The checks are triggered by this action, which is a workflow_dispatch and workflow dispatches are considered a "manual run", so they don't update PR information. Only ["pull_request", "pull_request_review", "pull_request_review_comment", "pull_request_target", "push"] actions can link and update an action run to a PR.
The reason checks aren't triggered by default is this issue. The tl;dr is that GitHub doesn't allow (most) actions to create further actions when using the default GITHUB_TOKEN. There are various workarounds we can use, I think going with the last one (GH App token) makes the most sense in our case.

> @RaitoBezarius it still doesn't fire the checks.... Technically the checks did run, the run is [this one](https://github.com/Nix-Security-WG/nix-security-tracker/actions/runs/11770106263), but the run isn't linked to this PR so the checks aren't visible in the UI. This happens for two reasons: 1) The checks are triggered by [this action](https://github.com/Nix-Security-WG/nix-security-tracker/blob/ac87590ad80d8c2c925564cd57bde6f119ca4708/.github/workflows/bump.yaml#L34-L42), which is a `workflow_dispatch` and workflow dispatches are considered a "manual run", so they don't update PR information. Only `["pull_request", "pull_request_review", "pull_request_review_comment", "pull_request_target", "push"]` actions can link and update an action run to a PR. 2) The reason checks aren't triggered by default is [this issue](https://github.com/peter-evans/create-pull-request/issues/48). The tl;dr is that GitHub doesn't allow (most) actions to create further actions when using the default `GITHUB_TOKEN`. There are [various workarounds](https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs) we can use, I think going with the last one (GH App token) makes the most sense in our case.

fricklerhandwerk commented

2024-11-14 17:14:20 +00:00

(Migrated from github.com)

Created https://github.com/Nix-Security-WG/nix-security-tracker/issues/357 to follow up