Add template sync workflow for automated repository synchronization#74
Open
kpj2006 wants to merge 4 commits intoAOSSIE-Org:mainfrom
Open
Add template sync workflow for automated repository synchronization#74kpj2006 wants to merge 4 commits intoAOSSIE-Org:mainfrom
kpj2006 wants to merge 4 commits intoAOSSIE-Org:mainfrom
Conversation
github-actions
bot
added
no-issue-linked
Contributor
WalkthroughAdds a scheduled monthly GitHub Actions workflow to sync templates and a Changes
Sequence Diagram(s)sequenceDiagram
participant Scheduler as Scheduler (cron / manual)
participant GHA as GitHub Actions
participant Runner as Runner (ubuntu-latest)
participant Action as actions-template-sync@v2
participant Upstream as Upstream Repo
participant Repo as Target Repo
Scheduler->>GHA: trigger workflow (cron / workflow_dispatch)
GHA->>Runner: start job (repo-sync)
Runner->>Runner: checkout Repo
Runner->>Action: run actions-template-sync (source_repo_path, main, pr_labels)
Action->>Upstream: fetch templates
Action->>Runner: compute diffs, respect .templatesyncignore
Action->>Repo: open/update PR with labels template_sync,auto_pr
Repo->>GHA: PR created/updated
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
github-actions
bot
added
size/S
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/template-sync.yml:
- Around line 1-5: Add a top-level "name" field to the workflow YAML so the
Actions UI shows a friendly label instead of the filename; update the file
containing the "on:", "schedule:" and "workflow_dispatch:" keys to include a
descriptive name string at the top (e.g., name: "Template Sync" or similar)
immediately before the existing "on" block.
- Line 26: The workflow uses source_repo_path: AOSSIE-Org/Template-Repo which
makes the template trigger against itself; add a guard on the job or critical
step to skip execution when github.repository equals that template repo (e.g.,
add if: github.repository != 'AOSSIE-Org/Template-Repo' on the top-level job or
on the first step) so the sync only runs in downstream repos and not in the
template origin.
- Around line 23-28: Add the explicit source_gh_token input to the
actions-template-sync step to avoid the deprecated github_token behavior: in the
step using AndreasAugustin/actions-template-sync@v2 (the actions-template-sync
step that currently sets source_repo_path, upstream_branch, pr_labels), add
source_gh_token: ${{ secrets.GITHUB_TOKEN }} so the action receives the expected
token input and is compatible with v2.5.x+.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/template-sync.yml:
- Around line 13-15: The workflow currently attempts to push changes to
.github/workflows using GITHUB_TOKEN which is blocked; replace or supplement the
token by adding a repository secret containing a personal access token (PAT)
with contents:write and workflows:write scopes and pass that secret into the
sync action as target_gh_token (instead of or alongside GITHUB_TOKEN), and
ensure the action invocation and any inputs (e.g., target_gh_token) are updated
to consume the secret so pushes to workflow files succeed.
- Around line 19-20: Replace floating major-version action refs with immutable
commit SHAs: update the uses entries for actions/checkout@v4 and
AndreasAugustin/actions-template-sync@v2 to their corresponding full commit SHA
pins (e.g., actions/checkout@<full-sha> and
AndreasAugustin/actions-template-sync@<full-sha>), ensuring you fetch the exact
commit SHAs from the upstream repositories and test the workflow after updating
the uses strings.
This was referenced Feb 21, 2026
| @@ -0,0 +1,33 @@ | |||
| name: Template Sync | |||
Contributor
There was a problem hiding this comment.
Where do we specify which files should be kept in sync?
Take the readme file for instance. A new repo using the template repo should modify the readme for its own needs. If the readme template in the template repo gets updated, it is not clear how the readme in the new repo should be synchronized...
Contributor
Author
There was a problem hiding this comment.
bydefault it sync all file in template repo except in .github/workflows one due to github policy
for that i have also created a issue:#76
even if you want to ignore a file mention it specially
Once the workflow is triggered, it will compare the target repository with the source, and will open a Pull Request on the target repository if there are any differences You can see how it looks like in the Pull Requests #1 and #2 from dotdc/terraform-module-example.
have a look on : https://github.com/AndreasAugustin/actions-template-sync?tab=readme-ov-file#ignore-files
Contributor
There was a problem hiding this comment.
Then let's already add .templatesyncignore file to the template repo, to make it ignore files like README.md, which are supposed to be customized in the destination repo and then not overwritten/synced by the tempalte repo again.
github-actions
bot
added
size/M
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.templatesyncignore:
- Around line 10-11: Uncomment the ignored path for GitHub workflows so workflow
files are excluded from template sync: open the .templatesyncignore entry that
currently has a commented line "# .github/workflows/" and remove the leading "#"
(or otherwise restore the literal ".github/workflows/" line) so the ignore
contains an active ".github/workflows/" entry, preventing workflow files from
being synced into downstream repos.
- Around line 19-22: The example using the :! exception syntax is ambiguous
because the two lines ':!newfile-1.txt' and '*' are on separate uncommented
lines and may lead someone to uncomment only '*' which will ignore everything;
update the .templatesyncignore example to include a single inline clarification
next to the example (referencing ':!newfile-1.txt' and '*') stating that both
lines must be uncommented together as a pair to whitelist the file, and add a
brief warning that uncommenting only '*' will exclude all files from sync.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.templatesyncignore:
- Line 4: Update the header comment in .templatesyncignore to warn that negation
uses Git pathspec syntax (use ":!" for exclusions) rather than the .gitignore
"!" prefix; specifically edit the line that currently reads "Uses glob pattern
syntax similar to .gitignore" to include a parenthetical like "(note: negation
uses Git pathspec ':!' instead of '!' as in .gitignore)" so users aren't
misled—change the comment text wherever that header string appears.
---
Duplicate comments:
In @.templatesyncignore:
- Around line 20-23: The example is misleading about pathspec ordering and
paired-lines: change the sample so the global ignore "*" appears before the
exception entry and clarify that exceptions use the ":!<path>" prefix (e.g., "*"
followed by ":!newfile-1.txt"), and add a short note that exception lines must
be paired with the preceding ignore (i.e., place the "*" then each ":!..." on
its own subsequent line) so readers understand the required order and pairing
when using the ":!" syntax.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addressed Issues:
Fixes #(issue number)
Screenshots/Recordings:
Additional Notes:
Checklist
We encourage contributors to use AI tools responsibly when creating Pull Requests. While AI can be a valuable aid, it is essential to ensure that your contributions meet the task requirements, build successfully, include relevant tests, and pass all linters. Submissions that do not meet these standards may be closed without warning to maintain the quality and integrity of the project. Please take the time to understand the changes you are proposing and their impact.
Summary by CodeRabbit