From 24402350d62d4efd56e84d3e1d7594793a2684ca Mon Sep 17 00:00:00 2001 From: Nelson PROIA Date: Wed, 22 Apr 2026 16:10:16 +0200 Subject: [PATCH 1/3] chore(ci): use CLIENT_PIPELINE PAT for generated PRs The default GITHUB_TOKEN does not trigger downstream workflows (loop prevention), so generated PRs currently land without CI runs. Switching to the CLIENT_PIPELINE PAT restores CI on those PRs. --- .github/workflows/sdk_generation_mistralai_azure_sdk.yaml | 4 ++-- .github/workflows/sdk_generation_mistralai_gcp_sdk.yaml | 4 ++-- .github/workflows/sdk_generation_mistralai_sdk.yaml | 4 ++-- .github/workflows/sdk_publish_mistralai_sdk.yaml | 2 +- .github/workflows/update_speakeasy.yaml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/sdk_generation_mistralai_azure_sdk.yaml b/.github/workflows/sdk_generation_mistralai_azure_sdk.yaml index f56e1d89..26f344a3 100644 --- a/.github/workflows/sdk_generation_mistralai_azure_sdk.yaml +++ b/.github/workflows/sdk_generation_mistralai_azure_sdk.yaml @@ -45,7 +45,7 @@ jobs: speakeasy_version: ${{ needs.resolve-speakeasy-version.outputs.version }} target: mistralai-azure-sdk secrets: - github_access_token: ${{ secrets.GITHUB_TOKEN }} + github_access_token: ${{ secrets.CLIENT_PIPELINE }} pypi_token: ${{ secrets.PYPI_TOKEN }} speakeasy_api_key: ${{ secrets.SPEAKEASY_API_KEY }} @@ -56,7 +56,7 @@ jobs: - name: Find PR branch id: find-pr env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.CLIENT_PIPELINE }} run: | PR_BRANCH=$(gh pr list --repo ${{ github.repository }} --author "app/github-actions" \ --json headRefName,updatedAt --jq 'sort_by(.updatedAt) | reverse | .[0].headRefName // empty') diff --git a/.github/workflows/sdk_generation_mistralai_gcp_sdk.yaml b/.github/workflows/sdk_generation_mistralai_gcp_sdk.yaml index 2bf4e3dd..6225b79e 100644 --- a/.github/workflows/sdk_generation_mistralai_gcp_sdk.yaml +++ b/.github/workflows/sdk_generation_mistralai_gcp_sdk.yaml @@ -45,7 +45,7 @@ jobs: speakeasy_version: ${{ needs.resolve-speakeasy-version.outputs.version }} target: mistralai-gcp-sdk secrets: - github_access_token: ${{ secrets.GITHUB_TOKEN }} + github_access_token: ${{ secrets.CLIENT_PIPELINE }} pypi_token: ${{ secrets.PYPI_TOKEN }} speakeasy_api_key: ${{ secrets.SPEAKEASY_API_KEY }} @@ -56,7 +56,7 @@ jobs: - name: Find PR branch id: find-pr env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.CLIENT_PIPELINE }} run: | PR_BRANCH=$(gh pr list --repo ${{ github.repository }} --author "app/github-actions" \ --json headRefName,updatedAt --jq 'sort_by(.updatedAt) | reverse | .[0].headRefName // empty') diff --git a/.github/workflows/sdk_generation_mistralai_sdk.yaml b/.github/workflows/sdk_generation_mistralai_sdk.yaml index 3f7f5f6c..8e77ee4e 100644 --- a/.github/workflows/sdk_generation_mistralai_sdk.yaml +++ b/.github/workflows/sdk_generation_mistralai_sdk.yaml @@ -45,7 +45,7 @@ jobs: speakeasy_version: ${{ needs.resolve-speakeasy-version.outputs.version }} target: mistralai-sdk secrets: - github_access_token: ${{ secrets.GITHUB_TOKEN }} + github_access_token: ${{ secrets.CLIENT_PIPELINE }} pypi_token: ${{ secrets.PYPI_TOKEN }} speakeasy_api_key: ${{ secrets.SPEAKEASY_API_KEY }} @@ -56,7 +56,7 @@ jobs: - name: Find PR branch id: find-pr env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.CLIENT_PIPELINE }} run: | PR_BRANCH=$(gh pr list --repo ${{ github.repository }} --author "app/github-actions" \ --json headRefName,updatedAt --jq 'sort_by(.updatedAt) | reverse | .