy pipeline before Vercel runs, meaning the playground is still broken.

Fix

When wasm/ source changes in future

Rebuild manually: cd wasm && make build && cp playground/gosqlx.wasm ../website/public/wasm/ && git add website/public/wasm/gosqlx.wasm && git commit -m "chore(wasm): rebuild" — then open a PR as normal.

Test plan

  • website.yml deploy completes successfully
  • https://gosqlx.dev/wasm/gosqlx.wasm returns HTTP 200
  • Playground parses SQL without errors

🤖 Generated with Claude Code

@claude
fix(ci): remove auto-commit WASM step — blocked by branch protection …
30da0cf 
…on main

The wasm auto-commit step from PR #423 fails with GH013 (branch protection
rules prevent direct pushes to main, even from CI). This aborts the entire
deploy pipeline before Vercel runs.

The WASM is now committed in git (PR #423), so the auto-commit step is
redundant for normal deploys. When wasm/ source changes, rebuild and commit
manually. Revert permissions back to contents: read.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@vercel
Copy link

vercel bot commented Mar 22, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
gosqlx-website Ready Ready Preview, Comment Mar 22, 2026 5:37am

@github-actions github-actions bot added the ci-cd label Mar 22, 2026
@github-actions
Copy link

github-actions bot commented Mar 22, 2026
edited
Loading

Claude finished @ajitpratap0's task —— View job

Code Review for WASM CI Fix

Todo List

  • Read and analyze the workflow file changes
  • Review the problem context and solution approach
  • Evaluate code quality and CI/CD best practices
  • Check for security implications
  • Assess potential bugs or edge cases
  • Provide comprehensive feedback

Analysis

Changes Made:

Problem Context:
The auto-commit step was failing with GH013: Repository rule violations because branch protection rules prevent direct pushes to main, even from CI bots. This was blocking the entire deployment pipeline.

Code Review Feedback

Excellent Solution & Code Quality

  1. Problem Diagnosis: Correctly identified that branch protection rules block even CI bot pushes to main
  2. Clean Fix: The solution properly removes the problematic auto-commit while preserving functionality
  3. Minimal Changes: Only removes what's necessary (-13 lines, +1 line)
  4. Clear Documentation: PR description provides excellent context and future workflow instructions

Security - Improved

  1. Principle of Least Privilege: Correctly reverts from contents: write back to contents: read
  2. Removes Automated Pushes: Eliminates potential attack vector of automated commits bypassing review
  3. Forces PR Review: WASM updates now require manual PR process, ensuring human oversight

CI/CD Best Practices

  1. Fail-Fast Removal: Eliminates step that was causing pipeline failures
  2. Preserves Build: Still builds WASM for deployment without unnecessary commits
  3. Environment Consistency: Same WASM will be used across all environments since it's version-controlled

No Performance Issues

  1. Reduces Build Time: Removes git operations from CI pipeline
  2. Network Efficiency: No unnecessary pushes during deployment
  3. Idempotent Builds: WASM rebuild in CI is now purely for deployment consistency

📝 Minor Considerations

  1. Documentation Update: Consider updating any docs that reference the old auto-commit behavior
  2. Future WASM Changes: The manual rebuild process is well-documented in the PR description
  3. No Test Coverage Impact: This is purely CI configuration - no application logic tests affected

🎯 Edge Cases Addressed

  1. WASM Staleness: Since WASM is committed in git, deployments will always use the version that matches the triggering commit
  2. Build Consistency: The build step ensures fresh WASM for Vercel deployment without modifying git state
  3. Rollback Safety: If WASM issues arise, they can be fixed via normal PR process

Recommendation: ✅ APPROVE

This is a clean, well-reasoned fix that:

  • Solves the immediate CI failure
  • Improves security posture
  • Maintains deployment functionality
  • Follows proper CI/CD practices
  • Includes clear documentation for future maintenance

The approach of committing WASM files to git (from PR #423) combined with removing auto-commit (this PR) is the correct architectural decision for a repository with branch protection.

Job Run

@ajitpratap0 ajitpratap0 merged commit c40ea17 into main Mar 22, 2026
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ci-cd

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ajitpratap0