Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dependabot labeled PRs do not add to project #518

Open
gkwan-ibm opened this issue Mar 5, 2024 · 8 comments
Open

dependabot labeled PRs do not add to project #518

gkwan-ibm opened this issue Mar 5, 2024 · 8 comments

Comments

@gkwan-ibm
Copy link

I created a action:

name: Add PRs to Dependabot PRs dashboard

on:
  pull_request:
    types:
      - labeled

jobs:
  add-to-project:
    name: Add PR to dashboard
    runs-on: ubuntu-latest
    steps:
      - uses: actions/add-to-project@v0.5.0
        with:
          project-url: https://github.com/orgs/...
          github-token: ${{ secrets.ADMIN_BACKLOG }}
          labeled: dependencies

This action works to add the PR to the project if I manually add the dependencies label.
But, the dependabot created PRs (the Bump PRs) do not automatically add to the project.

@gkwan-ibm
Copy link
Author

Seems to be this reason.

Error: Input required and not supplied: github-token

@gkwan-ibm
Copy link
Author

The dependabot creates branch and PR in the repo, not from a fork, why the above action does not work?

@gkwan-ibm gkwan-ibm changed the title dependabot labeled PRs do not add to the project dependabot labeled PRs do not add to project Mar 5, 2024
@surchs
Copy link

surchs commented Mar 19, 2024

from the docs: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow

When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.

So if you want to respond to events that are triggered by bots you have two options:

@gkwan-ibm
Copy link
Author

The token I used is my personal token. Again, manually label PR works fine.

The question is "Why the dependabot labeled PRs (the Bump PRs) does not work?"

@surchs
Copy link

surchs commented Mar 19, 2024

The token I used is my personal token

ah, my bad

Why the dependabot labeled PRs (the Bump PRs) does not work?

you cannot have a bot apply a label and then have the https://docs.github.com/en/webhooks/webhook-events-and-payloads?actionType=labeled#pull_request event trigger another workflow. So likely your issue is that the label is applied by dependabot. Our workaround is as I mentioned to have a cron job do this: https://github.com/neurobagel/planning/blob/3790a983b3c6aacf7eaabef05895b68cd200b99a/.github/workflows/global_move_bot_pr_to_board.yml

@gkwan-ibm
Copy link
Author

How's about opened? I tried it and also not work. Same reason?

on:
  pull_request:
    types:
      - opened

@mikebell
Copy link

@surchs did you find another solution to this? I had a look round some of the neurobagal repos and I can see your not using it anymore. Did it not work as expected? I'm currently trying find a solution to adding dependabot prs from around 20-30 repos to a project.

@surchs
Copy link

surchs commented May 28, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants