What happened?
Technically, this line identifies bots, but it comes with a design bug (or even more):
|
let isBot = context.payload.sender.type === 'Bot' |
For the record, bots get a pass from signing off on their commits.
The isBot
verification is being performed per handler request, and not per commit in the request.
As it is currently designed, for PRs with mixed commits, i.e. commits sourced by bots and commits sourced by humans, the isBot
is based on the last commit.
An example I came across, a new PR was opened by dependabot
, the pr-signed-commits
workflow passed but some other workflow of mine had failed on account of the change brought forward by depenedabot
's dependency update.
Once I resolved and pushed it to the PR, my other workflow was passing, but pr-signed-commits
workflow was now constantly failing because the last commit was from my user, and I'm not a verified bot, so the handler expected dependeabot
to signed off on its commits as well.
That being said, even though the handler is not supposed to expect bots to sign off on their commits, dependabot
does!
So although cases like the example I described above are in fact a bug and shouldn't happen, when it does happen, for some reason (allegedly another bug), the handler is not able to verify dependabot
's sign-off trailer.
Please provide runtime information.
Irrelevant.
Relevant log output
An example of a commit message by `depenendabot`, which the handler wasn't able to pick up on its sign-off trailer:
build(deps-dev): bump flake8 from 4.0.1 to 5.0.1
Bumps [flake8](https://github.com/pycqa/flake8) from 4.0.1 to 5.0.1.
- [Release notes](https://github.com/pycqa/flake8/releases)
- [Commits](PyCQA/[email protected])
---
updated-dependencies:
- dependency-name: flake8
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <[email protected]>
How can this issue be reproduced?
- Wait for a PR by
dependabot
- Verify the
pr-signed-commits
handler passes
- Add a commit of your own
- Verify the
pr-signed-commits
handler fails