[0].headRefName // empty') diff --git a/.github/workflows/sdk_publish_mistralai_sdk.yaml b/.github/workflows/sdk_publish_mistralai_sdk.yaml index c3fdd9e0..3fa424df 100644 --- a/.github/workflows/sdk_publish_mistralai_sdk.yaml +++ b/.github/workflows/sdk_publish_mistralai_sdk.yaml @@ -25,6 +25,6 @@ jobs: (github.event_name == 'workflow_dispatch' && github.event.inputs.confirm_publish == 'publish') uses: speakeasy-api/sdk-generation-action/.github/workflows/sdk-publish.yaml@7951d9dce457425b900b2dd317253499d98c2587 # v15 secrets: - github_access_token: ${{ secrets.GITHUB_TOKEN }} + github_access_token: ${{ secrets.CLIENT_PIPELINE }} pypi_token: ${{ secrets.PYPI_TOKEN }} speakeasy_api_key: ${{ secrets.SPEAKEASY_API_KEY }} diff --git a/.github/workflows/update_speakeasy.yaml b/.github/workflows/update_speakeasy.yaml index 78b5317b..8d9b2743 100644 --- a/.github/workflows/update_speakeasy.yaml +++ b/.github/workflows/update_speakeasy.yaml @@ -102,7 +102,7 @@ jobs: --label speakeasy-update \ --assignee ${{ github.actor }} env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.CLIENT_PIPELINE }} - name: Comment on workflow run if: steps.check-changes.outputs.has_changes == 'false' From 30bcf9983d7106829a23ee82a49d55a687132b67 Mon Sep 17 00:00:00 2001 From: Nelson PROIA Date: Wed, 29 Apr 2026 19:32:03 +0200 Subject: [PATCH 2/3] ci: use CLIENT_PIPELINE for align-version checkout to trigger downstream CI The align-version job pushes a follow-up commit to the bot's PR branch. Without a PAT, actions/checkout uses the default GITHUB_TOKEN, and subsequent pushes don't trigger pull_request: synchronize events, leaving the PR HEAD without lint/test/run_examples checks visible. Pass CLIENT_PIPELINE to actions/checkout so the push uses the PAT and the downstream CI workflows fire on the new HEAD commit. --- .github/workflows/sdk_generation_mistralai_azure_sdk.yaml | 1 + .github/workflows/sdk_generation_mistralai_gcp_sdk.yaml | 1 + .github/workflows/sdk_generation_mistralai_sdk.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/sdk_generation_mistralai_azure_sdk.yaml b/.github/workflows/sdk_generation_mistralai_azure_sdk.yaml index 26f344a3..d5b59b96 100644 --- a/.github/workflows/sdk_generation_mistralai_azure_sdk.yaml +++ b/.github/workflows/sdk_generation_mistralai_azure_sdk.yaml @@ -67,6 +67,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ steps.find-pr.outputs.branch }} + token: ${{ secrets.CLIENT_PIPELINE }} - name: Install uv if: steps.find-pr.outputs.branch != '' diff --git a/.github/workflows/sdk_generation_mistralai_gcp_sdk.yaml b/.github/workflows/sdk_generation_mistralai_gcp_sdk.yaml index 6225b79e..f2e33f06 100644 --- a/.github/workflows/sdk_generation_mistralai_gcp_sdk.yaml +++ b/.github/workflows/sdk_generation_mistralai_gcp_sdk.yaml @@ -67,6 +67,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ steps.find-pr.outputs.branch }} + token: ${{ secrets.CLIENT_PIPELINE }} - name: Install uv if: steps.find-pr.outputs.branch != '' diff --git a/.github/workflows/sdk_generation_mistralai_sdk.yaml b/.github/workflows/sdk_generation_mistralai_sdk.yaml index 8e77ee4e..d9106b95 100644 --- a/.github/workflows/sdk_generation_mistralai_sdk.yaml +++ b/.github/workflows/sdk_generation_mistralai_sdk.yaml @@ -67,6 +67,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ steps.find-pr.outputs.branch }} + token: ${{ secrets.CLIENT_PIPELINE }} - name: Install uv if: steps.find-pr.outputs.branch != '' From dd0bda58291a64ea5eaf8bfde2706eefcbcea1a6 Mon Sep 17 00:00:00 2001 From: Nelson PROIA Date: Thu, 30 Apr 2026 09:03:45 +0200 Subject: [PATCH 3/3] ci: pass CLIENT_PIPELINE PAT to update_speakeasy checkout So the git push uses the PAT and any subsequent push to the PR branch triggers pull_request: synchronize. Same fix pattern as the align-version step. --- .github/workflows/update_speakeasy.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/update_speakeasy.yaml b/.github/workflows/update_speakeasy.yaml index 8d9b2743..f0179686 100644 --- a/.github/workflows/update_speakeasy.yaml +++ b/.github/workflows/update_speakeasy.yaml @@ -27,6 +27,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + token: ${{ secrets.CLIENT_PIPELINE }} - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0