Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workflows don't run on backport PR #79

Open
paulgessinger opened this issue Jul 26, 2022 · 7 comments
Open

Workflows don't run on backport PR #79

paulgessinger opened this issue Jul 26, 2022 · 7 comments

Comments

@paulgessinger
Copy link

When the backport action creates the backport PR, I see GH action workflows not triggering on the PR commit (neither push nor pull_request trigger).

I'm guessing this has something to do with the PR being create from a GH action.
If that's the case, this isn't really a feature of this project, but of GH actions itself.

I just thought I'd create an issue here to check if my assumption is correct, or if this can be worked around somehow.
@sorenlouv
Copy link
Owner

Hi @paulgessinger

I haven't seen this issue before. You can try creating a backport manually using the backport cli, and see if that causes the workflows to run as expected.

@paulgessinger
Copy link
Author

paulgessinger commented Jul 27, 2022
edited
Loading

With the CLI it does work, but I think that's because it uses a PAT, so the triggering user is me rather than the github actions user.

I'll try to validate this by supplying a PAT to the action that's different from the ${{ secrets.GITHUB_TOKEN }}.

@paulgessinger
Copy link
Author

paulgessinger commented Jul 27, 2022
edited
Loading

Indeed, using a PAT instead of ${{ secrets.GITHUB_TOKEN }} triggers the workflows on the backport PRs.

As per https://github.com/orgs/community/discussions/27028, a workaround might be to (optionally) have the action perform the git operations with a deploy SSH key. Those are apparently not restricted and can trigger workflow runs. I don't know however if a PR created by ${{ secrets.GITHUB_TOKEN }} with a branch pushed with a deploy key will get pull_request workflow triggers.

@sorenlouv
Copy link
Owner

Okay, thanks for verifying that.

If I understand correctly deploy keys are ssh keys. The backport tool today does not use ssh keys but instead perform all actions against the remote using the provided access token:

https://github.com/sqren/backport/blob/dfd9a774f929c5adc8000a13ba1c5834ddb83d2a/src/lib/git.ts#L23

Are there any downsides to using a PAT over deploy keys?

@paulgessinger
Copy link
Author

With a PAT, the PR is associated with the PAT's user (i.e. me), rather than a neutral entity. For my envisioned workflow, I can't then approve the backport PRs, because I'm the author, whereas I can approve bot PRs.

I didn't expect deploy keys being a drop-in replacement / fix, I just mentioned this as a possible workaround that would require changes to the backport CLI.

@sorenlouv
Copy link
Owner

Ok, I see. A workaround I've seen elsewhere is to create a separate user with push permissions to the repo, then create a PAT for this user.

@FlorianHockmann FlorianHockmann mentioned this issue Mar 1, 2023
Closed
@laeubi
Copy link

laeubi commented Mar 2, 2023

PRs created by an action do not trigger other workflows see:

@knqyf263 knqyf263 mentioned this issue May 27, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sorenlouv @paulgessinger @laeubi