By name: create-pr description: Create pull requests for konflux-ci repository. Explains CI behavior differences between fork and same-repo PRs, and the /allow command. Use when creating a PR, CI not running, or asking about fork PRs.
Create Pull Request
CI Behavior
| PR Source | E2E Tests | Trigger |
|---|---|---|
| Same-repo branch | Automatic | Push |
| Fork | Manual | Org member comments /allow |
Fork PRs cannot access secrets. The /allow command:
- Verifies code hasn't changed since comment (TOCTOU check)
- Triggers E2E via
repository_dispatch
See .github/workflows/operator-test-e2e.yaml (check-prerequisites job) and .github/workflows/pr-comment-commands.yaml.
Before Creating a PR: Check Write Access
Always check if the user has upstream write access before choosing a workflow.
# Check if user can push to upstream
gh repo view konflux-ci/konflux-ci --json viewerPermission --jq '.viewerPermission'
# WRITE or ADMIN = has access, READ = no access
If user has write access → push to upstream (CI runs automatically)
If user does NOT have write access → push to fork (needs /allow)
Workflow
With upstream write access (preferred):
git checkout -b feature-branch
git push -u upstream feature-branch
gh pr create --repo konflux-ci/konflux-ci
Without write access (fork):
- Fork and clone
- Push to fork, open PR against
konflux-ci/konflux-ci - Wait for maintainer
/allow
Pre-PR Checklist
From CONTRIBUTING.md:
KubeLinter (if editing kustomizations):
mkdir -p .kube-linter find . -name "kustomization.yaml" -o -name "kustomization.yml" | while read -r file; do dir=$(dirname "$file"); dir=${dir#./} kustomize build "$dir" > ".kube-linter/out-$(echo "$dir" | tr "/" "-").yaml" done kube-linter lint .kube-linterTable of contents (if markdown structure changed): See
CONTRIBUTING.mdfor the exact command.
Troubleshooting
CI not running on fork PR: Normal - wait for /allow from maintainer.
E2E failed after /allow: Code changed after /allow. Maintainer must re-review and /allow again.