From 2d5ce8c087509b86c8c692e48a84bdc237206241 Mon Sep 17 00:00:00 2001 From: David Robertson Date: Mon, 3 Oct 2022 17:16:45 +0100 Subject: [PATCH] Dependabot changelogs: trigger CI explicitly (#14027) * Dependabot changelogs: trigger CI explicitly * Changelog * Use merge ref, not head ref ref ref ref ref ref * explanatory note --- .github/workflows/dependabot_changelog.yml | 23 ++++++++++++++++++---- .github/workflows/release-artifacts.yml | 1 + .github/workflows/tests.yml | 1 + changelog.d/14027.misc | 1 + 4 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 changelog.d/14027.misc diff --git a/.github/workflows/dependabot_changelog.yml b/.github/workflows/dependabot_changelog.yml index 0c05e674e..05bb30e6a 100644 --- a/.github/workflows/dependabot_changelog.yml +++ b/.github/workflows/dependabot_changelog.yml @@ -3,16 +3,13 @@ on: pull_request: types: - opened - - reopened + - reopened # For debugging! permissions: # Needed to be able to push the commit. See # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request # for a similar example contents: write - # The pull_requests "synchronize" event doesn't seem to fire with just `contents: write`, so - # CI doesn't run with the new changelog. Maybe `pull_requests: write` will fix this? - pull-requests: write jobs: add-changelog: @@ -31,5 +28,23 @@ jobs: git commit -m "Changelog" git push shell: bash + # We have to explicitly start CI. + # + # By default, workflows can't trigger other workflows when they're just using the + # default `GITHUB_TOKEN` access token. (This is intended to stop you from writing + # recursive workflow loops by accident, because that'll get very expensive very + # quickly.) Instead, you have to manually call out to another workflow, or else + # make your changes (i.e. the `git push` above) using a personal access token. + # See + # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow + - name: Trigger CI + # Note: we use $GITHUB_REF here to run PR against the merge of this change with + # develop; use github.event.pull_request.head.ref above to commit to the PR + # branch. + run: | + gh workflow run "tests.yml" --ref "$GITHUB_REF" + gh workflow run "release-artifacts.yml" --ref "$GITHUB_REF" + shell: bash + # THIS WORKFLOW HAS VARIOUS WRITE PERMISSIONS---do not add other jobs here unless they # are sufficiently locked down to dependabot only as above. diff --git a/.github/workflows/release-artifacts.yml b/.github/workflows/release-artifacts.yml index fd3f9725f..1e61200fd 100644 --- a/.github/workflows/release-artifacts.yml +++ b/.github/workflows/release-artifacts.yml @@ -11,6 +11,7 @@ on: # we do the full build on tags. tags: ["v*"] + workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 5ae3a50ab..a2df2e8bd 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -4,6 +4,7 @@ on: push: branches: ["develop", "release-*"] pull_request: + workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/changelog.d/14027.misc b/changelog.d/14027.misc new file mode 100644 index 000000000..7d793b56e --- /dev/null +++ b/changelog.d/14027.misc @@ -0,0 +1 @@ +Prototype a workflow to automatically add changelogs to dependabot PRs.