Closed t92549 closed 2 years ago
The secrets.GITHUB_TOKEN
uses the permissions for the GitHub bot https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token. This is usually okay but the cla bot detects the bot hasn't signed the cla and doesn't then run the tests: https://github.com/gchq/gaffer-tools/pull/918#issuecomment-892653567.
This is why secrets.ADMIN_GITHUB_TOKEN
should be used as it submits the PR as the account that the admin GitHub token is associated with.
It may be potentially better, perhaps, to instead have the cla bot ignore the GitHub actions bot.
While the cla bot blocks the GitHub actions bot, automated PRs like https://github.com/gchq/gaffer-tools/pull/918 will not have CI run against them
This work should be done as part of #953
Currently the
Submit PR
job usessecrets.GITHUB_TOKEN
instead ofsecrets.ADMIN_GITHUB_TOKEN
: https://github.com/gchq/gaffer-tools/blob/04b2c215f1fddd74cb56473784b7318f17546585/.github/workflows/update-gaffer-version.yaml#L35-L41This causes the commit to not be authorised, therefore, it won't have any tests run as the bot user needs to sign cla, e.g. https://github.com/gchq/gaffer-tools/pull/918