autofix.ci automatically fixes pull requests to increase developer productivity.Install on GitHub
How It Works
1. Define a GitHub Actions workflow.
Run your favorite code-fixing tools, then call autofix.ci.
on: [ push, pull_request ]
- uses: actions/checkout@v4
- run: cargo fmt
- uses: autofix-ci/action@d3e591514b99d0fca6779455ff8338516663f7cc
2. Receive automatic fixes.
autofix.ci securely updates your pull requests if necessary.
- Works with your existing linters, formatters, bundlers, compilers, or other code fixers.
- No configuration: Simply call the autofix.ci action when you want to update the pull request.
- Supports all pull requests (including from forks) and branches without branch protection.
Used ByBun Vue.js Nuxt React Navigation mitmproxy pdoc and many more.
Why is this useful?
- Pull Requests are often blocked on relatively trivial issues such as code formatting or leftover imports. Fixing these details is expensive as it requires additional roundtrips and context switching. autofix.ci automatically fixes such problems, unblocking development flow.
Why does this require an app?
- For security reasons, pull requests from forked repositories do not have any write permissions which they could use to update themselves. The autofix.ci app provides pull requests with tightly-locked self-update capabilities. Alternative approaches such as processing untrusted code in pull_request_target or passing around personal access tokens are highly dangerous to outright insecure.
Which platforms are supported?
- autofix.ci supports GitHub Actions only.
Does it work for all commits?
- For safety reasons, autofix.ci will not apply patches if the last four commits have been authored by a bot. This avoids infinite loops with bots continuously correcting each other.
What happens under the hood?
When you invoke the autofix.ci action, it will
git diffthe current repository, create an
autofix.jsonfile containing all changes, upload this file as a GitHub Actions artifact, and notify the autofix.ci server.
The autofix.ci server fetches
autofix.jsonfrom GitHub, validates its contents, and pushes a new commit to the pull request branch using its GitHub App credentials.
Is it secure?
- Yes, because we keep autofix.ci's GitHub authentication token away from potentially untrusted actions. By using autofix.ci, you only provide your auto-fixing workflow with the capability to update the pull request branch once. Please see autofix.ci/security for details.
Who is behind autofix.ci?
If your question is not answered here, please open a GitHub issue or reach out to supportnoreply@email@example.com.