Need help with Dependabot and Github Actions

What i’m looking to do is that when Dependabot creates PR’s to update dependencies, it will do the following:

  1. Run the NodeCI workflow defined as such

    name: Node CI

    on:
    pull_request:
    types: [opened, synchronize, ready_for_review, review_requested, reopened]
    branches:
    - master

    jobs:
    build:
    name: Build with Node.js
    if: github.base_ref == ‘master’ && (github.actor == ‘dependabot[bot]’ || github.actor == ‘dependabot-preview[bot]’)
    runs-on: ubuntu-latest
    timeout-minutes: 10
    strategy:
    matrix:
    node-version: [8.x, 10.x, 12.x]
    steps:
    - name: Dump GitHub context
    env:
    GITHUB_CONTEXT: ${{ toJson(github) }}
    run: echo “$GITHUB_CONTEXT”

       - name: Checkout repo
         uses: actions/checkout@v1
    
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v1
         with:
           node-version: ${{ matrix.node-version }}
    
       - name: NPM install, build, and test
         run: |
           npm ci
           npm run build --if-present
           npm test
         env:
           CI: true
    

    approve:
    name: Approve pull request
    runs-on: ubuntu-latest
    timeout-minutes: 10
    needs: build
    steps:
    - uses: hmarr/auto-approve-action@v2.0.0
    with:
    github-token: ‘${{ secrets.GITHUB_TOKEN }}’

    merge:
    name: Merge pull request
    runs-on: ubuntu-latest
    timeout-minutes: 10
    needs: approve
    steps:
    - name: Merge
    uses: actions/github-script@0.8.0
    with:
    script: |
    github.pulls.merge({
    owner: context.payload.repository.owner.login,
    repo: context.payload.repository.name,
    pull_number: context.payload.pull_request.number
    })
    github-token: ‘${{ secrets.GITHUB_TOKEN }}’

  2. Once the NodeCI Workflow approves the PR (bypasses the need to have a reviewer approve it), and merges the PR, I have another workflow, that deploys the PR to Cloudflare Workers. That Deploy workflow look’s like the following.

    name: Deploy to Cloudflare Workers

    on:
    pull_request:
    types: [closed]
    branches:
    - master

    env:
    NODE_VERSION: 12.x

    jobs:
    deploy:
    name: Deploy
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
    - name: Dump GitHub context
    env:
    GITHUB_CONTEXT: ${{ toJson(github) }}
    run: echo “$GITHUB_CONTEXT”

       - name: Checkout repo
         uses: actions/checkout@master
    
       - name: Setup Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@v1.4.0
         with:
           node-version: ${{ env.NODE_VERSION }}
    
       - name: Cache node modules
         uses: actions/cache@v1
         env:
           cache-name: cache-node-modules
         with:
           path: ~/.npm
           key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
           restore-keys: |
             ${{ runner.os }}-build-${{ env.cache-name }}-
             ${{ runner.os }}-build-
             ${{ runner.os }}-
    
       - name: Install NextJS dependencies
         run: npm ci
    
       - name: Build NextJS application
         run: npm run build
    
       - name: Export NextJS application
         run: npm run export
    
       - name: Publish to Cloudflare Workers
         uses: cloudflare/wrangler-action@1.1.0
         if: github.event_name == 'closed'
         with:
           apiToken: ${{ secrets.CF_API_TOKEN }}
           environment: 'production'
    
       - name: Cleanup @cloudflare/wrangler data
         continue-on-error: true
         run: sudo rm -rf ~/.wrangler .wrangler ~/.config .config ~/configstore configstore
    

I assume that after the NodeCI workflow merges (closes) the PR… that because I defined:

on:
  pull_request:
    types: [closed]
    branches:
      - master

It will run my Deploy workflow? 

However the issue is that it is not. It runs the NodeCI workflow just fine, however the Deploy workflow is never triggered, even after the Dependabot PR is approved/merged. Does anyone have any ideas what i’m doing wrong?

Solved by replacing secrets.GITHUB_TOKEN with a Github Personal Access Token (https://github.com/settings/tokens), on the merge step!

merge:
    name: Merge pull request
    runs-on: ubuntu-latest
    timeout-minutes: 10
    needs: approve
    steps:
      - name: Merge
        uses: actions/github-script@0.8.0
        with:
          script: |
            github.pulls.merge({
              owner: context.payload.repository.owner.login,
              repo: context.payload.repository.name,
              pull_number: context.payload.pull_request.number
            })
          github-token: '${{ **secrets.GITHUB\_PERSONAL\_TOKEN** }}'

For people who come upon this in the future, it is due to that at the time of writing this, one workflow can not trigger another workflow, so by changing from the default github token that is provided to a personal access  token.

1 Like

Chào :money_mouth_face: