Fix: gh pr create, only fetch teams when reviewers contain a team
#11361
Conversation
Introduces a TeamReviewers boolean to RepoMetadataInput to control whether team reviewers are fetched. Updates RepoMetadata logic to only fetch teams if both Reviewers and TeamReviewers are true. Adds tests to verify correct behavior when TeamReviewers is false.
Updated the logic for fetching team reviewers in PR edit and create flows. In `pr edit`, team reviewers are always fetched for consistency with existing behavior, with a note to potentially align with `pr create` logic in the future. In `pr create`, team reviewers are now only fetched if a reviewer contains a slash, aligning with behavior before the regression.
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a performance regression in gh pr create by conditionally fetching team data only when reviewers contain a team identifier (indicated by /). The fix addresses issue #11360 where teams were unnecessarily fetched even when no team reviewers were specified.
- Added conditional team fetching logic to only fetch teams when reviewer strings contain
/ - Maintained existing
gh pr editbehavior to always fetch teams for backward compatibility - Updated tests to reflect the new conditional behavior
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pkg/cmd/pr/shared/params.go | Added conditional logic to set TeamReviewers based on presence of / in reviewer strings |
| pkg/cmd/pr/shared/editable.go | Maintained existing behavior for pr edit to always fetch teams when reviewers are edited |
| api/queries_repo.go | Modified RepoMetadata to only fetch teams when both Reviewers and TeamReviewers flags are true |
| pkg/cmd/pr/create/create_test.go | Removed unnecessary team fetching mock from test |
| api/queries_repo_test.go | Added test case to verify teams are not fetched when TeamReviewers is false |
Replaces manual error check with require.NoError for consistency and improved readability in the test.
| } | ||
|
|
||
| if input.Reviewers { | ||
| if input.Reviewers && input.TeamReviewers { |
There was a problem hiding this comment.
question:
-
what conditions will users still encounter the
GraphQL: Resource not accessible by integration (organization.teams)error?- GitHub CLI OAuth App?
- GitHub Actions automatic token?
-
why is it important for both
ReviewersandTeamReviewersto be set for retrieving organization teams?
There was a problem hiding this comment.
-
I think it'll happen when someone gives us a team (contains a slash), but their auth token does not have perms to fetch teams.
-
It's technically not important to make this function but it eliminates a situation where the caller might set
TeamReviewersto true whileReviewersis false, causing only teams to be fetched and populated into the reviewer metadata. I don't know of a case where we actually want that to happen, so I figure we should guard against callers misusing this field until we know that to be a valid use case by coupling the two fields together.
There was a problem hiding this comment.
Thanks for the insight!
For my first question, I was unsure which gh authentication methods include organization team permissions, so I reset my gh auth session and confirmed the read:org scope associated with GitHub CLI OAuth app is good:
$ gh auth status --hostname github.com
github.com
✓ Logged in to github.com account andyfeller (keyring)
- Active account: true
- Git operations protocol: https
- Token: gho_************************************
- Token scopes: 'gist', 'read:org', 'repo', 'workflow'
$ QUERY='
query {
organization(login:"cli"){
teams(first:10, privacy:VISIBLE){
nodes{
slug
}
}
}
}'
$ gh api graphql -f query="$QUERY"
{
"data": {
"organization": {
"teams": {
"nodes": [
{
"slug": "code-reviewers"
},
{
"slug": "codespaces"
},
{
"slug": "deployment-reviewers"
},
{
"slug": "package-security"
},
{
"slug": "tuf-root-reviewers"
},
{
"slug": "webhooks"
}
]
}
}
}
}| Reviewers: len(tb.Reviewers) > 0, | ||
| TeamReviewers: len(tb.Reviewers) > 0 && slices.ContainsFunc(tb.Reviewers, func(r string) bool { | ||
| return strings.ContainsRune(r, '/') | ||
| }), |
There was a problem hiding this comment.
question: do we have any tests that should make sure that OrganizationTeams query is excluded when no teams are specified as reviewers?
I see tests like this that include teams:
cli/pkg/cmd/pr/create/create_test.go
Lines 412 to 479 in e5feda3
I only see 1 test that has only human users:
cli/pkg/cmd/pr/create/create_test.go
Lines 1300 to 1382 in e5feda3
If so, then maybe we .Exclude(...) that query from this case?
There was a problem hiding this comment.
This test added in the PR removes the OrganizationTeams query mock while setting TeamReviewers to false. This would fail if the OrganizationTeams query actually runs because it won't find a mock for that query.
Lines 217 to 247 in e5feda3
There was a problem hiding this comment.
Thanks 🤔 I guess I was thinking we have a stronger assertion setup to ensure the query was explicitly not called at all close to the gh pr create command since it conditionally includes team reviewers whereas gh pr edit always does:
Lines 287 to 300 in b2348f8
I think you're referring to the help docs for those two commands? I don't think it would hurt to document it. |
You got it. 🙇 Just an errant thought as I was reviewing the usage statement as I didn't see any mention of cli/pkg/cmd/pr/create/create.go Lines 229 to 233 in b2348f8 Lines 61 to 62 in b2348f8 |
Renamed the test to clarify its purpose and added an explicit exclusion for the OrganizationTeamList GraphQL query to ensure teams are only fetched when specified. This improves test accuracy and readability.
