dependabot
Using Dependabot Labels and Github Actions cancel-in-progress: true can cause status checks to stall
Is there an existing issue for this?
- [X] I have searched the existing issues
Package ecosystem
n/a
Package manager version
n/a
Language version
n/a
Manifest location and content before the Dependabot update
n/a
dependabot.yml content
n/a
Updated dependency
n/a
What you expected to see, versus what you actually saw
Similar to https://github.com/orgs/community/discussions/77942#discussioncomment-9871910
We are running into this a ton over the last few days when dependabot labels a new PR using the label syntax from the config
When you have a github action linked to the PR with this:
# Will run on the following PR events:
on:
pull_request:
types:
- opened
- edited
- reopened
- synchronize
- labeled
- unlabeled
# Cancel other in progress runs of this workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
This is because Dependabot both opens the PR and attaches label at same time, so multiple github action runs are queued
The cancel-in-progress code from github actions picks one at random (As they are simultaneous) to run, which doesn't match always the latest one that status checks are looking for
And thus, we keep getting PRs stuck from merging (As these are required checks) when we use the combo of labeling from dependabot and cancel-in-progress: true and required checks
Any solutions/work arounds?
Native package manager behavior
n/a
Images of the diff or a link to the PR, issue, or logs
n/a
Smallest manifest that reproduces the issue
n/a
