Open maciejmakowski opened 1 year ago
I'm also seeing this in my projects, again, without changes on my side.
Run ahmadnassri/action-dependabot-auto-merge@v2
with:
github-token: ***
target: minor
config: .github/auto-merge.yml
command: merge
botName: dependabot
approve: true
/usr/bin/docker run --name ghcrioahmadnassriactiondependabotautomergev2_55639b --label 290506 --workdir /github/workspace --rm -e "INPUT_GITHUB-TOKEN" -e "INPUT_TARGET" -e "INPUT_CONFIG" -e "INPUT_COMMAND" -e "INPUT_BOTNAME" -e "INPUT_APPROVE" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/phoenix/phoenix":"/github/workspace" ghcr.io/ahmadnassri/action-dependabot-auto-merge:v2
using workflow's "target":
- match:
dependency_type: all
update_type: semver:minor
title: "Bump cypress from 11.1.0 to 11.2.0"
depName: cypress
from: 11.1.0
to: 11.2.0
dependency type: development
security critical: false
config: all:semver:minor
all:semver:minor detected, will auto-merge
Error: Cannot read properties of undefined (reading 'createReview')
TypeError: Cannot read properties of undefined (reading 'createReview')
at approve (file:///action/lib/api.js:2:23)
at default (file:///action/lib/index.js:31:11)
at file:///action/index.js:53:7
at ModuleJob.run (node:internal/modules/esm/module_job:194:25)
Same here
I can confirm the problem.
I can confirm as well. I've tried downgrading down to 2.5.x, with no effect. Still seeing the error.
Same here
Another one here.
For anybody looking for a solution for this problem.
Here is how my workflow looked before (using this action):
name: Merge me!
on:
pull_request_target:
jobs:
merge-me:
name: Merge me!
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- name: Merge me!
uses: ahmadnassri/action-dependabot-auto-merge@v2
with:
target: minor
github-token: ${{ secrets.SWAGGER_BOT_GITHUB_TOKEN }}
command: squash and merge
Here is the replacement workflow which works exactly the same:
name: Merge me!
on:
pull_request_target:
jobs:
merge-me:
name: Merge me!
runs-on: ubuntu-latest
# Checking the actor will prevent your Action run failing on non-Dependabot
# PRs but also ensures that it only does work for Dependabot PRs.
if: github.actor == 'dependabot[bot]'
steps:
# This first step will fail if there's no metadata and so the approval
# will not occur.
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.1.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
# Finally, tell dependabot to merge the PR if all checks are successful
- name: Instruct dependabot to squash & merge
if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
uses: mshick/add-pr-comment@v2
with:
repo-token: ${{ secrets.SWAGGER_BOT_GITHUB_TOKEN }}
allow-repeats: true
message: |
@dependabot squash and merge
env:
GITHUB_TOKEN: ${{ secrets.SWAGGER_BOT_GITHUB_TOKEN }}
Nice, thanks for sharing @char0n! :+1:
Fairly certain you need to use octokit.rest.<api method>
now with the latest version, why it's throwing an undefined error.
I can open a PR in a bit to update this.
Thank you for the quick turnaround on this @leezumstein and @ahmadnassri! I updated to 2.6.2
and things started working for us again. 🚀
I'm still trying to understand though how this broke without any visible changes? Or was Octokit somehow updated at the time when it broke without it being visible in the code changes in this repo?
I don't see any new releases of Octokit here either (or is that not the package this GH action is using?): https://github.com/octokit/octokit.js/releases
Thank you for the quick turnaround on this @leezumstein and @ahmadnassri! I updated to
2.6.2
and things started working for us again. 🚀I'm still trying to understand though how this broke without any visible changes? Or was Octokit somehow updated at the time when it broke without it being visible in the code changes in this repo?
I don't see any new releases of Octokit here either (or is that not the package this GH action is using?): https://github.com/octokit/octokit.js/releases
I believe this action still ends up pulling the updated docker image irregardless of which version of the action you're targeting.
Dependencies we're updated with the recent docker image push which caused the breaking change.
Can you please clarify @leezumstein: What is the Docker image you are referring to? Is it this one? https://github.com/ahmadnassri/action-dependabot-auto-merge/pkgs/container/action-dependabot-auto-merge
I believe that's governed by this Dockerfile: https://github.com/ahmadnassri/action-dependabot-auto-merge/blob/master/Dockerfile
With that, shouldn't the octokit dependencies be governed by what's in the package-lock.json
?
There was only one change to dependencies in this repo when things broke (https://github.com/ahmadnassri/action-dependabot-auto-merge/pull/162) and that didn't appear to touch on anything Github action or Octokit related.
I don't see at all when the change to have to use octokit.rest.
was introduced, but I have to admit I don't really know where I should be looking for this:
https://github.com/octokit/octokit.js/releases
https://github.com/octokit/core.js/releases
https://github.com/octokit/rest.js/releases
As far as I can see, it should have been octokit.rest.
for a long time, and so it's even more of a conundrum for me what changed and why this broke two days ago.
Again, just trying to understand what happened here for future reference and also as a learning experience for me.
I updated to 2.6.2 and things started working for us again. 🚀
Same, thanks!
@mknepprath looking at your PR (https://github.com/mknepprath/mknepprath-next/pull/976), you probably want to go back to @2
now again, otherwise you'll get stuck on 2.6.2
or will have to continue to update it manually, unlike with @2
where you get update automatically.
Alternatively, you can also set up Dependabot to update your Github Actions too.
I am still in the process of further investigating what could have changed, but I thought I am going to post here in case anyone else has an idea.
As far as we know, nothing changed in the configuration of the token itself or the secret, but suddenly (around 12-24h ago) the setup that we had successfully working for months started failing with:
The line in question is this:
Which appears to mean that
octokit.pulls
isundefined
, but also that it does not appear to be a permission issue as such with the token since it got that far.At first I thought that something might have changed on the latest
2.6.1
release from earlier today, but I confirmed that the issue is also still happening with2.6.0
which as I said before we've been using fine for months.I am also sending this to Github support, but I was wondering whether anyone else has seen this and if yes, whether they found a solution for it.
Thanks in advance.