From 92ae90aca2f1303a8dfdde77ae94f06bcf0acbd4 Mon Sep 17 00:00:00 2001 From: David Robertson Date: Mon, 3 Oct 2022 19:29:53 +0100 Subject: [PATCH] Dependabot changelog: don't require a changelog in lints --- .github/workflows/dependabot_changelog.yml | 21 ++++++--------------- .github/workflows/tests.yml | 2 +- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/.github/workflows/dependabot_changelog.yml b/.github/workflows/dependabot_changelog.yml index 9294c87a16..b6a29a5722 100644 --- a/.github/workflows/dependabot_changelog.yml +++ b/.github/workflows/dependabot_changelog.yml @@ -10,9 +10,6 @@ permissions: # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request # for a similar example contents: write - # We need `actions-write` in order to create a `workflow_dispatch` event. See - # https://docs.github.com/en/rest/actions/workflows#create-a-workflow-dispatch-event - actions: write jobs: add-changelog: @@ -31,7 +28,7 @@ jobs: git commit -m "Changelog" git push shell: bash - # We have to explicitly start CI. + # The `git push` above does not trigger CI on the dependabot PR. # # By default, workflows can't trigger other workflows when they're just using the # default `GITHUB_TOKEN` access token. (This is intended to stop you from writing @@ -40,16 +37,10 @@ jobs: # make your changes (i.e. the `git push` above) using a personal access token. # See # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow - - name: Trigger CI - # Note: we use $GITHUB_REF here to run PR against the merge of this change with - # develop; use github.event.pull_request.head.ref above to commit to the PR - # branch. - run: | - gh workflow run "tests.yml" --ref "${{ github.event.pull_request.head.ref }}" - gh workflow run "release-artifacts.yml" --ref "${{ github.event.pull_request.head.ref }}" - shell: bash - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # + # I have tried and failed to find a way to trigger CI on the "merge ref" of the PR. + # See git commit history for previous attempts. If anyone desperately wants to try + # again in the future, make a matrix-bot account and use its access token to git push. - # THIS WORKFLOW HAS VARIOUS WRITE PERMISSIONS---do not add other jobs here unless they + # THIS WORKFLOW HAS WRITE PERMISSIONS---do not add other jobs here unless they # are sufficiently locked down to dependabot only as above. diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 0aa5894a10..94eb58b59d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -60,7 +60,7 @@ jobs: run: scripts-dev/check_line_terminators.sh lint-newsfile: - if: ${{ github.base_ref == 'develop' || contains(github.base_ref, 'release-') }} + if: ${{ (github.base_ref == 'develop' || contains(github.base_ref, 'release-')) && github.actor != 'dependabot[bot]' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v3