thomaseizinger / github-action-gitflow-release-workflow Goto Github PK

Our release workflow is currently broken: https://github.com/thomaseizinger/github-action-gitflow-release-workflow/actions/runs/3065049502/jobs/4948757562#step:9:17

Find issues that match the name and have a release label

Wasn't sure how to raise this with you, but one of your comments in https://blog.eizinger.io/12274/using-github-actions-to-automate-gitflow-style-releases is out of date / incorrect.

It is important to note that GitHub actions does not trigger events for actions that have been performed by a GitHub workflow. A GitHub workflow that pushes a branch (like in our case) will not trigger the push event. Unfortunately, that means we cannot use GitHub actions to build your release/* branches and we will have to use a 3rd party CI system like Travis, or CircleCI. ↩

The block on triggering events is only for secrets.GITHUB_TOKEN, and is intended to stop infinite events. You can get around this by using a PAT. See https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token

It's actually very simple using the checkout action, where

The auth token is persisted in the local git config

so no other config is needed for subsequent steps to trigger other workflows, E.g.

      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
          token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }}

      - name: create release branch
        run: git checkout -b release/...

      - name: push release branch
        run: git push origin release/...

      # workflows that trigger on: push to release/* will run

ps. thanks very much for your blog and actions, they're very useful.

See #43 (comment).

i.e. is not a fork of the original one

Hey! I was using your workflows as a template and noticed that the publish release workflow will run and fail for any non-release PR that's merged in (failing because it doesn't match the expected release/<version> branch name when trying to parse the version). We could add a startsWith check to the if block at the beginning to skip the workflow if the merging branch isn't a release/<version> branch; I'll put in a quick PR with what I used if you'd like to look.

Thanks for all the great workflows!

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

first of all, thank you for creating this.

When it is on "create pull request" step, I got an error like

Error: Review cannot be requested from pull request author.

Any idea how to solve it?