search

taichi / actions-package-update

keeps npm dependencies up-to-date by making pull requests from GitHub Actions or CI.
66 stars 12 forks source link

Tests aren't ran for PRs #11

Open daneren2005 opened 4 years ago

daneren2005 commented 4 years ago

For projects with decent coverage I could just merge these PRs without doing any manual checking out and testing of the branch. When this bot creates the PRs Github actions aren't ran so my tests aren't run automatically. I'm not sure if there is a way around this or if it could be changed to run npm test or something before creating the PRs.

daneren2005 commented 4 years ago

When looking into this I found https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token with info and https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#triggering-further-workflow-runs with some info about how to work around this issue.

nihalgonsalves commented 4 years ago

You can work around this GitHub Actions limitation using deploy keys:

https://docs.github.com/en/developers/overview/managing-deploy-keys#setup-2

Create a deploy key, add the public key to your repo under deploy keys, and then add the private key to your secrets under something like ACTION_DEPLOY_KEY.

I then used the package through npx directly in a normal node action (rather than the actions-package-update action) to get the ssh-agent running in the same place:

jobs:
  package-update:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Use Node.js 14
        uses: actions/setup-node@v1
        with:
          node-version: 14
      - env:
          ACTION_DEPLOY_KEY: ${{ secrets.ACTION_DEPLOY_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          AUTHOR_EMAIL: actions@github.com
          AUTHOR_NAME: GitHub Actions
          EXECUTE: 'true'
          LOG_LEVEL: debug
        run: |
          git remote set-url origin "$(git config --get remote.origin.url | sed 's#http.*com/#git@github.com:#g')"
          eval `ssh-agent -t 600 -s`
          echo "$ACTION_DEPLOY_KEY" | ssh-add -
          mkdir -p ~/.ssh/
          ssh-keyscan github.com >> ~/.ssh/known_hosts

          npx actions-package-update -u --packageFile package.json --loglevel verbose

          ssh-agent -k

It would be nice to have this natively supported in the action though - the agent code could be run inside the Dockerfile command/entrypoint and take the ssh key via an env variable.

bravo-kernel commented 1 year ago

Above script by @nihalgonsalves will work but requires two additional steps:

  1. To prevent fails with Error: spawn ncu ENOENT errors, install ncu before running the npx command 
          npm install npm-check-updates --global
          npx actions-package-update -u --packageFile package.json --loglevel info
  1. Because SSH Deploy Keys will only trigger on: push workflows, also update the workflow file containing your tests for the package-update branches:
on:
  push:
    branches:
    - main
    - package-update/**
  pull_request:
    branches:
    - main