Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: document how to use approve-only with GitHub's automerge #10

Merged
merged 1 commit into from
Mar 4, 2021
Merged

docs: document how to use approve-only with GitHub's automerge #10

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
33 changes: 25 additions & 8 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ This action automatically approves and merges dependabot PRs.

### `github-token`

**Required** A GitHub token.
**Required** A GitHub token. See below for additional information.

### `exclude`

Expand All @@ -26,6 +26,8 @@ _Optional_ An arbitrary message that you'd like to comment on the PR after it ge

## Example usage

### Basic example

```yml
name: CI
on: [push, pull_request]
Expand All @@ -45,13 +47,7 @@ jobs:
github-token: ${{secrets.GITHUB_TOKEN}}
```

**Note**

- The GitHub token is automatically provided by Github Actions, which we access using `secrets.GITHUB_TOKEN` and supply to the action as an input `github-token`.
- This action must be used in the context of a Pull Request. If the workflow can be triggered by other events (e.g. push), make sure to include `github.event_name == 'pull_request'` in the action conditions, as shown in the example.
- Make sure to use `needs: <jobs>` to delay the auto-merging until CI checks (test/build) are passed.

## With `exclude`
### With `exclude`

```yml
steps:
Expand All @@ -61,3 +57,24 @@ steps:
github-token: ${{secrets.github_token}}
exclude: ['react']
```

## Notes

- A GitHub token is automatically provided by Github Actions, which can be accessed using `secrets.GITHUB_TOKEN` and supplied to the action as an input `github-token`.
- Only the [GitHub native Dependabot integration](https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically) is supported, the old [Dependabot Preview app](https://github.com/marketplace/dependabot-preview) isn't.
- This action must be used in the context of a Pull Request. If the workflow can be triggered by other events (e.g. push), make sure to include `github.event_name == 'pull_request'` in the action conditions, as shown in the example.
- Make sure to use `needs: <jobs>` to delay the auto-merging until CI checks (test/build) are passed.
- If you want to use GitHub's [auto-merge](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/automatically-merging-a-pull-request) feature but still use this action to approve Pull Requests without merging, use `approve-only: true`.

## Limitations

One known limitation of using a GitHub action with the built-in GitHub Token to automatically merge Pull Requests is that the result of the merge will not trigger a workflow run.

What this means in practice is that after this action merges a Pull Request, no workflows are run on the commit made to the target branch.

This is a known behavior described in the [documentation](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token) which prevents triggering of recursive workflow runs.

Alternative options are:

- use a personal access token, as described in the documentation
- use this action only for approving and using GitHub's auto-merge to merge Pull Requests