PRs created don't trigger other actions #48
Comments
|
This is a deliberate limitation imposed by GitHub Actions that an action cannot trigger other workflows. From the documentation:
https://help.github.com/en/articles/events-that-trigger-workflows#example-using-more-than-one-event I'm not sure if there are any work arounds. I guess you would need another event to trigger the additional workflow. |
|
I've found a work around. It looks like GitHub are determining that API calls are coming from actions by checking the authentication token. If you use a Create a Use that secret in your workflow and assign it to the environment variable There is a downside to this method. The PR is no longer created by the
|
|
I contacted GitHub about this issue and their response confirms that using a personal token as I outlined above is the correct approach. From GitHub Support:
|
|
Ah what a pain. Resorting to a token that applies to every repository of the user without being able to scope specifically to the desired repository is quite the security concern. (My complaints are to GitHub, not this repo BUT SOMEONE MUST HEAR ME AS I SHOUT POWERLESS INTO THE VOID!! 😅) |
|
Hey all, check it out... another possible workaround is to use an pascalgn/automerge-action#37 (comment) Here's my (sample/testing 😁) configuration: Not as elegant as a direct trigger, but certainly better than having to resort to a Personal Access Token. Thought I'd share. 👍 |
Default Github token does not trigger CI when bot creates a new PR. See <peter-evans/create-pull-request#48> for more details.
|
There is a massive drawback to using this token, if a repository owner uses a personal token they will not be able to request changes nor approve a PR. This is due to the fact that the PR will be created by the owner. |
|
Thanks to @proudust for bringing it to my attention, an alternative to using a PAT is SSH Deploy keys that can be set per repository. See the documentation here for how to use Deploy keys with create-pull-request action. Note that this method will only trigger |
|
Using deploy keys is now even easier because |
|
Sorry if this has been explained - do I understand correctly that if the repository needs to have workflows triggered on |
|
@brockfanning There are actually a number of different workarounds now with various pros and cons. I've summarised them and updated the documentation here. |
Currently, PRs filed by the automation does not run CI. This requires some leap of faith in order to merge them. As per peter-evans/create-pull-request#48 and https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens using a github app token should make the trick. Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
**Context:**
There are many difficulties with dependency management, and this PR
tries to address two of them:
- reproducible versions of PL+deps from a past version
- ability to view which deps have been auto-updated (eg. a new version
of an unbound dep is released) and when
**Description of the Change:**
- Factor out the python environment setup to its own file. All default
package versions are here now
- Update `interface-unit-tests` to trigger the upload of `pip freeze`
results as artifacts for later use. happens in the `core`, `jax`, `tf`,
`torch`, `all-interfaces` and `external` test suites today (ensured that
it only occurs on one worker using `strategy.job-index`)
- Add the `upload-stable-deps` workflow to run after tests complete. The
action only runs on merge commits to master, so users shouldn't see it.
This is the real new feature, and here's how it works:
1. create the branch `bot/stable-deps-update` (or rebases it on master
if it already existed)
2. delete the existing requirement files in `.github/stable/` to avoid
merge conflicts
3. download the previously-uploaded requirement files generated in this
flow to that same folder and check if there's a diff
4. if no diff, do nothing!
5. if there's a diff and no PR exists, it opens one and tags me (and
hopefully the team because of CODEOWNERS)
6. if there's a diff and a PR already exists, it just pushes to the
existing PR branch (confirmed this is the case despite the open-pr step
running - it just does nothing in that case)
**Benefits:**
Helps with both difficulties mentioned in the context section above
**Possible Drawbacks:**
- the team will have to review this PR (if it becomes too noisy, we can
turn this into a cronjob)
- commits made by bots (eg. actions that use `${{ secrets.GITHUB_TOKEN
}}`) will not trigger CI, so the automated PRs need to have it triggered
manually. A hack to fix this is proposed
[here](peter-evans/create-pull-request#48 (comment))
if we want to consider that, but this is a feature of GitHub (not a
bug), intended to avoid infinite CI loops
I will do something similar for the docs builds after this PR is merged,
it's complex enough for now.
[sc-56376]
**Context:**
There are many difficulties with dependency management, and this PR
tries to address two of them:
- reproducible versions of PL+deps from a past version
- ability to view which deps have been auto-updated (eg. a new version
of an unbound dep is released) and when
**Description of the Change:**
- Factor out the python environment setup to its own file. All default
package versions are here now
- Update `interface-unit-tests` to trigger the upload of `pip freeze`
results as artifacts for later use. happens in the `core`, `jax`, `tf`,
`torch`, `all-interfaces` and `external` test suites today (ensured that
it only occurs on one worker using `strategy.job-index`)
- Add the `upload-stable-deps` workflow to run after tests complete. The
action only runs on merge commits to master, so users shouldn't see it.
This is the real new feature, and here's how it works:
1. create the branch `bot/stable-deps-update` (or rebases it on master
if it already existed)
2. delete the existing requirement files in `.github/stable/` to avoid
merge conflicts
3. download the previously-uploaded requirement files generated in this
flow to that same folder and check if there's a diff
4. if no diff, do nothing!
5. if there's a diff and no PR exists, it opens one and tags me (and
hopefully the team because of CODEOWNERS)
6. if there's a diff and a PR already exists, it just pushes to the
existing PR branch (confirmed this is the case despite the open-pr step
running - it just does nothing in that case)
**Benefits:**
Helps with both difficulties mentioned in the context section above
**Possible Drawbacks:**
- the team will have to review this PR (if it becomes too noisy, we can
turn this into a cronjob)
- commits made by bots (eg. actions that use `${{ secrets.GITHUB_TOKEN
}}`) will not trigger CI, so the automated PRs need to have it triggered
manually. A hack to fix this is proposed
[here](peter-evans/create-pull-request#48 (comment))
if we want to consider that, but this is a feature of GitHub (not a
bug), intended to avoid infinite CI loops
I will do something similar for the docs builds after this PR is merged,
it's complex enough for now.
[sc-56376]
It seems that any PRs that get created by this action will not trigger any actions waiting on a pull request event, which means that you can have any required status checks.
Any ideas for how to get around this?
The text was updated successfully, but these errors were encountered: