-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Github CI does not run upon Github, rebase
action
#11134
Comments
on it. |
@nmancus1 @romani @strkkk The reason rebase is not triggering new workflows is due to the fact that it uses default checkstyle/.github/workflows/rebase.yml Lines 40 to 41 in 6e47445
Related documentation- https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token The workaround github suggests uses PAT but PAT stays forever so I found a workaround that involves-
steps:
- uses: actions/checkout@v2
- uses: tibdex/github-app-token@v1
id: generate-token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# Make changes to pull request here
- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
with:
token: ${{ steps.generate-token.outputs.token }} source Edit- There will be a difference, action won't be completed by the Github action bot but by the GitHub app you made for the repo, and that GitHub app will run on behalf of the user who created it, in the PR above mentioned you can see it ran on my behalf. |
@Vyom-Yadav thanks for investigating and making detailed example. Is it possible to use Github workflow API to run other workflows (Github CI tasks) from |
@nmancus1 Intrigued by your suggestion to use workflow API to run workflows I gave it a shot in my https://github.com/Vyom-Yadav/actions-test repo. I was expecting it to fail with the
- name: Manually trigger another workflow
run: |
curl \
-X POST \
-H "Authorization: token $token" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/Vyom-Yadav/actions-test/actions/workflows/action1.yml/dispatches \
-d '{"ref":"testingRestApi"}'
env:
token: ${{ secrets.GITHUB_TOKEN }} won't work with env:
token: ${{ secrets.PAT }} for the workflow to be triggered.
Github currently doesn't support manually triggered workflows to appear in checks tab. You will find a difference between
So now only solution in my opinion is to use PAT or a Github App. If you do not want to use either of them just close and reopen the PR after rebase, the checks will run again, which is not recommended. |
@nrmancuso @Vyom-Yadav Do we have a way forward to make this work again? https://github.com/checkstyle/checkstyle/actions/runs/3325206341/jobs/5497637360
|
From CI
There are no error message that we expect. |
We already use PAT a lot. Let's use to let benefit from this action. @stoyanK7 , can we reuse your master experience in actions to make our rebase work again? |
Can you first check this out? It came out in Feb 2022. https://github.blog/changelog/2022-02-03-more-ways-to-keep-your-pull-request-branch-up-to-date/ Reading the documentation on it, I understand that
If the above proposal is not what you are looking for, the only thing that needs to be done is to switch from From what I've seen before, I suppose checkstyle/.github/workflows/rebase.yml Lines 15 to 17 in fd31119
|
@nrmancuso , what is your opinion on this ? |
It is rare that we use origin branch for PRs, so this isn’t really an option. I think we should create some service user, and create PAT from there with exact permissions. However, we still assume some risk on the checkstyle side if someone was able to get the PAT. I could think of a few ways to do this, but I won’t enumerate them here. The question becomes: is this GitHub action worth having a token with write access compromised? |
Based on https://github.blog/changelog/2022-02-03-more-ways-to-keep-your-pull-request-branch-up-to-date/ I activated at https://github.com/checkstyle/checkstyle/settings
And it works @stoyanK7 , thanks a lot !!! |
Action is removed |
After PRs are rebased with
Github, rebase
, all other CI runs except for Github CI.Example from #10999:
Another example, from #11112:
Click to see tasks that ran in each PR
In each, a total of 32 checks ran.
Expected behavior of CI:
Example:
Note there is a total of 62 checks normally.
Click to see tasks that ran in PR with no rebase action
The text was updated successfully, but these errors were encountered: