-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci(deps): fix git push
during yarn.lock
deduplication for Dependabot PRs [actions testing PR]
#3
Conversation
- `actions/checkout` runs `git checkout` on a specific commit SHA, meaning there is no "branch" by default, it's on a detached `HEAD` - so without a branch specified, it would error out - so specify a branch using [GH Actions env vars](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables) - note that `$GITHUB_HEAD_REF` should exist for PRs, and dependabot makes PRs (vs. direct `push`es) - use `origin` as the remote name which is the default and also was mentioned in the error message - also short-circuit the logic if there are no changes to `yarn.lock` (i.e. no deduplication neceessary) - this should also be less buggy as the later code will only execute when strictly necessary now (basically, when not needed, returns to the previous behavior before this step existed) Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
6db5363
to
7f5047d
Compare
This reverts commit 7f5047d. Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
As can be seen in this PR and per argoproj#12234 (comment), checks don't run on commits made by GH Actions (in order to prevent an infinite loop, see GH docs). That means that the As such, I will not be making a PR for this upstream and will instead follow-up upstream with a revert of argoproj#12234 entirely, since it is not workable. EDIT: reverted in argoproj#12892 Tbh, I'm not really sure how to get around these limitations, it would be great if dependabot automatically deduplicated itself per dependabot/dependabot-core#5830. Otherwise we might be stuck with manual deduplication necessary 😕 |
git push
during yarn.lock
deduplication for Dependabot PRsgit push
during yarn.lock
deduplication for Dependabot PRs [actions testing PR]
Fixes argoproj#12234 (comment), argoproj#12891 (comment)
Motivation
actions/checkout
runsgit checkout
on a specific commit SHA, meaning there is no "branch" by default, it's on a detachedHEAD
git push
would error outModifications
specify a branch for
git push
using GH Actions env vars$GITHUB_HEAD_REF
should exist for PRs, and dependabot makes PRs (vs. directpush
es)origin
as the remote name which is the default and also was mentioned in the error messageadd
permissions.contents: write
to allow for this GHA job topush
add
fetch-depth
toactions/checkout
so that it doesn't fail topush
due to not having fetched (i.e. not knowing the state of the branch being pushed to)also add
if git diff --quiet -- ui/yarn.lock
check to short-circuit the logic if there are no changes toyarn.lock
(i.e. no deduplication necessary)Verification
I tested the short-circuit logic locally:
With no changes, exits properly:
With changes, does not exit:
Otherwise using this very PR in my own fork for testing purposes