Comments (5)
can you share your github action workflow in which you added this action in? most likely it's being triggered on multiple events ..
from action-dependabot-auto-merge.
I don't know, it's in a private repository, can I share that? If you just want the file, it looks like this:
# This is a basic workflow to help you get started with Actions
name: CI
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
branches: [ master ]
pull_request:
branches: [ master ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- uses: ahmadnassri/action-dependabot-auto-merge@v2
with:
github-token: ${{ secrets.DEPENDABOT_AUTO_MERGE }}
Also, the latest build that ran automatically in response to a new Dependabot PR has a different error message:
/action/node_modules/@actions/core/lib/core.js:94
throw new Error(`Input required and not supplied: ${name}`);
^
Error: Input required and not supplied: github-token
at Object.getInput (/action/node_modules/@actions/core/lib/core.js:94:15)
at file:///action/index.js:28:15
at ModuleJob.run (node:internal/modules/esm/module_job:154:23)
at async Loader.import (node:internal/modules/esm/loader:166:24)
at async Object.loadESM (node:internal/process/esm_loader:68:5)
from action-dependabot-auto-merge.
the file itself shared here is good enough to indicate what the issue is
- you have a workflow that runs on both
push
andpull_request
this action is meant to turn on PRs from dependabot, so thepush
event is an extra trigger and it errors out to prevent any issues as it's not supposed to be used withpush
. - recently github made a security change, where
pull_request
events no longer have access to secrets, hence the new error you're seeing. please read this issue #60 CAREFULLY and switch to usingpull_request_target
instead.
again: READ CAREFULLY as switching to pull_request_target
has security implications you should be aware of.
in the meantime, I'm working on a whole refactor that would make this cleaner and easier, so keep an eye out for future updates.
from action-dependabot-auto-merge.
OK thanks very much. This was my first time with GitHub Actions, so I didn't realise I was supposed to change the triggers myself!
I think maybe auto-merging Dependabot PRs for this project might be a bad idea after all, thanks to some weird issue I just had with Expo seeming to expect certain packages. I think I'll go back to manually approving.
from action-dependabot-auto-merge.
no worries, glad I could help.
from action-dependabot-auto-merge.
Related Issues (20)
- Wait for check suite to complete successfully before approving
- Enable arm images with Docker HOT 1
- Option to assign reviewer if update is outside semver range
- Can't parse title for new multi-package Dependabot PRs
- Shared configuration file support
- TypeError: Cannot read properties of undefined (reading 'createReview') HOT 14
- Issue pulling docker image HOT 4
- approve-only switch HOT 3
- Error: Nor found HOT 3
- Merge queue support HOT 2
- Add option to customize the username HOT 1
- Issue with github-token HOT 5
- Consider combining this action with `dependabot/fetch-metadata` to support multi-dependency updates HOT 2
- failed to parse title: no recognizable versions HOT 5
- Manual merge required even though update_type: all HOT 1
- Target minor fails to automerge pip from 23.3 to 23.3.1
- Target minor fails to automerge 2.0.0rc2 to 2.0.0rc3
- enable automerge for renovate as well
- Auto-merge pre-commit-ci
- Error: Resource not accessible by integration
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from action-dependabot-auto-merge.