From 00fb6900cb9613de0dcf65f046bc6cb1e2e593b9 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 9 Mar 2022 04:38:41 +0100 Subject: [PATCH] docs: Document how to improve close-and-reopen user experience (#1084) --- docs/concepts-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts-guidelines.md b/docs/concepts-guidelines.md index cf074d9da..b3a8fb127 100644 --- a/docs/concepts-guidelines.md +++ b/docs/concepts-guidelines.md @@ -144,7 +144,7 @@ Pull requests created by the action using the default `GITHUB_TOKEN` cannot trig There are a number of workarounds with different pros and cons. -- Use the default `GITHUB_TOKEN` and allow the action to create pull requests that have no checks enabled. Manually close pull requests and immediately reopen them. This will enable `on: pull_request` workflows to run and be added as checks. +- Use the default `GITHUB_TOKEN` and allow the action to create pull requests that have no checks enabled. Manually close pull requests and immediately reopen them. This will enable `on: pull_request` workflows to run and be added as checks. (Adding `draft: true` and a note about a close-and-reopen cycle to the message in `body` may help prevent human merges of pull requests where needed workflows have not yet been run.) - Use a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) created on an account that has write access to the repository that pull requests are being created in. This is the standard workaround and [recommended by GitHub](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token). However, the PAT cannot be scoped to a specific repository so the token becomes a very sensitive secret. If this is a concern, the PAT can instead be created for a dedicated [machine account](https://docs.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements) that has collaborator access to the repository. Also note that because the account that owns the PAT will be the creator of pull requests, that user account will be unable to perform actions such as request changes or approve the pull request.