powertools-lambda-typescript icon indicating copy to clipboard operation
powertools-lambda-typescript copied to clipboard
verified publisher icon aws-powertools

Maintenance: review Docs automation when triggered by Dependabot

Open dreamorosi opened this issue 1 year ago • 2 comments

Summary

As part of our PR merged workflow we have a step that builds and publishes the latest version of the documentation. The automation seems to be failing to retrieve AWS credentials whenever it's triggered by a PR merged by Dependabot (i.e. using @dependabot merge and letting the tool merge the PR).

We should review this case and assess if it's possible to fix this in a secure way.

Why is this needed?

So that the documentation can be rebuilt and published whenever there's a change related to dependencies that is triggered by Dependabot.

For example: Dependabot opened a PR to update a dependency related to the docs and we want to publish a new version that uses the new version.

Which area does this relate to?

No response

Solution

No response

Acknowledgment

Future readers

Please react with 👍 and your use case to help us understand customer demand.

dreamorosi avatar Jan 18 '24 10:01 dreamorosi

This is because depenadbot can't access secrets when the PR is merged by dependabot into main. We mostly use a comment @dependabot merge and not merging outselfs. A simple solution would be to merge manually, thus having the permissions to access secrets when PR is merged. I don't see a need to allow dependabot to access secrets.

am29d avatar Jan 22 '24 12:01 am29d

Yes, I agree with you actually.

I think we should enable merge queues instead, so we can review and queue the PR and it would follow a similar flow.

My request of using @dependabot merge was to tell the bot to merge whenever checks were green, so that would work similarly I think.

dreamorosi avatar Jan 25 '24 12:01 dreamorosi

This is no longer an issue - closing.

dreamorosi avatar Jul 29 '24 07:07 dreamorosi

⚠️ COMMENT VISIBILITY WARNING ⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions[bot] avatar Jul 29 '24 07:07 github-actions[bot]