CI configs

[mcollina]

It seems Github Actions are not currently run for each commit landed on master

[Peterabsolon]

@mcollina From what I see they are. What makes you think that's not the case?

The workflow configuration seems pretty standard:

name: CI
on: [push, pull_request]

Actions tab seems to confirm this is the case too.

Maybe you meant that they should run for each commit, not just push that may contain multiple and is run just once? From what I've gathered this isn't possible anyway - https://github.community/t/how-to-run-github-workflow-on-every-commit-of-a-push/142030

[mcollina]

There should be a green tick (or red cross) near the commit:

[Peterabsolon]

@simoneb cc @mcollina This seems to be an issue with https://github.com/fastify/github-action-merge-dependabot. @salmanm is taking a look at it.

The thing worked as it was supposed to up until this commit - a4f683c

The builds are getting triggered but somehow are not matched with what's getting merged. Or something among those lines.

[mcollina]

That might well be the case: https://github.com/fastify/fastify-nextjs has the same issue apparently.

[penx]

PRs that are auto merged by github-action-merge-dependabot are currently done so by the github-actions bot.

GitHub actions don't seem to trigger for commits that are made by the github-actions bot, I think this is by design by GitHub to avoid potential infinite loops.

I think if github-action-merge-dependabot is configured to use a github-token other than the one that is provided by Github Actions, then this should fix it.

Perhaps GitHub actions docs have some more info/workarounds for this (I haven't been able to find any, yet)

[penx]

Ah here's the docs:

When you use the repository's GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur. For more information, see "Authenticating with the GITHUB_TOKEN."

If you would like to trigger a workflow from a workflow run, you can trigger the event using a personal access token. You'll need to create a personal access token and store it as a secret. To minimize your GitHub Actions usage costs, ensure that you don't create recursive or unintended workflow runs. For more information on storing a personal access token as a secret, see "Creating and storing encrypted secrets."

https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token

[penx]

There's a thread about a very similar issue here

peter-evans/create-pull-request#48

Which links to this list of possible alternatives to a personal access token:

https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs

I think creating a GitHub app for github-action-merge-dependabot could be a good option.

[simoneb]

Good catch @penx. Do you have any idea why this worked until a certain point and then stopped working? I believe this can be seen in the history of actions executions.

[simoneb]

I think creating a GitHub app for github-action-merge-dependabot could be a good option.

unfortunately it isn't, because a github app needs to be installed and it's a lot more work

[penx]

Do you have any idea why this worked until a certain point and then stopped working?

As far as I can see here, dependabot PRs up until 10 Nov 2020 have the green tick and were being merged manually.

Dependabot auto merge was added on 10 Nov 2020, and since then there have been no green ticks next to dependabot PRs.

[penx]

Closed as won't fix after discussion with @simoneb