Skip to content

Commit 7085643

Browse files
committed
fix(ci): fix workflow failures for Dependabot PRs
- on_new_pr.yml: add checkout step before local composite action usage in enable-auto-merge and auto_approve_dependabot jobs; pull_request_target runs with an empty workspace so local actions are unresolvable without an explicit checkout - pr-lint.yml: skip SOURCE_PUSH_TOKEN check for dependabot[bot] actor and fall back to github.token for super-linter so lint-code passes on Dependabot PRs where Actions secrets are unavailable - build-and-publish-pre-release.yml: skip build-pre-release job for dependabot/* branches; Dependabot pushes run in a restricted secret context where SOURCE_PUSH_TOKEN is unavailable, causing the required check to fail - pr-code-review-and-approve.yml: fall back to github.token when SOURCE_PUSH_TOKEN is not set so the Copilot review request does not error on missing required input Prompt: Work on pull request #615 in credfeto/scripts. Fix CI failures for Dependabot PRs.
1 parent 3875162 commit 7085643

4 files changed

Lines changed: 18 additions & 3 deletions

File tree

.github/workflows/build-and-publish-pre-release.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ permissions:
1919

2020
jobs:
2121
build-pre-release:
22+
if: "!startsWith(github.ref, 'refs/heads/dependabot/')"
2223

2324
runs-on: ubuntu-latest
2425

.github/workflows/on_new_pr.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,13 @@ jobs:
2727
# Specifically check that dependabot (or another trusted party) created this pull-request, and that it has been labelled correctly.
2828
if: contains(github.event.pull_request.labels.*.name, 'dependencies')
2929
steps:
30+
- name: "Checkout Source"
31+
uses: actions/checkout@v6.0.3
32+
with:
33+
clean: true
34+
fetch-depth: 1
35+
ref: ${{github.event.pull_request.base.sha}}
36+
3037
- name: "Auto Merge"
3138
uses: ./.github/actions/enable-automerge
3239
with:
@@ -42,6 +49,13 @@ jobs:
4249

4350
if: contains(github.event.pull_request.labels.*.name, 'dependencies')
4451
steps:
52+
- name: "Checkout Source"
53+
uses: actions/checkout@v6.0.3
54+
with:
55+
clean: true
56+
fetch-depth: 1
57+
ref: ${{github.event.pull_request.base.sha}}
58+
4559
- name: "Auto Approve"
4660
uses: ./.github/actions/approve-pr
4761
with:

.github/workflows/pr-code-review-and-approve.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,12 +37,11 @@ jobs:
3737
- name: "Request Copilot code review"
3838
uses: actions/github-script@v9.0.0
3939
with:
40-
github-token: ${{ secrets.SOURCE_PUSH_TOKEN }}
40+
github-token: ${{ secrets.SOURCE_PUSH_TOKEN || github.token }}
4141
script: |
4242
await github.rest.pulls.requestReviewers({
4343
owner: context.repo.owner,
4444
repo: context.repo.repo,
4545
pull_number: context.payload.pull_request.number,
4646
reviewers: ['copilot']
4747
});
48-

.github/workflows/pr-lint.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -413,6 +413,7 @@ jobs:
413413
fetch-depth: 0
414414

415415
- name: "Check Required Secrets"
416+
if: github.actor != 'dependabot[bot]'
416417
shell: bash
417418
run: |
418419
if [ -z "${{secrets.SOURCE_PUSH_TOKEN}}" ]; then
@@ -424,7 +425,7 @@ jobs:
424425
uses: super-linter/super-linter@v8.6.0
425426
env:
426427
DEFAULT_BRANCH: main
427-
GITHUB_TOKEN: ${{secrets.SOURCE_PUSH_TOKEN}}
428+
GITHUB_TOKEN: ${{secrets.SOURCE_PUSH_TOKEN || github.token}}
428429
GITHUB_ACTIONS_CONFIG_FILE: actionlint.yaml
429430
ENABLE_GITHUB_ACTIONS_STEP_SUMMARY: true
430431
SAVE_SUPER_LINTER_SUMMARY: true

0 commit comments

Comments
 (0)