Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GH Actions: special case Dependabot PRs for Coveralls #490

Merged
merged 1 commit into from Jul 15, 2023
Merged

GH Actions: special case Dependabot PRs for Coveralls #490

merged 1 commit into from Jul 15, 2023

Conversation

jrfnl
Copy link
Member

@jrfnl jrfnl commented Jul 12, 2023
edited

Follow up on PR #468.

Turns out Dependabot PRs do not have access to secrets with the exception of (read-only) access to the GITHUB_TOKEN.

As the coverage test runs and the Coveralls status are required builds, this blocks Dependabot PRs from being merged without overruling the required statuses.

As I'd like to avoid that situation, I'm special casing Dependabot PRs for the token selection.

Unfortunately using a condition like ${{ github.actor != 'dependabot[bot]' || secrets.COVERALLS_TOKEN && secrets.GITHUB_TOKEN }} won't work when it involves secrets, so we need to use duplicate steps to get round this.

Refs:

@jrfnl jrfnl mentioned this pull request Jul 12, 2023
Open
@jrfnl jrfnl force-pushed the feature/ghactions-use-github-token branch from 06c362c to 6c17e0c Compare July 15, 2023 11:27
@jrfnl jrfnl changed the title Revert "Coveralls: use Coveralls specific token" GH Actions: special case Dependabot PRs for Coveralls Jul 15, 2023
@jrfnl jrfnl added this to the 1.0.x Next milestone Jul 15, 2023
@jrfnl jrfnl marked this pull request as ready for review July 15, 2023 11:28
@jrfnl jrfnl force-pushed the feature/ghactions-use-github-token branch 2 times, most recently from 58628e5 to 33bfb26 Compare July 15, 2023 11:42
@jrfnl
GH Actions: special case Dependabot PRs for Coveralls
5c56087 
Follow up on PR 468.

Turns out Dependabot PRs do not have access to secrets with the exception of (read-only) access to the `GITHUB_TOKEN`.

As the coverage test runs and the Coveralls status are required builds, this blocks Dependabot PRs from being merged without overruling the required statuses.

As I'd like to avoid that situation, I'm special casing Dependabot PRs for the token selection.

Unfortunately using a condition like `${{ github.actor != 'dependabot[bot]' || secrets.COVERALLS_TOKEN && secrets.GITHUB_TOKEN }}` won't work when it involves secrets, so we need to use duplicate steps to get round this.

Refs:
* lemurheavy/coveralls-public 1721
* https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#responding-to-events
@jrfnl jrfnl force-pushed the feature/ghactions-use-github-token branch from 33bfb26 to 5c56087 Compare July 15, 2023 11:52
@jrfnl jrfnl merged commit f009108 into develop Jul 15, 2023
51 checks passed
@jrfnl jrfnl deleted the feature/ghactions-use-github-token branch July 15, 2023 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Type: chores/QA
Projects
None yet
Milestone
1.0.8
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@jrfnl