search

gchq / gaffer-tools

gaffer-tools is deprecated. Use https://github.com/gchq/gafferpy instead
Apache License 2.0
50 stars 29 forks source link

Fix update gaffer version action #921

Closed t92549 closed 2 years ago

t92549 commented 3 years ago

Currently the Submit PR job uses secrets.GITHUB_TOKEN instead of secrets.ADMIN_GITHUB_TOKEN: https://github.com/gchq/gaffer-tools/blob/04b2c215f1fddd74cb56473784b7318f17546585/.github/workflows/update-gaffer-version.yaml#L35-L41

This causes the commit to not be authorised, therefore, it won't have any tests run as the bot user needs to sign cla, e.g. https://github.com/gchq/gaffer-tools/pull/918

t92549 commented 3 years ago

The secrets.GITHUB_TOKEN uses the permissions for the GitHub bot https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token. This is usually okay but the cla bot detects the bot hasn't signed the cla and doesn't then run the tests: https://github.com/gchq/gaffer-tools/pull/918#issuecomment-892653567. This is why secrets.ADMIN_GITHUB_TOKEN should be used as it submits the PR as the account that the admin GitHub token is associated with.

t92549 commented 3 years ago

It may be potentially better, perhaps, to instead have the cla bot ignore the GitHub actions bot.

t92549 commented 3 years ago

While the cla bot blocks the GitHub actions bot, automated PRs like https://github.com/gchq/gaffer-tools/pull/918 will not have CI run against them

t92549 commented 2 years ago

This work should be done as part of #953