Automate merge Dependabot PRs for tests #416
Conversation
.github/dependabot-auto-merge.yml
Outdated
| PR_URL: ${{github.event.pull_request.html_url}} | ||
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | ||
| - name: Enable auto-merge for Dependabot PRs | ||
| if: ${{contains(steps.dependabot-metadata.outputs.directory, '/test')}} |
There was a problem hiding this comment.
I think it would be better to have this condition on the approve step? Enabling auto-merge doesn't automatically merge the PR until it's approved.
There was a problem hiding this comment.
Added condition to Approve PR as well.
| run: gh pr merge --auto --merge "$PR_URL" | ||
| env: | ||
| PR_URL: ${{github.event.pull_request.html_url}} | ||
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} |
There was a problem hiding this comment.
IIRC if we use GITHUB_TOKEN it will not trigger the pipeline after merge.
There was a problem hiding this comment.
I used official docs for this https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
I have less expirience with Github actions, so no idea if it works.
Expecting on next dependabot schedule it show errors.
There was a problem hiding this comment.
Sorry took me a while to find the doc 🙂 https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.
we need to use a PAT to keep the same behavior, meaning a PR from dependabot merged to master will trigger a pipeline run
There was a problem hiding this comment.
Pls correct me if I understand correctly.
The problem, not with merging, but it would not trigger anything on new commits in master branch. In other words, it would ignore checks.
Is that sound right?
There was a problem hiding this comment.
I think it should be fine.
Because there is a linear history changes required,
I would assume the checks should not be run twice for the same commit.
Also those changes probably would not require for us to update docker images or other stuff.
There was a problem hiding this comment.
The problem, not with merging, but it would not trigger anything on new commits in master branch. In other words, it would ignore checks.
Yep that's right it will not trigger the pipeline on the new commit
There was a problem hiding this comment.
In the end, because I switched to Autosquash, it actually triggers a new checks for merged commits and it seems it works separatly from Github Actions.
|
We should also enable some checks, on the required jobs, I think without them it won't wait for the workflows to run |
Yep. There is enabled option for protected branch for checks required. |
|
@lucacome What do you think if I merge, and we will if it works? |
|
it was funny experiments and learning for me.
Learning part:
|
Introduce automate merge dependabot PRs.
References:
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request