GitHub PR lifecycle: branch, commit, open, CI, merge.
npx skills add https://github.com/lxgxdx/hermes-skills --skill github-pr-workflow复制此命令并粘贴到 Claude Code 中以安装该技能
Complete guide to using and extending Hermes Agent — CLI usage, setup, configuration, spawning additional agents, gateway platforms, skills, voice, tools, profiles, and a concise contributor reference. Load this skill when helping users configure Hermes, troubleshoot issues, spawn agent instances, or make code contributions.
Debug how Hermes resolves per-model capabilities (context window, max output tokens, pricing) and override them when a provider's actual API specs diverge from the bundled metadata. Load when a user reports "Hermes caps me at X tokens but the model actually supports Y", "my new model isn't recognized", "where does the 200K/32K/1M limit come from", or asks to patch model_metadata.py / models_dev.py.
OpenAI's general-purpose speech recognition model. Supports 99 languages, transcription, translation to English, and language identification. Six model sizes from tiny (39M params) to large (1550M params). Use for speech-to-text, podcast transcription, or multilingual audio processing. Best for robust, multilingual ASR.
Advanced document editing for Word and Excel with formal formatting, including Chinese government document standards, table styling, and cell formatting.
每日工作日志生成与存储。直接查询 Hermes state.db 汇总前一天所有平台(飞书/微信/TG/cli/cron) 所有 session 的对话内容,提炼为4块结构化日报存回 GBrain。触发词:今日工作/工作日报/总结今天/存日报/今天干了什么。
GBrain 个人知识库操作手册。涵盖 gbrain put 必须通过 stdin、bunfs bug、Python pathlib 优先级陷阱、同步 Hermes 对话脚本。触发词:gbrain/知识库/brain/同步对话/embedding/向量搜索
| name | github-pr-workflow |
| description | GitHub PR lifecycle: branch, commit, open, CI, merge. |
| version | 1.1.0 |
| author | Hermes Agent |
| license | MIT |
| platforms | ["linux","macos","windows"] |
| metadata | {"hermes":{"tags":["GitHub","Pull-Requests","CI/CD","Git","Automation","Merge"],"related_skills":["github-auth","github-code-review"]}} |
Complete guide for managing the PR lifecycle. Each section shows the gh way first, then the git + curl fallback for machines without gh.
github-auth skill)# Determine which method to use throughout this workflow
if command -v gh &>/dev/null && gh auth status &>/dev/null; then
AUTH="gh"
else
AUTH="git"
# Ensure we have a token for API calls
if [ -z "$GITHUB_TOKEN" ]; then
if [ -f ~/.hermes/.env ] && grep -q "^GITHUB_TOKEN=" ~/.hermes/.env; then
GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" ~/.hermes/.env | head -1 | cut -d= -f2 | tr -d '\n\r')
elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then
GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|')
fi
fi
fi
echo "Using: $AUTH"
Many curl commands need owner/repo. Extract it from the git remote:
# Works for both HTTPS and SSH remote URLs
REMOTE_URL=$(git remote get-url origin)
OWNER_REPO=$(echo "$REMOTE_URL" | sed -E 's|.*github\.com[:/]||; s|\.git$||')
OWNER=$(echo "$OWNER_REPO" | cut -d/ -f1)
REPO=$(echo "$OWNER_REPO" | cut -d/ -f2)
echo "Owner: $OWNER, Repo: $REPO"
This part is pure git — identical either way:
# Make sure you're up to date
git fetch origin
git checkout main && git pull origin main
# Create and switch to a new branch
git checkout -b feat/add-user-authentication
Branch naming conventions:
feat/description — new featuresfix/description — bug fixesrefactor/description — code restructuringdocs/description — documentationci/description — CI/CD changesUse the agent's file tools (write_file, patch) to make changes, then commit:
# Stage specific files
git add src/auth.py src/models/user.py tests/test_auth.py
# Commit with a conventional commit message
git commit -m "feat: add JWT-based user authentication
- Add login/register endpoints
- Add User model with password hashing
- Add auth middleware for protected routes
- Add unit tests for auth flow"
Commit message format (Conventional Commits):
type(scope): short description
Longer explanation if needed. Wrap at 72 characters.
Types: feat, fix, refactor, docs, test, ci, chore, perf
git push -u origin HEAD
With gh:
gh pr create \
--title "feat: add JWT-based user authentication" \
--body "## Summary
- Adds login and register API endpoints
- JWT token generation and validation
## Test Plan
- [ ] Unit tests pass
Closes #42"
Options: --draft, --reviewer user1,user2, --label "enhancement", --base develop
With git + curl:
BRANCH=$(git branch --show-current)
curl -s -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/$OWNER/$REPO/pulls \
-d "{
\"title\": \"feat: add JWT-based user authentication\",
\"body\": \"## Summary\nAdds login and register API endpoints.\n\nCloses #42\",
\"head\": \"$BRANCH\",
\"base\": \"main\"
}"
The response JSON includes the PR number — save it for later commands.
To create as a draft, add "draft": true to the JSON body.
With gh:
# One-shot check
gh pr checks
# Watch until all checks finish (polls every 10s)
gh pr checks --watch
With git + curl:
# Get the latest commit SHA on the current branch
SHA=$(git rev-parse HEAD)
# Query the combined status
curl -s \
-H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/repos/$OWNER/$REPO/commits/$SHA/status \
| python3 -c "
import sys, json
data = json.load(sys.stdin)
print(f\"Overall: {data['state']}\")
for s in data.get('statuses', []):
print(f\" {s['context']}: {s['state']} - {s.get('description', '')}\")"
# Also check GitHub Actions check runs (separate endpoint)
curl -s \
-H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/repos/$OWNER/$REPO/commits/$SHA/check-runs \
| python3 -c "
import sys, json
data = json.load(sys.stdin)
for cr in data.get('check_runs', []):
print(f\" {cr['name']}: {cr['status']} / {cr['conclusion'] or 'pending'}\")"
# Simple polling loop — check every 30 seconds, up to 10 minutes
SHA=$(git rev-parse HEAD)
for i in $(seq 1 20); do
STATUS=$(curl -s \
-H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/repos/$OWNER/$REPO/commits/$SHA/status \
| python3 -c "import sys,json; print(json.load(sys.stdin)['state'])")
echo "Check $i: $STATUS"
if [ "$STATUS" = "success" ] || [ "$STATUS" = "failure" ] || [ "$STATUS" = "error" ]; then
break
fi
sleep 30
done
When CI fails, diagnose and fix. This loop works with either auth method.
With gh:
# List recent workflow runs on this branch
gh run list --branch $(git branch --show-current) --limit 5
# View failed logs
gh run view <RUN_ID> --log-failed
With git + curl:
BRANCH=$(git branch --show-current)
# List workflow runs on this branch
curl -s \
-H "Authorization: token $GITHUB_TOKEN" \
"https://api.github.com/repos/$OWNER/$REPO/actions/runs?branch=$BRANCH&per_page=5" \
| python3 -c "
import sys, json
runs = json.load(sys.stdin)['workflow_runs']
for r in runs:
print(f\"Run {r['id']}: {r['name']} - {r['conclusion'] or r['status']}\")"
# Get failed job logs (download as zip, extract, read)
RUN_ID=<run_id>
curl -s -L \
-H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/repos/$OWNER/$REPO/actions/runs/$RUN_ID/logs \
-o /tmp/ci-logs.zip
cd /tmp && unzip -o ci-logs.zip -d ci-logs && cat ci-logs/*.txt
After identifying the issue, use file tools (patch, write_file) to fix it:
git add <fixed_files>
git commit -m "fix: resolve CI failure in <check_name>"
git push
Re-check CI status using the commands from Section 4 above.
When asked to auto-fix CI, follow this loop:
read_file + patch/write_file → fix the codegit add . && git commit -m "fix: ..." && git pushWith gh:
# Squash merge + delete branch (cleanest for feature branches)
gh pr merge --squash --delete-branch
# Enable auto-merge (merges when all checks pass)
gh pr merge --auto --squash --delete-branch
With git + curl:
PR_NUMBER=<number>
# Merge the PR via API (squash)
curl -s -X PUT \
-H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/merge \
-d "{
\"merge_method\": \"squash\",
\"commit_title\": \"feat: add user authentication (#$PR_NUMBER)\"
}"
# Delete the remote branch after merge
BRANCH=$(git branch --show-current)
git push origin --delete $BRANCH
# Switch back to main locally
git checkout main && git pull origin main
git branch -d $BRANCH
Merge methods: "merge" (merge commit), "squash", "rebase"
# Auto-merge requires the repo to have it enabled in settings.
# This uses the GraphQL API since REST doesn't support auto-merge.
PR_NODE_ID=$(curl -s \
-H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \
| python3 -c "import sys,json; print(json.load(sys.stdin)['node_id'])")
curl -s -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/graphql \
-d "{\"query\": \"mutation { enablePullRequestAutoMerge(input: {pullRequestId: \\\"$PR_NODE_ID\\\", mergeMethod: SQUASH}) { clientMutationId } }\"}"
# 1. Start from clean main
git checkout main && git pull origin main
# 2. Branch
git checkout -b fix/login-redirect-bug
# 3. (Agent makes code changes with file tools)
# 4. Commit
git add src/auth/login.py tests/test_login.py
git commit -m "fix: correct redirect URL after login
Preserves the ?next= parameter instead of always redirecting to /dashboard."
# 5. Push
git push -u origin HEAD
# 6. Create PR (picks gh or curl based on what's available)
# ... (see Section 3)
# 7. Monitor CI (see Section 4)
# 8. Merge when green (see Section 6)
Full guide:
github-issuesskill. Key operations summarized here.
gh issue list
gh issue list --state open --label "bug"
gh issue view 42
gh issue create \
--title "Bug: login redirect ignores ?next=" \
--body "## Description\n..." \
--label "bug" --assignee "username"
gh issue edit 42 --add-label "priority:high"
gh issue edit 42 --add-assignee @me
gh issue comment 42 --body "Investigated — root cause is in auth middleware."
gh issue close 42
gh issue close 42 --reason "not planned"
Issue templates are in templates/bug-report.md and templates/feature-request.md.
Full guide:
github-code-reviewskill. Workflow summarized here.
# See what would be in a PR
git diff main...HEAD --stat
git diff main...HEAD
# Check for common issues
git diff main...HEAD | grep -n "print(\|console\.log\|TODO\|FIXME"
git diff main...HEAD | grep -in "password\|secret\|api_key"
gh pr view 123
gh pr diff 123 --name-only
gh pr checks 123 --watch
gh pr checkout 123 # checkout PR branch locally
# Approve
gh pr review 123 --approve --body "LGTM!"
# Request changes with inline comments
gh pr review 123 --request-changes --body "See inline comments."
Full guide:
github-repo-managementskill. Key operations summarized here.
gh repo clone owner/repo
gh repo create my-project --public --clone
gh repo fork owner/repo --clone
# Keep fork in sync
git fetch upstream && git checkout main && git merge upstream/main
gh release create v1.0.0 --title "v1.0.0" --generate-notes
gh release list
gh secret set API_KEY --body "your-secret-value"
gh secret list
See
references/github-large-file-pitfalls.md
GitHub's 100 MB file size limit, .curator_backups/ exclusion patterns, BFG repo-cleaner, and Git LFS setup.
See
github-authskill for full details. Key patterns for GitHub workflows:
# Detect available auth method
if command -v gh &>/dev/null && gh auth status &>/dev/null; then
AUTH="gh"
else
AUTH="git"
# Extract token from ~/.git-credentials
GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|')
fi
# Or extract from ~/.hermes/.env
GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" ~/.hermes/.env | head -1 | cut -d= -f2 | tr -d '\n\r')
See
references/push-protection-secrets.mdfor full details on redaction patterns, what they mean, and how to avoid triggering Push Protection.
If a PAT sent via chat gets redacted (ghp_xx...xxxx), recover from git config raw bytes:
python3 -c "
with open('/path/to/.git/config', 'rb') as f:
raw = f.read()
start = raw.find(b'TOKEN_PREFIX') # replace with your token's prefix
end = raw.find(b'@', start)
print(raw[start:end].decode('utf-8'))
"
# Alternatively: ask user for the complete token directly
See
references/push-protection-secrets.mdfor full details including the re-clone recovery pattern.
GitHub Push Protection scans every push for secret patterns — not just code blocks, but also prose, comments, string literals, and variable names. A single ghp_ prefix in any context will trigger a block.
Common triggers:
`ghp_Fc...ZhBU` (even inside backticks as an example)b'ghp_' in example codehttps://user:ghp_xxx@github.com/...Safe token placeholders:
# GOOD: TOKEN_NAME_HERE
# GOOD: YOUR_TOKEN_HERE
# GOOD: ghp_xx...xxxx (clearly fake — not a real prefix)
Recovery when blocked: If a commit is already blocked, a fresh clone is often needed to escape the stale index state. See the reference file for the step-by-step.
| Action | gh | git + curl |
|---|---|---|
| List my PRs | gh pr list --author @me | curl -s -H "Authorization: token $GITHUB_TOKEN" "https://api.github.com/repos/$OWNER/$REPO/pulls?state=open" |
| View PR diff | gh pr diff | git diff main...HEAD (local) or curl -H "Accept: application/vnd.github.diff" ... |
| Add comment | gh pr comment N --body "..." | curl -X POST .../issues/N/comments -d '{"body":"..."}' |
| Request review | gh pr edit N --add-reviewer user | curl -X POST .../pulls/N/requested_reviewers -d '{"reviewers":["user"]}' |
| Close PR | gh pr close N | curl -X PATCH .../pulls/N -d '{"state":"closed"}' |
| Check out someone's PR | gh pr checkout N | git fetch origin pull/N/head:pr-N && git checkout pr-N |