Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🎨 Force automerge as admin #199

Merged
merged 8 commits into from
Nov 15, 2023
Merged

🎨 Force automerge as admin #199

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
92f64c2
:art: Force automerge as admin
flaxel Nov 9, 2023
c74078a
:lipstick: Make linter happy
flaxel Nov 9, 2023
6a20dec
:truck: Rename admin variable to force
flaxel Nov 9, 2023
028c008
:art: Change default type for force
flaxel Nov 9, 2023
1100f6a
:memo: Add force documentation
flaxel Nov 9, 2023
3e4253d
:memo: Add hint for prrotection rules
flaxel Nov 9, 2023
9a384b7
:memo: Only run if the PR is created
flaxel Nov 13, 2023
6a25ab1
:arrow_down: More explanation for force merge
flaxel Nov 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion .github/workflows/template_automerge_dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@ name: Dependabot Auto-Merge

on:
workflow_call:
inputs:
force:
default: false
required: false
type: boolean
secrets:
app_id:
required: true
Expand Down Expand Up @@ -35,7 +40,12 @@ jobs:
if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
run: |
gh pr review --approve "$PR_URL"
gh pr merge --auto --merge "$PR_URL"

if [ ${{ inputs.force }} == 'true' ]; then
gh pr merge "$PR_URL" --merge --admin
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will actually bypass all rules. Means also when another workflow fails it could lead to a merge. Or did I miss something?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah correct and that's the cause why I add two warnings. 🙌 But additionally you need to configure it in your repo so you can bypass any protection rules.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TBH: I'm not happy with this. For example: I consider the warnings but decide to enable this feature. The next ten updates run totally fine. But a few months later this workflow will break the main branch of my repo, because of a breaking update. I might not notice this, because in the meantime I'm working on a different service.

I think the feature in its current implementation adds more risk than value.

Copy link
Contributor Author

@flaxel flaxel Nov 10, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this is an implementation detail how the repo owners use the workflow. I would recommend to use it as a last step of the pipeline,so the issue should never happen.🤔 We would use it f.e. in the alarm tool where we already have auch logic.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha - let's get another review from @0x46616c6b, as I like to have his view on this.

else
gh pr merge --auto --merge "$PR_URL"
fi
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}
5 changes: 5 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ In this section you can find examples of how to use template workflows. For more

The action is called by creating a PR. It is necessary that the repository is enabled for auto-merge.

⚠️ If you want to enable the force merge, make sure that the app can bypass any protection rules.
0x46616c6b marked this conversation as resolved.
Show resolved Hide resolved

```yml
name: Enable Dependabot Auto-Merge

Expand All @@ -38,6 +40,9 @@ on: pull_request
jobs:
dependabot:
uses: Staffbase/gha-workflows/.github/workflows/[email protected]
with:
# optional: ⚠️ only enable the force merge if you want to do the merge just now
force: true
secrets:
# identifier of the GitHub App for authentication
app_id: ${{ <your-app-id> }}
Expand Down