Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependabot labeled PRs do not add to project #518

Open
gkwan-ibm opened this issue Mar 5, 2024 · 6 comments
Open

dependabot labeled PRs do not add to project #518

gkwan-ibm opened this issue Mar 5, 2024 · 6 comments

Comments

@gkwan-ibm
Copy link

I created a action:

name: Add PRs to Dependabot PRs dashboard

on:
  pull_request:
    types:
      - labeled

jobs:
  add-to-project:
    name: Add PR to dashboard
    runs-on: ubuntu-latest
    steps:
      - uses: actions/add-to-project@v0.5.0
        with:
          project-url: https://github.com/orgs/...
          github-token: ${{ secrets.ADMIN_BACKLOG }}
          labeled: dependencies

This action works to add the PR to the project if I manually add the dependencies label.
But, the dependabot created PRs (the Bump PRs) do not automatically add to the project.
@gkwan-ibm
Copy link
Author

Seems to be this reason.

Error: Input required and not supplied: github-token

@gkwan-ibm
Copy link
Author

The dependabot creates branch and PR in the repo, not from a fork, why the above action does not work?

@gkwan-ibm gkwan-ibm changed the title dependabot labeled PRs do not add to the project dependabot labeled PRs do not add to project Mar 5, 2024
@surchs
Copy link

surchs commented Mar 19, 2024

from the docs: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow

When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.

So if you want to respond to events that are triggered by bots you have two options:

@gkwan-ibm
Copy link
Author

The token I used is my personal token. Again, manually label PR works fine.

The question is "Why the dependabot labeled PRs (the Bump PRs) does not work?"

@surchs
Copy link

surchs commented Mar 19, 2024
edited

The token I used is my personal token

ah, my bad

Why the dependabot labeled PRs (the Bump PRs) does not work?

you cannot have a bot apply a label and then have the https://docs.github.com/en/webhooks/webhook-events-and-payloads?actionType=labeled#pull_request event trigger another workflow. So likely your issue is that the label is applied by dependabot. Our workaround is as I mentioned to have a cron job do this: https://github.com/neurobagel/planning/blob/3790a983b3c6aacf7eaabef05895b68cd200b99a/.github/workflows/global_move_bot_pr_to_board.yml

@gkwan-ibm
Copy link
Author

How's about opened? I tried it and also not work. Same reason?

on:
  pull_request:
    types:
      - opened

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@surchs @gkwan-ibm