Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot "Upload SARIF" still not quite right #6

Closed
EliahKagan opened this issue Sep 4, 2023 · 0 comments · Fixed by #7
Closed

Dependabot "Upload SARIF" still not quite right #6

EliahKagan opened this issue Sep 4, 2023 · 0 comments · Fixed by #7

Comments

@EliahKagan
Copy link
Owner

The changes to the workflow that I added as further commits in #5 prevent unintended failures in an open Dependabot PR, but once the PR is merged, if merged by Dependabot via command like @dependabot merge, the failure happens on the main branch. So the workflow should be further improved to avoid this.

The reason a failure doesn't show on the main branch for where #5 itself was merged is that, although it did originally show that, I created a new branch off main, and that push event worked because it had access to what it needed.

I think it's enough to specify write access explicitly in permissions in the workflow file, but I'll want some confirmation of this before making the change, since it's not really feasible to test all relevant combinations of state that might trigger the problem.
EliahKagan added a commit that referenced this issue Sep 5, 2023
@EliahKagan
Fix rubocop workflow properly for push trigger
8d4de16 
Instead of not running on the push trigger for Dependabot branches,
which is not fully effective because it still fails on main when a
merge is done by Dependabot due to `@dependabot merge` or similar
command, this just specifies the required permissions in the
workflow file, as is done e.g. in automatically generated CodeQL
workflow files and as suggested in #6.

I tested this in https://github.com/EliahKagan/hello-world. See
EliahKagan/hello-world#14 including
EliahKagan/hello-world@d565b84,
EliahKagan/hello-world#15, and
EliahKagan/hello-world#16.
@EliahKagan EliahKagan mentioned this issue Sep 5, 2023
Merged
EliahKagan added a commit that referenced this issue Sep 5, 2023
@EliahKagan
Fix rubocop workflow properly for push trigger (#7)
7b7c32b 
Instead of not running on the push trigger for Dependabot branches,
which is not fully effective because it still fails on main when a
merge is done by Dependabot due to `@dependabot merge` or similar
command, this just specifies the required permissions in the
workflow file, as is done e.g. in automatically generated CodeQL
workflow files and as suggested in #6.

I tested this in https://github.com/EliahKagan/hello-world. See
EliahKagan/hello-world#14 including
EliahKagan/hello-world@d565b84,
EliahKagan/hello-world#15, and
EliahKagan/hello-world#16.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix rubocop workflow properly for push trigger EliahKagan/sieve-ksh
1 participant
@EliahKagan