ci(github): add draft PR lifecycle workflows#3794
Merged
tico24 merged 1 commit intoargoproj:mainfrom Apr 25, 2026
Merged
Conversation
jmeridth
force-pushed
the
jm_add_mark_ready_when_ready_action
branch
from
430e20b to
70a4f13
Compare
jmeridth
changed the title
jmeridth
force-pushed
the
jm_add_mark_ready_when_ready_action
branch
from
6764a12 to
0c30e00
Compare
## What
Add two GitHub Actions workflows to enforce a draft-first PR lifecycle. All newly opened PRs are automatically converted to draft and labeled with `Mark Ready When Ready`. Once all checks pass, the label triggers automatic promotion to ready for review.
## Why
Reduces manual toil for contributors -- no need to remember to open as draft or manually mark ready after CI passes. The automation handles the full lifecycle by default.
## Notes
- Both workflows use `pull_request_target` instead of `pull_request` so the `GITHUB_TOKEN` retains write permissions for PRs from forks. GitHub caps fork PR tokens at read-only on `pull_request` events regardless of the `permissions` block.
- `pull_request_target` is safe here because neither workflow checks out or executes code from the PR branch -- they only invoke pinned-SHA actions.
- `default-pr-to-draft.yaml` triggers only on `opened` to avoid fighting with `mark-ready-when-ready.yaml` when a PR is promoted -- no re-draft loop possible.
- `mark-ready-when-ready.yaml` renamed from `.yml` and updated to comply with GHA standards: `permissions: {}` at workflow level, job-level permissions with comments, corrected concurrency group key.
- `contents: write` on the mark-ready job is retained -- required internally by the `kenyonj/mark-ready-when-ready` action.
- The `Mark Ready When Ready` label must exist in the repo (already created).
Signed-off-by: jmeridth <[email protected]>
jmeridth
force-pushed
the
jm_add_mark_ready_when_ready_action
branch
from
0c30e00 to
aa61554
Compare
tico24
approved these changes
Apr 25, 2026
1 task
mitchell-thompson-CS
pushed a commit
to toast-dog/kubernetes-terraform
that referenced
this pull request
May 3, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [argo-cd](https://github.com/argoproj/argo-helm) | patch | `9.5.4` → `9.5.9` | --- ### Release Notes <details> <summary>argoproj/argo-helm (argo-cd)</summary> ### [`v9.5.9`](https://github.com/argoproj/argo-helm/releases/tag/argo-cd-9.5.9) [Compare Source](argoproj/argo-helm@argo-cd-9.5.8...argo-cd-9.5.9) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. #### What's Changed - fix(argo-cd): fixed service port issue with applicationset webhook httproute by [@​dromadaire54](https://github.com/dromadaire54) in [#​3862](argoproj/argo-helm#3862) **Full Changelog**: <argoproj/argo-helm@argo-cd-9.5.8...argo-cd-9.5.9> ### [`v9.5.8`](https://github.com/argoproj/argo-helm/releases/tag/argo-cd-9.5.8) [Compare Source](argoproj/argo-helm@argo-cd-9.5.7...argo-cd-9.5.8) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. #### What's Changed - chore(deps): update renovatebot/github-action action to v46.1.12 by [@​argoproj-renovate](https://github.com/argoproj-renovate)\[bot] in [#​3861](argoproj/argo-helm#3861) - fix(argo-cd): support empty matches in GRPCRoute and HTTPRoute rules by [@​yurrriq](https://github.com/yurrriq) in [#​3604](argoproj/argo-helm#3604) **Full Changelog**: <argoproj/argo-helm@argo-cd-9.5.7...argo-cd-9.5.8> ### [`v9.5.7`](https://github.com/argoproj/argo-helm/releases/tag/argo-cd-9.5.7) [Compare Source](argoproj/argo-helm@argo-cd-9.5.6...argo-cd-9.5.7) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. #### What's Changed - feat(argo-cd): Make PrometheusRule API version field overridable like it is in ServiceMonitor