Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Protoype automatic changelogs for dependabot PRs #13998

Merged
merged 1 commit into from
Oct 3, 2022
Merged

Protoype automatic changelogs for dependabot PRs #13998

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions .github/workflows/dependabot_changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Write changelog for dependabot PR
on:
pull_request:
types:
- opened

jobs:
add-changelog:
runs-on: 'ubuntu-latest'
if: ${{ github.actor == 'dependabot[bot]' }}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to be the done thing, according to e.g. here

steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To the reviewer: please double check that

  • this correctly checks out the branch that the PR is tracking
  • so that git push makes a new commit and updates the branch to point to that new commit

I think this is correct, but I am not an expert with git's plumbing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks right to me.

(I think, by default, it checks out the SHA of a merge between the PR branch and the target branch?)

- name: Write, commit and push changelog
run: |
echo "${{ github.event.pull_request.title }}." > "changelog.d/${{ github.event.pull_request.number }}".docker
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this not be .misc?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rationale: altering the lockfile changes the contents of the Docker images and Debian packages.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It also changes the dependencies for all poetry based installations. Personally I'd read something in .docker to be something that only affects docker?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fair. I'll commit directly to develop to make it misc.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I'll be a good boy and raise a PR so that we have a proper changelog.

git add changelog.d
git config user.email "github-actions[bot]@users.noreply.github.com"
git config user.name "GitHub Actions"
git commit -m "Changelog"
git push
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if dependabot will have the ability to push to its own PR branch. According to the docs its PRs are run as if they came from forks, for security's sake. I think it should be able to push another commit to its own pseudo-fork, but I'm not totally sure.

Suggest we try this out and see if it works?

shell: bash
1 change: 1 addition & 0 deletions changelog.d/13998.misc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Prototype a workflow to automatically add changelogs to dependabot PRs.