Comments (12)
As a side note, I re-discovered dependabot/feedback#86, and am talking to the folks who own branch protection rules about how we can get Dependabot added.
from fetch-metadata.
Odd, it seems like something is wonky with the PR automerge feature. I can reach out to that team and see if they have any thoughts!
from fetch-metadata.
Is there something I can do about this? When I try to add Dependabot to the list of apps allowed to push to master, it doesn't show up.
This just came up in the context of codeowners, so I'll see if I can work with that team to see what we can do about allowing Dependabot to push to restricted branches
Separately the PRs merged by Dependabot are not being closed nginxinc/nginx-asg-sync#108 is this the expected behavior?
Unfortunately this is a known issue with the UI displaying the right state :(
I've been chatting with the team on how to prioritize getting that fixed.
from fetch-metadata.
At this point it looks like the problem is more of "we should show an error rather than hang forever", as I think adding Dependabot as a trusted actor is going to be a bit more work.
from fetch-metadata.
dependabot/dependabot-core#2480
from fetch-metadata.
👋🏻 @lucacome I'm going to close this out as we are tracking this in core since it is a problem with the service vs protected branches.
Unfortunately I don't have anything to share on this right now.
from fetch-metadata.
Thank you so much @asciimike . Yes, that would be great any additional insight you can get I'd appreciate.
from fetch-metadata.
@asciimike it seems like Dependabot can't merge to a protected branch, I tried removing the protection and it started merging the PRs. Is there something I can do about this? When I try to add Dependabot to the list of apps allowed to push to master, it doesn't show up.
Separately the PRs merged by Dependabot are not being closed nginxinc/nginx-asg-sync#108 is this the expected behavior?
from fetch-metadata.
For what it's worth I reached out to GitHub Support about this issue about a month ago. Here's what they said:
The default authentication tokens used by GitHub Actions belongs to user github-actions[bot]. It seems that you've enabled the "Restrict who can push to matching branches" rule. The default GitHub Actions actor does not have the permission to push (merge or commit) to the protected branch.
You may need to make a few changes in your Actions workflow file. First, you will need to create a personal access token (PAT) for user with either admin permissions or a user with write access who's been granted push permission to the protected branch of the repository (Step 12 in this help doc article):
https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token
You can change this default value by setting the environmental variable GITHUB_TOKEN to the access token that you created in the previous step.
You'll need to create a repository secret giving it a name e.g "GITHUB_TOKEN" with the actual token as its value. See here how to create secrets and use them in a GitHub Actions workflow file:
https://docs.github.com/en/actions/reference/encrypted-secrets
Though I would have rather granted github-actions[bot]
write access to our repo, they said that was not possible. I followed their advice instead and it's been working for us, though I'd love a simpler solution.
from fetch-metadata.
Though I would have rather granted github-actions[bot] write access to our repo, they said that was not possible.
Agreed, the PAT solution is pretty ugly :(
from fetch-metadata.
@asciimike any updates on this?
from fetch-metadata.
Thanks for the update @brrygrdn !
from fetch-metadata.
Related Issues (20)
- Fetch Metadata action returns null update-type output for pull requests HOT 14
- Auto-merge not adhering to Branch Protection Rules HOT 3
- Error: Api Error: (404) Not Found HOT 1
- Package ecosystem output for gitsubmodules PRs is inconsistent with dependabot.yml
- `new-version` has trailing whitespace
- Allow for additional event types / Ignore "pull-request"+"pull-request-target" event types? HOT 1
- Support `newVersion` and `prevVersion` for updates with multiple dependencies HOT 2
- Error: github-token is not set! Please add 'github-token: "${{ secrets.GITHUB_TOKEN }}"' to your workflow file. HOT 1
- Add `severity` to the action outputs
- Add alert number to outputs HOT 1
- Alert metadata lookup not working as expected HOT 2
- `fetch-metadata` action returns `/` for directory output HOT 1
- `fetch-metadata` can not fetch metadata when using `workflow_run` event HOT 1
- Directory name is not properly extracted from branch name when using `-` separator. HOT 1
- Multi-segment directory name malformed when using non-standard separator.
- github actor is not dependabot when rerunning the job HOT 1
- Dependabot "update-type" not available in metadata retrieved for PR HOT 6
- Dependabot runs fail due to strict node and npm pinning HOT 5
- Include "outputs.publish-date" HOT 1
- output directory set to target branch name HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fetch-metadata.