manifests. by [@​rurod](https://github.com/rurod) in [#​3857](argoproj/argo-helm#3857) #### New Contributors - [@​rurod](https://github.com/rurod) made their first contribution in [#​3857](argoproj/argo-helm#3857) **Full Changelog**: <argoproj/argo-helm@argo-cd-9.5.6...argo-cd-9.5.7> ### [`v9.5.6`](https://github.com/argoproj/argo-helm/releases/tag/argo-cd-9.5.6) [Compare Source](argoproj/argo-helm@argo-cd-9.5.5...argo-cd-9.5.6) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. #### What's Changed - feat(argo-cd): adding httproute support to applicationset webhook by [@​dromadaire54](https://github.com/dromadaire54) in [#​3859](argoproj/argo-helm#3859) #### New Contributors - [@​dromadaire54](https://github.com/dromadaire54) made their first contribution in [#​3859](argoproj/argo-helm#3859) **Full Changelog**: <argoproj/argo-helm@argo-cd-9.5.5...argo-cd-9.5.6> ### [`v9.5.5`](https://github.com/argoproj/argo-helm/releases/tag/argo-cd-9.5.5) [Compare Source](argoproj/argo-helm@argo-cd-9.5.4...argo-cd-9.5.5) A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. #### What's Changed - ci(github): add draft PR lifecycle workflows by [@​jmeridth](https://github.com/jmeridth) in [#​3794](argoproj/argo-helm#3794) - fix(github): skip draft lifecycle workflows for bot-authored PRs by [@​jmeridth](https://github.com/jmeridth) in [#​3851](argoproj/argo-helm#3851) - fix(github): correct renovate bot actor name in draft lifecycle workflows by [@​jmeridth](https://github.com/jmeridth) in [#​3855](argoproj/argo-helm#3855) - chore(deps): update renovatebot/github-action action to v46.1.11 by [@​argoproj-renovate](https://github.com/argoproj-renovate)\[bot] in [#​3854](argoproj/argo-helm#3854) - fix(argo-cd): fix ArgoAppNotSynced PrometheusRule annotation template syntax by [@​vrivellino](https://github.com/vrivellino) in [#​3853](argoproj/argo-helm#3853) #### New Contributors - [@​vrivellino](https://github.com/vrivellino) made their first contribution in [#​3853](argoproj/argo-helm#3853) **Full Changelog**: <argoproj/argo-helm@argo-workflows-1.0.13...argo-cd-9.5.5> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4zNS4xIiwidXBkYXRlZEluVmVyIjoiNDMuMzUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUiXX0=--> Reviewed-on: https://git.thompson-manor.org/toast-dog/kubernetes-terraform/pulls/15 Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Add two GitHub Actions workflows to enforce a draft-first PR lifecycle. All newly opened PRs are automatically converted to draft and labeled with
Mark Ready When Ready. Once all checks pass, the label triggers automatic promotion to ready for review.Why
Reduces manual toil for contributors -- no need to remember to open as draft or manually mark ready after CI passes. The automation handles the full lifecycle by default.
Notes
pull_request_targetinstead ofpull_requestso theGITHUB_TOKENretains write permissions for PRs from forks. GitHub caps fork PR tokens at read-only onpull_requestevents regardless of thepermissionsblock.pull_request_targetis safe here because neither workflow checks out or executes code from the PR branch -- they only invoke pinned-SHA actions.default-pr-to-draft.yamltriggers only onopenedto avoid fighting withmark-ready-when-ready.yamlwhen a PR is promoted -- no re-draft loop possible.mark-ready-when-ready.yamlrenamed from.ymland updated to comply with GHA standards:permissions: {}at workflow level, job-level permissions with comments, corrected concurrency group key.contents: writeon the mark-ready job is retained -- required internally by thekenyonj/mark-ready-when-readyaction.Mark Ready When Readylabel must exist in the repo (already created).