DivZ
Reputation: 738
How to push changes to a GitHub branch after PR is already in the merge queue?
I have a script that automates Azure subscription creation by opening PRs across two different GitHub repositories.
Repositories & File Structure:
Repo 1 - subscription.yaml
---
name: "Contoso - NonProd - Sub-Test-51"
subscriptionId: "subscription_guid_placeholder"
default_subscription_access_entra_group: "azure-sub-entra_id_placeholder"
tags:
owner_team: "infra-team"
parent_management_group_id: "/providers/Microsoft.Management/managementGroups/CONTOSO-NONPROD"
Repo 2 - azure-sub-subscription_guid_placeholder.yaml
---
description = Users with access to `Contoso - NonProd - Sub-Test-51` Azure subscription
group = contoso/infra-team-members
How the Process Works
- A PR is opened in Repo 1 with
subscription.yaml. - Once approved, it enters the merge queue.
- A deployment app (running in an internal Kubernetes environment, not GitHub Actions) provisions the Azure subscription.
- Only after the deployment is complete, the actual subscriptionId is known.
Goals
- Before the PR is merged, populate the
subscriptionIdfield insubscription.yaml. - Name the file in Repo 2 using the last part of the
subscriptionIdGUID (sub_id.split('-')[-1]), e.g.,azure-sub-4e2c4a261dde.yaml. - Create an Entra ID group with the same name.
Challenges
- The merge queue branch is read-only, so I can't push changes directly.
- If I push updates after deployment, GitHub removes the PR from the merge queue.
- I need everything to happen within one PR rather than separate steps.
Ideas I've Considered (But Don't Like)
1. Maintain an External State (e.g., Database or Azure Table Storage)
- Store
sub_name,sub_id, andfile_pathduring deployment. - Populate missing
subscriptionIdvalues in later deployments. - Issue: Handling Repo 2 separately makes the process inconsistent.
2. Push Changes from the Deployment App to My Own Branch
- Let GitHub remove the PR from the merge queue, then trigger another deployment.
- Issue: Not sure how to cleanly re-trigger without re-deploying the same thing.
3. Use an Azure Subscription Tag to Store the File Path
- Add the tag during the subscription creation deployment.
- Fetch missing
subscriptionIdvalues in subsequent deployments. - Issues:
- Many users have Contributor access and can modify or remove tags.
- Also faces the same problem as Repo 2.
4. Push Changes to a Different Branch, Auto-Approve, Deploy, and Merge
- Essentially creates a separate workflow for the update step.
Best Approach?
Tbh this might not even be possible would be good to know if anybody knows the best way to achieve this while keeping everything within a single PR?
Upvotes: 0
Views: 44
Answers (0)
Related Questions
- How do I push a new local branch to a remote Git repository and track it too?
- How do I revert a merge commit that has already been pushed to remote?
- How do I get the current branch name in Git?
- How do I safely merge a Git branch into master?
- I ran into a merge conflict. How do I abort the merge?
- How do I show the changes which have been staged?
- How can I selectively merge or pick changes from another branch in Git?
- Git push rejected after feature branch rebase
- How can I see the changes in a Git commit?
- How can I merge multiple commits onto another branch as a single squashed commit?