Added test cases to verify that teams are fetched when reviewers include teams and not fetched when only users are specified. This ensures correct behavior when requesting reviews from users and teams during pull request creation.
|
I wanted to also demo that this fix works on the originally reported GHES version Reproduction with released binary: Reproduction with binary built from this branch: |
| opts.BodyProvided = true | ||
| opts.Title = "my title" | ||
| opts.Body = "my body" | ||
| opts.Reviewers = []string{"hubot", "monalisa", "org/core", "org/robots"} |
There was a problem hiding this comment.
praise: I appreciate having the org added rather than leaving it clipped as in other tests
| http.Exclude( | ||
| t, | ||
| httpmock.GraphQL(`query OrganizationTeamList\b`), | ||
| ) | ||
|
|
There was a problem hiding this comment.
praise: thank you for considering the idea ❤️
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [cli/cli](https://github.com/cli/cli) | minor | `v2.74.2` -> `v2.76.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>cli/cli (cli/cli)</summary> ### [`v2.76.1`](https://github.com/cli/cli/releases/tag/v2.76.1): GitHub CLI 2.76.1 [Compare Source](cli/cli@v2.76.0...v2.76.1) #### `gh pr create` regression fix This release fixes a regression introduced in `v2.76.0` where organization teams were retrieved outside of intentional use cases. This caused problems for GitHub Enterprise Server users using the GitHub Actions automatic token that does not have access to organization teams. For more information, see cli/cli#11360 #### What's Changed ##### 🐛 Fixes - Fix: `gh pr create`, only fetch teams when reviewers contain a team by [@​BagToad](https://github.com/BagToad) in cli/cli#11361 ##### 📚 Docs & Chores - add tenancy aware for san matcher by [@​ejahnGithub](https://github.com/ejahnGithub) in cli/cli#11261 - Run Lint and Tests on `push` to `trunk` branch by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11325 - update ownership of pkg/cmd/release/shared/ by [@​ejahnGithub](https://github.com/ejahnGithub) in cli/cli#11326 - Automate spam issue detection by [@​babakks](https://github.com/babakks) in cli/cli#11316 - Improve `api` `--preview` docs by [@​jsoref](https://github.com/jsoref) in cli/cli#11274 - Incorporate govulncheck into workflows by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11332 - chore(deps): bump advanced-security/filter-sarif from 1.0.0 to 1.0.1 by [@​dependabot](https://github.com/dependabot)\[bot] in cli/cli#11298 - chore(deps): bump github.com/sigstore/sigstore-go from 1.0.0 to 1.1.0 by [@​dependabot](https://github.com/dependabot)\[bot] in cli/cli#11307 **Full Changelog**: cli/cli@v2.76.0...v2.76.1 ### [`v2.76.0`](https://github.com/cli/cli/releases/tag/v2.76.0): GitHub CLI 2.76.0 [Compare Source](cli/cli@v2.75.1...v2.76.0) ####Copilot Coding Agent Support GitHub Copilot Pro+ and Copilot Enterprise subscribers can now assign issues to GitHub Copilot during issue creation using: - Command-line flag: `gh issue create --assignee @​copilot` - Launching web browser: `gh issue create --assignee @​copilot --web` - Or interactively selecting `Copilot (AI)` as assignee in `gh issue create` metadata For more details, refer to [the full changelog post for Copilot coding agent](https://github.blog/changelog/2025-05-19-github-copilot-coding-agent-in-public-preview/). #### What's Changed ##### ✨ Features - Assign Copilot during `gh issue create` by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11279 - Display immutable field in `release view` command by [@​bdehamer](https://github.com/bdehamer) in cli/cli#11251 ##### 🐛 Fixes - FIX: Do not fetch logs for skipped jobs by [@​babakks](https://github.com/babakks) in cli/cli#11312 - Transform `extension` and `filename` qualifiers into `path` qualifier for web code search by [@​samcoe](https://github.com/samcoe) in cli/cli#11211 ##### 📚 Docs & Chores - FIX: Workflow does not contain permissions by [@​BagToad](https://github.com/BagToad) in cli/cli#11322 - Add automated feature request response workflow by [@​BagToad](https://github.com/BagToad) in cli/cli#11299 **Full Changelog**: cli/cli@v2.75.1...v2.76.0 ### [`v2.75.1`](https://github.com/cli/cli/releases/tag/v2.75.1): GitHub CLI 2.75.1 [Compare Source](cli/cli@v2.75.0...v2.75.1) #### What's Changed ##### 🐛 Fixes - Ensure hostnames are visible in CLI website by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11295 - Revert "Fix: `gh pr create` prioritize `--title` and `--body` over `--fill` when `--web` is present" by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11300 ##### 📚 Docs & Chores - Ensure go directive is always .0 version in bump by [@​williammartin](https://github.com/williammartin) in cli/cli#11259 - Minor (1-word) documentation typo in generated `~/.config/gh/config.yml` by [@​kurahaupo](https://github.com/kurahaupo) in cli/cli#11246 - Automate closing of stale issues by [@​babakks](https://github.com/babakks) in cli/cli#11268 - Filter the `third-party/` folder out of CodeQL results by [@​BagToad](https://github.com/BagToad) in cli/cli#11278 - Exclude `third-party` source from golangci-lint by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11293 #####
