Closed brandongregoryscott closed 3 years ago
Related: it looks like builds from PRs are actually running from the target branch (main
) instead of the code from the source branch, which is definitely not expected behavior. See comment in this recent PR: https://github.com/AndcultureCode/AndcultureCode.Cli/pull/212#discussion_r662954037
Basically, the build on the PR passed despite having changes that would actually break the build once merged.
I am thinking one solution to this is:
pull_request_target
event to pull_request
notify_start
, notify_success
and notify_failure
jobs to conditionally check to see if the env.SLACK_BOT_TOKEN
variable is available before running its stepsWe won't get notifications for PR builds anymore, but at least we'll know they are running the correct branch's code. We should still get the notifications when merged into main
- which triggers the push
event and has access to the repository secrets.
Yeah, this is what I'm finding with trying to figure out why the last merge passed tests but then ultimately failed when merged into main. I'm also looking at not running an action on draft PRs.
Related: it looks like builds from PRs are actually running from the target branch (
main
) instead of the code from the source branch, which is definitely not expected behavior. See comment in this recent PR: https://github.com/AndcultureCode/AndcultureCode.Cli/pull/212#discussion_r662954037Basically, the build on the PR passed despite having changes that would actually break the build once merged.
I am thinking one solution to this is:
- Update
pull_request_target
event topull_request
- Update the
notify_start
,notify_success
andnotify_failure
jobs to conditionally check to see if theenv.SLACK_BOT_TOKEN
variable is available before running its stepsWe won't get notifications for PR builds anymore, but at least we'll know they are running the correct branch's code. We should still get the notifications when merged into
main
- which triggers thepush
event and has access to the repository secrets.
Right now builds are triggered on all PRs, even builds from @all-contributors. While it isn't really hurting anything to run more builds, it's unnecessary and spams up our CI channel. The commits are tagged with
[skip ci]
but GA does not seem to respect this, at least out of the box. Investigate ways to skip the CI builds when commits are tagged with[skip ci]
or at least from certain bot accountsAdditional info: Github Actions supports skipping workflow runs from
push
andpull_request
events when various[skip ci]
[ci skip]
etc phrases are in the commits (as of Feb 2021)However,
pull_request_target
, which we are using, is not skipped. https://docs.github.com/en/actions/guides/about-continuous-integration#skipping-workflow-runsWe are using
pull_request_target
so that the Slack bot token secret can be passed to thenotify_start
,notify_success
andnotify_failure
steps. We have theCODECOV_TOKEN
in there as well, but I don't think it is actually used since the repository is public.