Closed faisal-memon closed 1 year ago
marcofranssen
commented
1 year ago Why are we doing this? This is an anti pattern as it circumvents the permissions system in GH workflows.
Normally you just need to do following:
permissions:
contents: writeThis will allow the workflow to make a commit so we don't have to manage our own keys.
kfox1111
commented
1 year ago Why are we doing this? This is an anti pattern as it circumvents the permissions system in GH workflows.
Normally you just need to do following:
permissions: contents: writeThis will allow the workflow to make a commit so we don't have to manage our own keys.
Because the github workflows are broken with regard to submitting pr's that actually have their tests run automatically. :/
marcofranssen
commented
1 year ago Did some additional research.
Seems if we want to do with deploy keys all workflows need to have the push event added as well in this PR. That also means it is a different workflow run and therefore also a different mandatory check, which complicates what we are doing.
Another good option to me is the GitHub app option which also works on the pull_request event, so we don't have to change the workflow triggers and the mandotory checks in branch protection.
As a workaround to trigger the workflow they also suggest to close and reopen the PR which also triggers the workflows, which is 2 manual clicks on these PRs. This would also allow us to stick with current merge checks as we don't have to change workflow triggers and such.
faisal-memon
commented
1 year ago Thanks @marcofranssen for doing the research. Seems like this option won't work. Will look into the github app option.
Following steps in this medium article to hopefully fix issue where tests don't run for auto created PRs. Alternative approach is to create a bot account and use a PAT from that.
fixes #334 (hopefully)