Closed dudicoco closed 3 years ago
It's new to me, that workflows start to hang when a commit is pushed to a protected branch. Usually the commit can't even be made. 🤔 Will do some further testing, but are you 100% sure that the workflows hang because of the commit made? Or did GitHub maybe just had an outage or something other interfered?
But you're probably right, that a PAT solves this problem. The default GITHUB_TOKEN
has some strict permissions and can have a few side effects (like you mentioned).
However, triggering the jobs again is very time/money consuming, so a more elegant solution should be implemented.
If you do not want to re-run workflows I would suggest adding if-guards to your workflows. In this comment from a past issue I shared an example: https://github.com/stefanzweifel/git-auto-commit-action/issues/87#issuecomment-691044617
Before running a job in a workflow, you check the actor which initiated the workflow run. If the actor is the same as the committer, the job should not run.
name: My Workflow
on: push
jobs:
my-workflow:
# ↓ This condition is important
if: github.actor != 'org-bot'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
token: ${{ secrets.PAT }}
ref: ${{ github.head_ref }}
# ...
run: date > current-date.txt
- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: My Commit Message
branch: ${{ github.head_ref }}
commit_user_name: org-bot
I believe the use case / problem is that the protected branch has certain required checks configured.
When these workflows are skipped (either because of [ci skip]
in the commit title, skipping the flow in the workflow code as you propose, or because of the default GITHUB_TOKEN
being used), the PR cannot continue because it will continue waiting on those required checks.
@stefanzweifel i'm sure that the workflows hang because of the commit, and not because of anything else, i've tested it multiple times.
The if
clause will not help here because it will prevent the workflow from rerunning - which will cause the status checks to hang.
I'm surprised that no one else brought this issue up so far, it's a pretty common scenario to have a protected branch with required status checks.
Sorry for my late response to this issue @dudicoco . I've taken 2 weeks off of regular and open-source work. (Needed some time to refresh my mind)
I could reproduce this "error" in my test repository: https://github.com/stefanzweifel/git-auto-commit-action-demo-app. The repo has 2 workflows:
test.yml
which runs the apps test suiteformat_php.yml
to format the PHP code according to a defined standard (I'm a PHP guy, that's why I've used this)The repo has been set up with a protection rule. The test
status check has to pass before merging:
In this PR I've made a change to the PHP code which triggered the format_php
action. This resulted in the same problem you're describing at the beginning.
As you correctly identified, this is because of the restrictions GitHub made to secrets.GITHUB_TOKEN
.
Adding a personal access token resolves this issue, as now the required test
-workflow is being triggered, after my format_php
-workflows pushes a commit to the branch.
The if clause will not help here because it will prevent the workflow from rerunning - which will cause the status checks to hang.
You're right. A if
-statement on the job level wouldn't help here as by the protection rule definition the test
-workflow/job has to run.
However, you could add if
-statements to the steps in a workflow to check, if the git.actor
which created the commit was a bot. This way you could skip the steps which are taking a long time to run. Such a step could look like this:
- name: Step that takes a long time to run
if: ${{ github.actor != 'my-org-bot' }}
run: /path/to/bin
It's definitely not elegant and can be very tedious if you have many steps in your workflow, but we are all constraint by the way how GitHub Actions work.
so a more elegant solution should be implemented.
That would be great, but that's basically impossible. I don't work for GitHub and don't have leverage to change anything. git-auto-commit
is just a simple bash script that runs 5 git
-commands. It doesn't even interact with the GitHub API.
The base problem is:
git-auto-commit
does not trigger run for status check.I'm closing this issue now, as I don't see a practical way to solve this problem. If you have found a solution to this problem, feel free to submit a PR or write your solution here. I'm sure a lot of people would be happy to read it.
Thank you for the elaborate reply @stefanzweifel!
When using the action with a protected branch which has required status checks configured, once a commit is pushed back into the branch the required status checks hang:
This is related to https://github.com/stefanzweifel/git-auto-commit-action#commits-made-by-this-action-do-not-trigger-new-workflow-runs
I assume the solution would be to use a PAT instead of the default github token as described in https://github.com/stefanzweifel/git-auto-commit-action/issues/38#issuecomment-580174859 However, triggering the jobs again is very time/money consuming, so a more elegant solution should be implemented.