Commit generated in one workflow does not trigger pull_request workflow

davidwessman · December 8, 2020, 8:29am

Hello!

I have to run a Github action everytime a specific file is changed in a PR, the action will edit a related file and make a new commit. This works great and was super easy using https://github.com/EndBug/add-and-commit.

I do not know if the issue lies in the add-and-commit action or something else, but when the generated commit is pushed to the branch of the PR, the other workflows are not triggered all the time, and sometimes it works great.

This is what my action looks like, and I would be very thankful for any hints on why it does not always trigger.

name: Update next

on:
  pull_request:
    paths:
      - "Gemfile.lock"

jobs:
  update:
    runs-on: ubuntu-20.04

    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      BUNDLE_GEMFILE: Gemfile.next

    steps:
      - uses: actions/checkout@v2

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1

      - name: Gems Cache
        id: gem-cache
        uses: actions/cache@v2
        with:
          path: vendor/bundle
          key: ${{ runner.os }}-gem-2.5.8-Next-${{ hashFiles('Gemfile.next.lock') }}
          restore-keys: |
            ${{ runner.os }}-gem-2.5.8

      - name: Update Gemfile.next
        run: |
          bundle update --minor --conservative

      - uses: EndBug/add-and-commit@v5
        with:
          add: Gemfile.next.lock

airtower-luna · January 14, 2021, 7:51pm

The problem is that you’re using GITHUB_TOKEN and not a PAT, as described in Using the GITHUB_TOKEN in a workflow:

When you use the repository’s GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run.

If you want the push to trigger new workflows you need to create a PAT with appropriate permissions, add it as a secret, and use that instead of GITHUB_TOKEN.

davidwessman · December 21, 2020, 2:45pm

Hello!

Now I have tried to do this by creating a Github App in the organization, using a github action to get an access_token from the app and using that for the commit. But it still does not trigger a new workflow. Which would be the appropriate permissions to trigger a new build?

I based my Github App on https://dev.to/dtinth/authenticating-as-a-github-app-in-a-github-actions-workflow-27co

cyberbeni · December 25, 2020, 11:38am

I usually just close and reopen the issue, that will trigger pull_request workflows and then smash the automerge button, so when the checks pass, it gets merged without any further input. Automerge is still in beta, you have to enable it in the repository settings.

davidwessman · January 4, 2021, 3:57pm

Yes, that is what I currently do. But every time I reopen, dependabot will rebase and then it takes another round of for every time I merge something. Quite hard to work with

cyberbeni · January 4, 2021, 8:12pm

If you have more than a couple dependencies (including transitive) then you should probably use something that has grouped updates instead of dependabot.
Doesn’t even have to be an app, could just be a scheduled workflow, like these:
toolkit/update-github.yaml at main · actions/toolkit
install-swift-tool/update-dependencies.yml at master · Cyberbeni/install-swift-tool (github.com)

davidwessman · January 14, 2021, 7:53pm

I managed to get it to work with another token (used a Github App token but it should work with a Personal Access Token).

The important part was setting the token when doing the initial checkout using actions/checkout@v2, as described in GitHub - EndBug/add-and-commit: Add & commit files from a path directly from GitHub Actions.

name: Update next

on:
  pull_request:
    paths:
      - "Gemfile.lock"

jobs:
  update:
    runs-on: ubuntu-20.04

    env:
      BUNDLE_GEMFILE: Gemfile.next

    steps:
      - name: Generate token
        id: generate_token
        uses: tibdex/github-app-token@v1
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.PRIVATE_KEY }}

      - uses: actions/checkout@v2
        with:
          token: ${{ steps.generate_token.outputs.token }}

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1

      - name: Gems Cache
        id: gem-cache
        uses: actions/cache@v2
        with:
          path: vendor/bundle
          key: ${{ runner.os }}-gem-${{ hashFiles('Gemfile.next.lock') }}
          restore-keys: |
            ${{ runner.os }}-gem-

      - name: Update Gemfile.next
        run: |
          bundle update --minor --conservative

      - uses: EndBug/add-and-commit@v6
        with:
          add: Gemfile.next.lock