Run checks in automatic update PRs #357

New issue

Closed

opened 2024-11-14 17:13:48 +00:00 by fricklerhandwerk · 0 comments

fricklerhandwerk commented 2024-11-14 17:13:48 +00:00 (Migrated from github.com)

Copy link

Technically the checks did run, the run is this one, but the run isn't linked to this PR so the checks aren't visible in the UI.

This happens for two reasons:

1. The checks are triggered by this action, which is a workflow_dispatch and workflow dispatches are considered a "manual run", so they don't update PR information. Only ["pull_request", "pull_request_review", "pull_request_review_comment", "pull_request_target", "push"] actions can link and update an action run to a PR.
2. The reason checks aren't triggered by default is this issue. The tl;dr is that GitHub doesn't allow (most) actions to create further actions when using the default GITHUB_TOKEN. There are various workarounds we can use, I think going with the last one (GH App token) makes the most sense in our case.

Originally posted by @Erethon in https://github.com/Nix-Security-WG/nix-security-tracker/issues/329#issuecomment-2475091601

Technically the checks did run, the run is [this one](https://github.com/Nix-Security-WG/nix-security-tracker/actions/runs/11770106263), but the run isn't linked to this PR so the checks aren't visible in the UI. This happens for two reasons: 1) The checks are triggered by [this action](https://github.com/Nix-Security-WG/nix-security-tracker/blob/ac87590ad80d8c2c925564cd57bde6f119ca4708/.github/workflows/bump.yaml#L34-L42), which is a `workflow_dispatch` and workflow dispatches are considered a "manual run", so they don't update PR information. Only `["pull_request", "pull_request_review", "pull_request_review_comment", "pull_request_target", "push"]` actions can link and update an action run to a PR. 2) The reason checks aren't triggered by default is [this issue](https://github.com/peter-evans/create-pull-request/issues/48). The tl;dr is that GitHub doesn't allow (most) actions to create further actions when using the default `GITHUB_TOKEN`. There are [various workarounds](https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs) we can use, I think going with the last one (GH App token) makes the most sense in our case. _Originally posted by @Erethon in https://github.com/Nix-Security-WG/nix-security-tracker/issues/329#issuecomment-2475091601_

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

npins-auto-update

No results found.

Labels

Clear labels   

automation

  

backend

something the web server needs to provide the frontend with

  

bug

Something isn't working

  

contributor experience

  

data

something about quality or quantity of ingested data

  

deployment

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

nice to have

Nice to have, but not necessary for the time being

  

notifications

  

package maintainer

user story for package maintainers

  

performance

  

skin

Anything related to the visual presentation

  

tech debt

Activities that reduce tech debt

  

user story

description or implementation of a workflow

No labels

automation

backend

bug

contributor experience

data

deployment

documentation

duplicate

good first issue

help wanted

nice to have

notifications

package maintainer

performance

skin

tech debt

user story

Milestone

Clear milestone

No items

No milestone

1 Quick triaging

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lix-community/nix-security-tracker#357

No description provided.