feat: use PAT token to retrigger workflow after formatter commits

Artur- · claude · Artur- · commit 347f2084a312 · 2025-10-08T09:44:47.000+03:00
- Require VAADIN_BOT_TOKEN secret for formatter workflow - Use PAT instead of GITHUB_TOKEN to push commits (enables workflow triggers) - Fail build if token is not configured - Stop workflow after formatter commits (new workflow will be triggered) - On second run, formatter detects bot commit and skips, validation proceeds - Revert new_sha passing logic (not needed with PAT approach) To set up: 1. Create GitHub PAT with repo and workflow permissions 2. Add as repository secret named VAADIN_BOT_TOKEN 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml
@@ -29,15 +29,21 @@ jobs:
     timeout-minutes: 120
     outputs:
       changes_committed: ${{ steps.commit-changes.outputs.changes_committed }}
-      new_sha: ${{ steps.commit-changes.outputs.new_sha }}
 
     steps:
+      - name: Check for required token
+        run: |
+          if [ -z "${{ secrets.VAADIN_BOT_TOKEN }}" ]; then
+            echo "::error::VAADIN_BOT_TOKEN secret is required for formatter to trigger workflows after committing changes"
+            exit 1
+          fi
+
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.VAADIN_BOT_TOKEN }}
           fetch-depth: 2
 
       - name: Check if last commit was from formatter bot
@@ -93,14 +99,10 @@ jobs:
           git add -u
           git commit -m "chore: apply code formatting with spotless"
 
-          # Get the new commit SHA
-          NEW_SHA=$(git rev-parse HEAD)
-          echo "new_sha=$NEW_SHA" >> $GITHUB_OUTPUT
-
           git push
 
           echo "changes_committed=true" >> $GITHUB_OUTPUT
-          echo "✅ Formatting changes committed and pushed. Continuing with validation on formatted code." >> $GITHUB_STEP_SUMMARY
+          echo "✅ Formatting changes committed and pushed. Workflow will retrigger automatically." >> $GITHUB_STEP_SUMMARY
 
       - name: Generate diff for artifact
         if: steps.formatter.outputs.modified != '0'
@@ -156,9 +158,15 @@ jobs:
               comment_id: ${{ steps.find-comment.outputs.comment-id }}
             })
 
+      - name: Stop workflow if changes were committed
+        if: steps.commit-changes.outputs.changes_committed == 'true'
+        run: |
+          echo "::notice::Formatting changes committed. Stopping this workflow run. A new workflow will be triggered automatically."
+          exit 1
+
   build:
     needs: [check-permissions, formatter]
-    if: always() && needs.check-permissions.result == 'success' && (needs.formatter.result == 'success' || needs.formatter.result == 'skipped')
+    if: always() && needs.check-permissions.result == 'success' && needs.formatter.result == 'success'
     timeout-minutes: 30
     runs-on: ubuntu-24.04
     outputs:
@@ -173,7 +181,7 @@ jobs:
             | tee -a $GITHUB_STEP_SUMMARY && exit 1 || exit 0
       - uses: actions/checkout@v4
         with:
-          ref: ${{ needs.formatter.outputs.new_sha || env.HEAD_SHA }}
+          ref: ${{env.HEAD_SHA}}
       - uses: actions/setup-node@v4
         with:
           node-version: '24.9.0'
@@ -212,7 +220,7 @@ jobs:
           name: saved-workspace
           path: workspace.tar
   unit-tests:
-    needs: [build, formatter]
+    needs: build
     timeout-minutes: 30
     strategy:
       fail-fast: false
@@ -221,7 +229,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          ref: ${{ needs.formatter.outputs.new_sha || env.HEAD_SHA }}
+          ref: ${{env.HEAD_SHA}}
       - name: Set up JDK 21
         uses: actions/setup-java@v4
         with:
@@ -278,7 +286,7 @@ jobs:
           name: tests-output-unit-${{ matrix.current }}
           path: tests-report-*.tgz
   it-tests:
-    needs: [build, formatter]
+    needs: build
     timeout-minutes: 30
     strategy:
       fail-fast: false
@@ -287,7 +295,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          ref: ${{ needs.formatter.outputs.new_sha || env.HEAD_SHA }}
+          ref: ${{env.HEAD_SHA}}
       - uses: actions/setup-node@v4
         with:
           node-version: '24.9.0'
@@ -367,7 +375,7 @@ jobs:
       checks: write
       pull-requests: write
     if: ${{ failure() || success() }}
-    needs: [unit-tests, it-tests, formatter]
+    needs: [unit-tests, it-tests]
     runs-on: ubuntu-24.04
     steps:
       - name: Merge Artifacts
@@ -377,7 +385,7 @@ jobs:
           pattern: tests-output-*
       - uses: actions/checkout@v4
         with:
-          ref: ${{ needs.formatter.outputs.new_sha || env.HEAD_SHA }}
+          ref: ${{env.HEAD_SHA}}
       - uses: actions/download-artifact@v4
         with:
           name: tests-output
