add-to-project icon indicating copy to clipboard operation
add-to-project copied to clipboard

Published 20 hours ago verified publisher icon actions

dependabot labeled PRs do not add to project

Open gkwan-ibm opened this issue 11 months ago • 8 comments

I created a action:

name: Add PRs to Dependabot PRs dashboard

on:
  pull_request:
    types:
      - labeled

jobs:
  add-to-project:
    name: Add PR to dashboard
    runs-on: ubuntu-latest
    steps:
      - uses: actions/[email protected]
        with:
          project-url: https://github.com/orgs/...
          github-token: ${{ secrets.ADMIN_BACKLOG }}
          labeled: dependencies

This action works to add the PR to the project if I manually add the dependencies label. But, the dependabot created PRs (the Bump PRs) do not automatically add to the project.

gkwan-ibm avatar Mar 05 '24 15:03 gkwan-ibm

Seems to be this reason.

Error: Input required and not supplied: github-token

gkwan-ibm avatar Mar 05 '24 15:03 gkwan-ibm

The dependabot creates branch and PR in the repo, not from a fork, why the above action does not work?

gkwan-ibm avatar Mar 05 '24 17:03 gkwan-ibm

from the docs: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow

When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.

So if you want to respond to events that are triggered by bots you have two options:

  • use a personal access token so the event is triggered by you (not the bot)
  • look for the output of the bot action at a regular interval https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule

surchs avatar Mar 19 '24 21:03 surchs

The token I used is my personal token. Again, manually label PR works fine.

The question is "Why the dependabot labeled PRs (the Bump PRs) does not work?"

gkwan-ibm avatar Mar 19 '24 22:03 gkwan-ibm

The token I used is my personal token

ah, my bad

Why the dependabot labeled PRs (the Bump PRs) does not work?

you cannot have a bot apply a label and then have the https://docs.github.com/en/webhooks/webhook-events-and-payloads?actionType=labeled#pull_request event trigger another workflow. So likely your issue is that the label is applied by dependabot. Our workaround is as I mentioned to have a cron job do this: https://github.com/neurobagel/planning/blob/3790a983b3c6aacf7eaabef05895b68cd200b99a/.github/workflows/global_move_bot_pr_to_board.yml

surchs avatar Mar 19 '24 22:03 surchs

How's about opened? I tried it and also not work. Same reason?

on:
  pull_request:
    types:
      - opened

gkwan-ibm avatar Mar 20 '24 13:03 gkwan-ibm