Dependencies - Bump Go to 1.24.5 by [@​github-actions](https://github.com/github-actions)\[bot] in cli/cli#11255 - chore(deps): bump github.com/sigstore/protobuf-specs from 0.4.3 to 0.5.0 by [@​dependabot](https://github.com/dependabot)\[bot] in cli/cli#11263 - chore(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 by [@​dependabot](https://github.com/dependabot)\[bot] in cli/cli#11266 - chore(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 by [@​dependabot](https://github.com/dependabot)\[bot] in cli/cli#11264 - chore(deps): bump golang.org/x/text from 0.26.0 to 0.27.0 by [@​dependabot](https://github.com/dependabot)\[bot] in cli/cli#11265 - chore(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by [@​dependabot](https://github.com/dependabot)\[bot] in cli/cli#11275 #### New Contributors - [@​kurahaupo](https://github.com/kurahaupo) made their first contribution in cli/cli#11246 - [@​github-actions](https://github.com/github-actions)\[bot] made their first contribution in cli/cli#11255 **Full Changelog**: cli/cli@v2.75.0...v2.75.1 ### [`v2.75.0`](https://github.com/cli/cli/releases/tag/v2.75.0): GitHub CLI 2.75.0 [Compare Source](cli/cli@v2.74.2...v2.75.0) #### What's Changed ##### ✨ Features - init release verify subcommands by [@​ejahnGithub](https://github.com/ejahnGithub) in cli/cli#11018 - Embed Windows resources (VERSIONINFO) during build by [@​babakks](https://github.com/babakks) in cli/cli#11048 - Support `--no-repos-selected` on `gh secret set` by [@​williammartin](https://github.com/williammartin) in cli/cli#11217 ##### 🐛 Fixes - Fix: `gh pr create` prioritize `--title` and `--body` over `--fill` when `--web` is present by [@​dankrzeminski32](https://github.com/dankrzeminski32) in cli/cli#10547 - fix: get token for active user instead of blank if possible by [@​anuraaga](https://github.com/anuraaga) in cli/cli#11038 - Use Actions API to retrieve job run logs as a fallback mechanism by [@​babakks](https://github.com/babakks) in cli/cli#11172 - Fix query object state mutation during pagination by [@​babakks](https://github.com/babakks) in cli/cli#11244 - Handle `HTTP 404` when deleting remote branch in `pr merge` by [@​babakks](https://github.com/babakks) in cli/cli#11234 ##### 📚 Docs & Chores - chore: fix function name by [@​jinjingroad](https://github.com/jinjingroad) in cli/cli#11149 - chore: update Go version to 1.24 in devcontainer configuration and docs by [@​tMinamiii](https://github.com/tMinamiii) in cli/cli#11158 - Ensure lint workflow checks whether 3rd party license and code is up to date by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11047 - docs: install\_linux.md: add Solus linux install instructions by [@​chax](https://github.com/chax) in cli/cli#10823 - Fix missing newline in install\_linux.md by [@​BagToad](https://github.com/BagToad) in cli/cli#11160 - Ensure automation uses pinned go-licenses version by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11161 - Add `workflow_dispatch` support to MR Help Wanted check by [@​BagToad](https://github.com/BagToad) in cli/cli#11179 - Remove unused `GH_TOKEN` env variable from workflow by [@​BagToad](https://github.com/BagToad) in cli/cli#11190 - Add workflow to automate go version bumping by [@​williammartin](https://github.com/williammartin) in cli/cli#11189 - Fix inconsistent use of tabs and spaces by [@​Stefan-Heimersheim](https://github.com/Stefan-Heimersheim) in cli/cli#11194 - Decouple arg parsing from MR finder by [@​babakks](https://github.com/babakks) in cli/cli#11192 - docs: consistently use `apt` in installation instructions by [@​tklauser](https://github.com/tklauser) in cli/cli#11216 - Ensure bump go script has git user configured by [@​williammartin](https://github.com/williammartin) in cli/cli#11229 - Inject token into bump-go workflow by [@​williammartin](https://github.com/williammartin) in cli/cli#11233 - Reinstating Primer Style CLI content within `cli/cli` repository by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11060 - Add setup-go to bump-go workflow by [@​williammartin](https://github.com/williammartin) in cli/cli#11237 - Ensure GoReleaser does not break on Mac OS and Linux when skipping Windows `.rsyso` generation script by [@​andyfeller](https://github.com/andyfeller) in cli/cli#11257 #####
Fixes #11360
See #11360 (comment) for pre-implementation investigation and context.
This proposes a fix for the regression by reintroducing a condition to only fetch teams when a reviewer contains
/. This proposes to maintaingh pr edit's existing behavior by continuing to always fetch teams.