PRs generated by workflows don't trigger run of build workflow #2196
Assignees
Labels
topic: infrastructure
Related to project infrastructure
type: imperfection
Perceived defect in any part of project
Comments
per1234
added
topic: infrastructure
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the problem
Some of the GitHub Actions workflows used by the repository generate pull requests to propose automatically generated changes to the contents of the repository:
The repository also has an "Arduino IDE" workflow that normally performs the following operations for PRs that modify relevant files:
🐛 This important workflow is not triggered by the pull requests generated by other workflows due to a safety measure put in place by GitHub in order to prevent infinitely recursive loops:
https://github.com/peter-evans/create-pull-request#action-inputs
i18n-weekly-pull
An example of harm done by the lack of an "Arduino IDE" workflow run for the PR generated by the i18n-weekly-pull:
#2195
The breakage introduced by the PR generated by the "i18n-weekly-pull" workflow run (#2031) was only noticed after merging. If the "Arduino IDE" workflow had been triggered by the PR, this breakage would have been identified in advance and could have been resolved as part of that PR prior to merging at the convenience of the project maintainers.
themes-weekly-pull
The "themes-weekly-pull" workflow allow to updated the colors variable used by our themes, pulling tokens from a json that is generated in figma by designers and then converting in css variables.
In addition to the usual validation utility of the "Arduino IDE" workflow run, the resulting tester build is especially needed for the PRs generated by this workflow in order to allow the designers to review the changes before merging.
To reproduce
Open the page of any of the PRs with one of the following titles:
https://github.com/arduino/arduino-ide/pulls?q=author%3Aapp%2Fgithub-actions
Select the "Checks" tab of the PR page.
🐛 There is no run for the "Arduino IDE" workflow.
Expected behavior
The "Arduino IDE" workflow is triggered for all PRs that modify relevant files, including the PRs generated by the "i18n-weekly-pull" and "themes-weekly-pull" workflows.
Arduino IDE version
e5b5b2a
Operating system
N/A
Operating system version
N/A
Additional context
This can be done by providing a personal access token via the
tokeninput of thepeter-evans/create-pull-requestaction step of the workflow:https://github.com/peter-evans/create-pull-request#action-inputs
This personal access token must be stored in an encrypted secret in the repository. Since the workflows that generate the PR are submitted from a branch of the repository, the lack of access to encrypted secrets for workflow runs triggered by a PR from a fork is not a factor in this application.
Since the personal access token is bind to a specific user, and grants permission to all the repo this user has access, the usual workaround is to use a bot account with restricted permissions in order to have control on the access that token provides:
https://docs.github.com/en/developers/overview/managing-deploy-keys#machine-users
In our case we already have a machine account that might be used for this purpose: https://github.com/ArduinoBot.
It looks like there is now an alternative to the ArduinoBot token repository secret approach described above. It is due to this change to GitHub Actions:
https://github.blog/changelog/2022-09-08-github-actions-use-github_token-with-workflow_dispatch-and-repository_dispatch/
It should now be possible to add a step to the "themes-weekly-pull" workflow that generates a
workflow_dispatchorrepository_dispatchevent to trigger the "Arduino IDE" workflow to run on thethemes/themes-updatebranch that contains the pulled theme changes.There is an example of doing that in the GitHub Changelog blog post linked above.
Issue checklist
The text was updated successfully, but these errors were encountered: