Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: "Fetch metadata" is skipped for "pull_request_target" #474

Closed
wants to merge 1 commit into from
Closed

fix: "Fetch metadata" is skipped for "pull_request_target" #474

wants to merge 1 commit into from

Conversation

kirillsud
Copy link

@kirillsud kirillsud commented Sep 4, 2023
edited
Loading

The step Fetch metadata is skipped for a workflow triggered by the pull_request_target. The issue was found the first time approximately on the 28th of August. Before the date, there was no issue with the same workflow file. It seems something has been changed in GitHub Workflow implementation, but I couldn't find any evidence.

dependabot-auto-merge.yml content:

name: Dependabot
on: pull_request_target

permissions:
  contents: write
  pull-requests: write

jobs:
  Auto-merge:
    runs-on: ubuntu-latest

    steps:
      - uses: fastify/github-action-merge-dependabot@v3
        with:
          use-github-auto-merge: true
          target: minor

Fixes #475.

Checklist

@kirillsud
fix: "Fetch metadata" is skipped for "pull_request_target"
6cff542 
The step `Fetch metadata` is skipped for a workflow triggered by the `pull_request_target`. The issue was found the first time approximately on the 28th of August. Before the date, there was no issue with the same workflow file. It seems something has been changed in GitHub Workflow implementation, but I couldn't find any evidence.

`dependabot-auto-merge.yml` content:

```
name: Dependabot
on: pull_request_target

permissions:
  contents: write
  pull-requests: write

jobs:
  Auto-merge:
    runs-on: ubuntu-latest

    steps:
      - uses: fastify/github-action-merge-dependabot@v3
        with:
          use-github-auto-merge: true
          target: minor
```
simoneb
simoneb reviewed Sep 5, 2023
View reviewed changes
Copy link
Collaborator

@simoneb simoneb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please check out the conversation in this issue and see if you think you really need pull_request_target?

#355

kirillsud added a commit to miroapp/api-clients that referenced this pull request Sep 7, 2023
@kirillsud
Fix dependabot automerge
8f67721 
`fastify/github-action-merge-dependabot` filters out PRs triggered not by `pull_request` event. After creating a ticket to the action repo, developers answered me that probably there is no need to use `pull_request_target`: fastify/github-action-merge-dependabot#474 (review).
@kirillsud kirillsud mentioned this pull request Sep 7, 2023
Merged
kirillsud added a commit to miroapp/api-clients that referenced this pull request Sep 7, 2023
@kirillsud
Fix dependabot auto-merge (#245)
c51f1c0 
`fastify/github-action-merge-dependabot` filters out PRs triggered not
by `pull_request` event. After creating a ticket to the action repo,
developers answered me that probably there is no need to use
`pull_request_target`:
fastify/github-action-merge-dependabot#474 (review).

And it seems we don't: the workflow is targeted on dependabot PRs only,
which are internal (not from forked repos), so for the `pull_request`
event the workflow will have all required write permissions.
@kirillsud kirillsud closed this Sep 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simoneb simoneb simoneb left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"Fetch metadata" step is skipped for "pull_request_target"
2 participants
@kirillsud @simoneb