Error: action triggered outside of a pull_request about action-dependabot-auto-merge HOT 5 CLOSED

can you share your github action workflow in which you added this action in? most likely it's being triggered on multiple events ..

from action-dependabot-auto-merge.

I don't know, it's in a private repository, can I share that? If you just want the file, it looks like this:

# This is a basic workflow to help you get started with Actions

name: CI

# Controls when the workflow will run
on:
  # Triggers the workflow on push or pull request events but only for the master branch
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  build:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2

      - uses: ahmadnassri/action-dependabot-auto-merge@v2
        with:
          github-token: ${{ secrets.DEPENDABOT_AUTO_MERGE }}

Also, the latest build that ran automatically in response to a new Dependabot PR has a different error message:

/action/node_modules/@actions/core/lib/core.js:94
        throw new Error(`Input required and not supplied: ${name}`);
              ^

Error: Input required and not supplied: github-token
    at Object.getInput (/action/node_modules/@actions/core/lib/core.js:94:15)
    at file:///action/index.js:28:15
    at ModuleJob.run (node:internal/modules/esm/module_job:154:23)
    at async Loader.import (node:internal/modules/esm/loader:166:24)
    at async Object.loadESM (node:internal/process/esm_loader:68:5)

from action-dependabot-auto-merge.

the file itself shared here is good enough to indicate what the issue is

1. you have a workflow that runs on both push and pull_request this action is meant to turn on PRs from dependabot, so the push event is an extra trigger and it errors out to prevent any issues as it's not supposed to be used with push.
2. recently github made a security change, where pull_request events no longer have access to secrets, hence the new error you're seeing. please read this issue #60 CAREFULLY and switch to using pull_request_target instead.

again: READ CAREFULLY as switching to pull_request_target has security implications you should be aware of.

in the meantime, I'm working on a whole refactor that would make this cleaner and easier, so keep an eye out for future updates.

from action-dependabot-auto-merge.

OK thanks very much. This was my first time with GitHub Actions, so I didn't realise I was supposed to change the triggers myself!

I think maybe auto-merging Dependabot PRs for this project might be a bad idea after all, thanks to some weird issue I just had with Expo seeming to expect certain packages. I think I'll go back to manually approving.

from action-dependabot-auto-merge.

no worries, glad I could help.

from action-dependabot-auto-merge.