Skip to content

apply_samples: preStagePatch creates sample branch in wrong directory for subdirectory cross-repo checkouts (path: github) #40086

Closed
#40087
Closed
apply_samples: preStagePatch creates sample branch in wrong directory for subdirectory cross-repo checkouts (path: github)#40086
#40087
Labels
bugSomething isn't working
@dsyme

Description

@dsyme
dsyme
opened on Jun 18, 2026

Summary

After PR #40080 fixed the git "dubious ownership" error for cross-repo subdirectory checkouts,
apply_samples.cjs now fails with a different error when a sidecars.patch sample targets
a side-repo checked out into a subdirectory (path: github):

[safeoutputs] Failed to pin branch 'gh-aw-sample-copilot-siderepo-subdir-pr': ERR_SYSTEM: fatal: Needed a single revision

The branch exists nowhere in the subdirectory checkout because apply_samples.cjs's
pre-stage-patch step (which creates the branch and applies the patch) runs in the main
workspace (GITHUB_WORKSPACE) rather than in the subdirectory checkout
(GITHUB_WORKSPACE/github). The MCP handler correctly resolves the repo checkout to
/home/runner/work/gh-aw-test/gh-aw-test/github, then tries to pin the branch there,
but finds nothing.

Failing test and run

Relevant log excerpt

[safeoutputs] Found repo checkout at: /home/runner/work/gh-aw-test/gh-aw-test/github
[safeoutputs] Using checkout-manifest default_branch for githubnext/gh-aw-side-repo: main
[debug] Executing git command: git rev-parse --verify refs/heads/gh-aw-sample-copilot-siderepo-subdir-pr^{commit}
[error] Git command failed: git rev-parse --verify refs/heads/gh-aw-sample-copilot-siderepo-subdir-pr^{commit}
[error] Exit status: 128
[error] Stderr: fatal: Needed a single revision
[safeoutputs] Failed to pin branch 'gh-aw-sample-copilot-siderepo-subdir-pr': ERR_SYSTEM: fatal: Needed a single revision

Note: there are no debug git-command logs before the MCP tool call — the branch-creation
(preStagePatch) step either ran in the wrong repo or was skipped entirely.

Workflow config

checkout:
  - repository: githubnext/gh-aw-side-repo
    token: ${{ secrets.TEMP_USER_PAT }}
    path: github            # <-- checked out into ${GITHUB_WORKSPACE}/github
    fetch-depth: 0

safe-outputs:
  create-pull-request:
    target-repo: 'githubnext/gh-aw-side-repo'
    samples:
      - branch: "gh-aw-sample-copilot-siderepo-subdir-pr"
        patch: |
          diff --git a/subdir-notes.md b/subdir-notes.md
          new file mode 100644
          ...

GH_AW_CHECKOUT_PATH_0 is set to "github" in the lockfile env.

Root cause hypothesis

apply_samples.cjs resolves the preStagePatch working directory using GITHUB_WORKSPACE
directly (the main repo root) instead of ${GITHUB_WORKSPACE}/${GH_AW_CHECKOUT_PATH_0}
(or the checkout manifest's path field for the target repo). The branch is therefore
created in the main repo checkout, not in the side-repo subdirectory, so the MCP server
cannot find it at ...github/.

Steps to reproduce

  1. Configure a workflow with a path-namespaced cross-repo checkout (e.g. path: github)
  2. Add a create-pull-request sample with a sidecars.patch / patch: field
  3. Compile with --use-samples and trigger the workflow
  4. Observe the "Failed to pin branch" error (now with "Needed a single revision" rather
    than the old "dubious ownership" message — the fix(safe-outputs): trust cross-repo checkout dirs from manifest (dubious ownership) #40080 fix unmasked this second bug)

Related issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions