Back to Details

submit-pr

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Submit Pull Request Workflow

提交PR工作流

Create a well-documented pull request for the current feature branch, following the project's trunk-based development workflow and PR template.
[!CAUTION] Scope boundary: This skill pushes code, creates pull requests, monitors CI, and commits CI fixes (with user approval). It does NOT implement new features or run formal code reviews. When the PR is created and CI passes, stop — the workflow is complete.
[!WARNING] Checkpoint protocol. When this workflow reaches a 
### CHECKPOINT
, you must actively prompt the user for a decision — do not simply present information and continue. Use your agent's interactive prompting mechanism (e.g., 
AskUserQuestion
in Claude Code) to require an explicit response before proceeding. This prevents queued or in-flight messages from being misinterpreted as approval. If your agent lacks interactive prompting, output the checkpoint content and stop all work until the user explicitly responds.
遵循项目的主干开发工作流和PR模板,为当前功能分支创建一份文档完善的拉取请求(Pull Request)。
[!CAUTION] 范围边界:该Skill会推送代码、创建Pull Request、监控CI,并在获得用户批准后提交CI修复。它不会实现新功能或执行正式代码评审。当PR创建完成且CI通过后,停止——工作流即完成。
[!WARNING] 检查点协议:当工作流到达
### CHECKPOINT
时,你必须主动提示用户做出决策——不能仅展示信息就继续执行。使用你的Agent交互提示机制(例如Claude Code中的
AskUserQuestion
),在继续前获取用户的明确回复。这可以避免队列中或处理中的消息被误判为批准。如果你的Agent没有交互提示功能,输出检查点内容后停止所有工作,直到用户明确回复为止。

Step 1: Pre-Submission Checks

步骤1:提交前检查

Verify the branch is ready for a pull request:
  1. Confirm we are on a feature branch (not 
    main
    ). If on 
    main
    , stop and ask the user to create a feature branch first.
  2. Sync with main:
    bash
    git fetch origin
git rebase origin/main
    If there are conflicts, stop and help the user resolve them before proceeding.
  3. Run your project's quality checks:
    # Adapt to your project's toolchain
type-check      # TypeScript tsc, mypy, etc.
lint            # ESLint, Ruff, golangci-lint, etc.
format:check    # Prettier, Black, gofmt, etc.
test            # Vitest, Jest, pytest, etc.
build           # If a build step exists
    If formatting checks fail, auto-fix by running the formatter on the reported files and stage the changes.
  4. Perform a final security scan on changed files:
    • Are there hardcoded secrets, API keys, or credentials in the diff?
    • Are all user inputs validated and sanitized?
    • Are authentication and authorization checks present on new endpoints?
    • Are error responses safe? (no internal details leaked)
    • Are dependencies free of known CVEs?
    Claude Code optimization: If the 
    /security-scanning:security-sast
    skill is available, use it for enhanced automated scanning. Otherwise, follow the manual checklist above.
If any check fails, report the failure clearly and ask the user whether to fix it now or proceed anyway.
验证分支是否已准备好提交拉取请求:
  1. 确认当前处于功能分支(而非
    main
    分支)。如果在
    main
    分支上,停止操作并要求用户先创建功能分支。
  2. 与main分支同步:
    bash
    git fetch origin
git rebase origin/main
    如果存在冲突,停止操作并协助用户解决冲突后再继续。
  3. 运行项目的质量检查:
    # 根据项目的工具链适配
type-check      # TypeScript tsc、mypy等
lint            # ESLint、Ruff、golangci-lint等
format:check    # Prettier、Black、gofmt等
test            # Vitest、Jest、pytest等
build           # 如果存在构建步骤
    如果格式检查失败,自动修复:对报告的文件运行格式化工具,并暂存变更。
  4. 对变更文件执行最终安全扫描:
    • 差异中是否存在硬编码的密钥、API密钥或凭证?
    • 所有用户输入是否经过验证和清理?
    • 新端点是否存在身份验证和授权检查?
    • 错误响应是否安全?(未泄露内部细节)
    • 依赖项是否存在已知的CVE漏洞?
    Claude Code优化:如果
    /security-scanning:security-sast
    Skill可用,使用它进行增强型自动扫描。否则,遵循上述手动检查清单。
如果任何检查失败,清晰报告失败情况,并询问用户是现在修复还是继续执行。

Step 2: Analyze Changes

步骤2:分析变更

Understand what this PR contains:
  1. Run 
    git log origin/main..HEAD --oneline
    to see all commits on this branch
  2. Run 
    git diff origin/main...HEAD --stat
    to see the file change summary
  3. Run 
    git diff origin/main...HEAD
    to read the actual changes
Determine:
  • Type of change: feature, fix, docs, refactor, test, chore (from commit prefixes)
  • Scope: frontend, backend, full-stack, infrastructure
  • Includes database migrations? (check for migration files or schema changes)
  • Includes infrastructure changes? (containers, CI/CD, environment files)
  • Includes security-sensitive changes? (auth, authorization, API security, secrets)
  • Related issues: Extract from commit messages (Closes #NNN, Fixes #NNN)
了解此PR包含的内容:
  1. 运行
    git log origin/main..HEAD --oneline
    查看该分支上的所有提交记录
  2. 运行
    git diff origin/main...HEAD --stat
    查看文件变更摘要
  3. 运行
    git diff origin/main...HEAD
    查看实际变更内容
确定:
  • 变更类型:功能新增、修复、文档、重构、测试、杂项(从提交前缀判断)
  • 范围:前端、后端、全栈、基础设施
  • 是否包含数据库迁移?(检查迁移文件或架构变更)
  • 是否包含基础设施变更?(容器、CI/CD、环境文件)
  • 是否包含安全敏感变更?(身份验证、授权、API安全、密钥)
  • 相关问题:从提交消息中提取(Closes #NNN、Fixes #NNN)

Step 3: Deployment Council Review (Conditional)

步骤3:部署评审委员会审核(可选)

Activate the Deployment Council from the skill's 
councils/deployment-council.md
if ANY of these are true:
  • Database migrations are included
  • Container or infrastructure files changed
  • Environment variables were added or modified
  • Authentication or authorization code changed
  • CI/CD pipeline files modified
If activated, read the council template and run through the full Deployment Checklist. For each council member, read their agent definition from the skill's 
agents/
directory and use the complexity tier specified to calibrate review depth. Adapt the checklist to your deployment infrastructure:
如果满足以下任一条件,从Skill的
councils/deployment-council.md
激活部署评审委员会:
  • 包含数据库迁移
  • 容器或基础设施文件已变更
  • 环境变量已添加或修改
  • 身份验证或授权代码已变更
  • CI/CD流水线文件已修改
如果激活,读取评审模板并完成完整的部署检查清单。对于每位评审成员,从Skill的
agents/
目录读取其Agent定义,并使用指定的复杂度等级调整评审深度。根据你的部署基础设施适配检查清单:

Platform Engineer (Lead)

平台工程师(负责人)

  • Application builds and packages successfully for deployment?
  • Environment variables configured?
  • Health check endpoints working?
  • Resource limits set (CPU, memory)?
  • Logging and monitoring configured?
  • Rollback strategy defined?
  • 应用程序是否能成功构建并打包用于部署?
  • 环境变量是否已配置?
  • 健康检查端点是否正常工作?
  • 是否设置了资源限制(CPU、内存)?
  • 日志和监控是否已配置?
  • 是否定义了回滚策略?

Security Engineer

安全工程师

  • Secrets managed securely (not in code)?
  • HTTPS/TLS configured?
  • API authentication working?
  • CORS configured correctly?
  • Security headers configured (e.g., Content-Security-Policy, X-Frame-Options, HSTS)?
  • No high-severity vulnerabilities?
  • 密钥是否得到安全管理(未存储在代码中)?
  • HTTPS/TLS是否已配置?
  • API身份验证是否正常工作?
  • CORS是否配置正确?
  • 是否配置了安全头(例如Content-Security-Policy、X-Frame-Options、HSTS)?
  • 是否存在高严重性漏洞?

QA Lead

QA负责人

  • E2E tests passing?
  • Critical user flows validated?
  • Performance testing completed?
  • No known P0/P1 bugs?
  • Regression tests passing?
  • Smoke tests defined for post-deployment?
  • 端到端测试是否通过?
  • 关键用户流程是否已验证?
  • 性能测试是否已完成?
  • 是否存在已知的P0/P1级bug?
  • 回归测试是否通过?
  • 是否定义了部署后的冒烟测试?

Deployment Decision

部署决策

  • Status: Approved / Not Ready / Blocked
  • Deployment Strategy: Rolling / Blue-Green / Canary
  • Rollback Plan: How to rollback if issues arise
  • 状态:已批准 / 未准备好 / 已阻塞
  • 部署策略:滚动发布 / 蓝绿部署 / 金丝雀发布
  • 回滚计划:出现问题时如何回滚

CHECKPOINT (only if Deployment Council was activated): Present the deployment readiness assessment to the user. Wait for confirmation before proceeding.

CHECKPOINT(仅在激活部署评审委员会时):向用户展示部署就绪评估结果。等待确认后再继续。

Step 4: Generate PR Description

步骤4:生成PR描述

If your project has a PR template (e.g., 
.github/PULL_REQUEST_TEMPLATE.md
), use it. Otherwise, generate a complete PR with these sections:
如果项目有PR模板(例如
.github/PULL_REQUEST_TEMPLATE.md
),使用该模板。否则,生成包含以下部分的完整PR:

Title

标题

  • Format: 
    <type>(<scope>): <short description>
    matching conventional commits
  • Keep under 70 characters
  • Use the primary commit type and scope
  • 格式:
    <类型>(<范围>): <简短描述>
    ,符合约定式提交规范
  • 长度控制在70字符以内
  • 使用主要的提交类型和范围

Body

正文

Description: Synthesize from commit messages and changed files. Explain the why, not just the what.
Type of Change: Auto-detect from commit prefixes and mark the appropriate checkbox.
Related Issues: Extract from commit messages (
Closes #NNN
).
Changes Made: Bullet list of key changes, organized by area (frontend, backend, database, etc.).
Testing: Document what tests were added/updated and how to manually test.
Checklist: Pre-fill based on actual state:
  • Check items that are actually done (tests pass, lint passes, etc.)
  • Leave unchecked items that still need attention
Breaking Changes: Flag if any API contracts, database schemas, or public interfaces changed.
Deployment Notes: Include migration steps, new environment variables, infrastructure changes. Reference Deployment Council findings if activated.
描述:从提交消息和变更文件中整合信息。解释变更的原因,而非仅说明变更内容。
变更类型:从提交前缀自动检测,并标记相应的复选框。
相关问题:从提交消息中提取(
Closes #NNN
)。
已做变更:按领域(前端、后端、数据库等)组织的关键变更要点列表。
测试:记录新增/更新的测试内容,以及手动测试的方法。
检查清单:根据实际状态预填充:
  • 勾选已完成的项(测试通过、代码检查通过等)
  • 保留未完成项为未勾选状态
破坏性变更:如果存在API契约、数据库架构或公共接口变更,进行标记。
部署说明:包含迁移步骤、新环境变量、基础设施变更。如果激活了部署评审委员会,参考其评审结果。

Changelog Entry

变更日志条目

If the PR includes user-facing changes, draft a changelog entry:
  • Determine the category: Added / Changed / Fixed / Removed
  • Write a one-line description from the user's perspective
  • Reference the PR number
如果PR包含面向用户的变更,草拟变更日志条目:
  • 确定分类:新增 / 变更 / 修复 / 移除
  • 从用户视角编写一行描述
  • 引用PR编号

CHECKPOINT: Present the PR title and full body to the user. Allow them to review and request edits before submission.

CHECKPOINT:向用户展示PR标题和完整正文。允许用户审核并请求修改后再提交。

Step 5: Push and Create PR

步骤5:推送并创建PR

  1. Push the branch to the remote:
    bash
    git push origin <branch-name> -u
  2. Create the PR. Using the GitHub CLI as an example:
    bash
    gh pr create --title "<title>" --body "<body>" --base main
    Adapt to your project's version control platform if not using GitHub.
  3. If the PR template includes labels, add appropriate labels.
  1. 将分支推送到远程仓库:
    bash
    git push origin <branch-name> -u
  2. 创建PR。以GitHub CLI为例:
    bash
    gh pr create --title "<title>" --body "<body>" --base main
    如果项目使用的不是GitHub,适配相应的版本控制平台命令。
  3. 如果PR模板包含标签,添加合适的标签。

Step 6: Monitor CI Pipeline

步骤6:监控CI流水线

After creating the PR, watch the CI pipeline until it completes:
  1. Check for the latest CI run on the branch.
  2. Monitor the run until it finishes. Using GitHub CLI as an example:
    bash
    gh run list --branch <branch-name> --limit 1 --json databaseId,status
gh run watch <run-id> --exit-status
  3. If CI fails, fetch the failed job logs and diagnose:
    • Formatting failures: Auto-fix with the formatter, commit, push, and re-watch. No checkpoint needed.
    • All other failures: CHECKPOINT — present the diagnosis and proposed fix to the user. Wait for approval before committing. After approval, fix, commit, push, and re-watch.
  4. If CI passes: proceed to Step 7.
创建PR后,监控CI流水线直到完成:
  1. 检查该分支上的最新CI运行情况。
  2. 监控运行直到完成。以GitHub CLI为例:
    bash
    gh run list --branch <branch-name> --limit 1 --json databaseId,status
gh run watch <run-id> --exit-status
  3. 如果CI 失败,获取失败作业的日志并诊断:
    • 格式错误:使用格式化工具自动修复,提交、推送并重新监控。无需检查点。
    • 所有其他失败CHECKPOINT——向用户展示诊断结果和建议的修复方案。等待批准后再提交。获得批准后,修复问题、提交、推送并重新监控。
  4. 如果CI 通过:继续执行步骤7。

Step 7: Post-PR Summary

步骤7:PR提交后总结

Present to the user:
  • PR URL (clickable link)
  • Summary of what was submitted
  • CI status (all checks passing)
  • Changelog entry (if generated)
  • Reminder about branch lifecycle: delete branch after merge
If the Deployment Council was activated, remind the user of any deployment-specific steps that need to happen after merge.
[!TIP] Workflow complete. The PR is submitted and CI is green. After the PR is merged and the branch is deleted, the feature lifecycle is done.
Pipeline: 
/plan-feature
/build-feature
or 
/build-api
/review-code
/submit-pr
 (you are here)
If the user wants to start the next feature, suggest: "Run 
/plan-feature
to begin planning the next feature."
向用户展示:
  • PR链接(可点击)
  • 提交内容摘要
  • CI状态(所有检查通过)
  • 变更日志条目(如果已生成)
  • 分支生命周期提醒:合并后删除分支
如果激活了部署评审委员会,提醒用户合并后需要执行的任何部署相关步骤。
[!TIP] 工作流完成。PR已提交且CI检查通过。PR合并并删除分支后,功能生命周期即结束。
流水线
/plan-feature
/build-feature
/build-api
/review-code
/submit-pr
(当前步骤)
如果用户想要开始下一个功能,建议:"运行
/plan-feature
开始规划下一个功能。"