z0al / dependent-issues Goto Github PK

Can the comment footer be either configurable or at least more compact? I.e. can the separating line:

💡 To add or remove a dependency please update this issue/PR description.

Brought to you by Dependent Issues (robot ). Happy coding!

be removed so the footer takes 2 instead of 3 lines? Or even better, can it be compacted into just one line, like:

💡 Dependent Issues: To add or remove a dependency please update this issue/PR description.

PS: the trailing space in "robot" is not needed (and I think "bot" fits here better than "robot").

I'd like to limit the permissions of the dependent issue job in the workflow?

Could you help me understand what are the minimum permissions required for checking for dependent pull-request? This includes pull-requests from branches internal to the repository as well as forks.

Hi,

The default message is too spammy in my taste, I much prefer a minimal clean comment as seen in https://github.com/Levi-Lesches/blocking-issues

I have created a fork that adapts Dependent Issues to something similar: https://github.com/mandolaerik/dependent-issues

Would it make sense to at least make this configurable?

https://github.com/berty/berty/pull/3143/checks?check_run_id=2084969829

I regularly need to manually relaunch this failing GitHub action, can you give a look at what is happening and if possible update your script in order to not mark a PR as failed when you've internal errors? (if you don't like this default behavior, maybe you can add an option to force this behavior)

Thank you!

Copied definition from readme, replaced secret with my own, which I already use for different hook (this other hook runs just fine).

But I'm still getting this error no matter what I try. Even if I replace the secret with hardcoded random value I still get this error

Hello,

I wonder if your bot could work by Pull Requests instead of issues as not everyone uses Github issues

Thanks

Hi, I just added this workflow to a repo and for some reason it's commenting twice on each issue? Here's an example and here's another

I'm currently using a template like this:

Warning
Pull request will not be mergeable until its dependencies are resolved.

Dependencies:

• yada yada
• this that

and it would be nice to be able to show something different once all the dependencies were to make sure its clear the comment & check are in sync:

✅ All dependencies have been satisfied 🎉

Dependencies:

• yada yada
• this that

So being able to specify a 'success' comment would be great!

Can you add unconditional blocker to your action? If description contains specified string, then PR is blocked as long as this keyword exist. I'd then have and use i.e. DO_NOT_MERGE

The issue is in the same repository.
Here are the used config:

name: Dependent Issues

on:
  issues:
    types:
      - opened
      - edited
      - closed
      - reopened
  pull_request_target:
    types:
      - opened
      - edited
      - closed
      - reopened
      # Makes sure we always add status check for PRs. Useful only if
      # this action is required to pass before merging. Otherwise, it
      # can be removed.
      - synchronize

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: z0al/dependent-issues@v1
        env:
          # (Required) The token to use to make API calls to GitHub.
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # (Optional) The token to use to make API calls to GitHub for remote repos.
          GITHUB_READ_TOKEN: ${{ secrets.ASSEM_REPO_ACCESS_FOR_ACTIONS }}

        with:
          # (Optional) The label to use to mark dependent issues
          label: dependent

          # (Optional) Enable checking for dependencies in issues.
          # Enable by setting the value to "on". Default "off"
          check_issues: off

          # (Optional) A comma-separated list of keywords. Default
          # "depends on, blocked by"
          keywords: depends on, blocked by

Scenario:

feature A depends on feature B

I make PR to master from B and then make another PR to master from A.

Usually what happens at this point is that if I go and review the file changes in A I will see the changes from B plus the changes of A.

The desired/expected behavior with this bot would be that If I go to the file changes of A I should not see the changes from B.
Is this the behavior of this bot?

We've just added this to our repo but unfortunately it doesn't seem to work.

The "Checking #PR" step aborts with Error: Resource not accessible by integration
See: https://github.com/raiden-network/raiden/runs/1486971356?check_suite_focus=true

dependabot issues are ignored, with https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ as justification — however that blog post says that jobs run with pull_request_target from a dependabot PR do get a read-write token.

I checked this on submariner-io/lighthouse#608 and as you can see, dependent-issues was able to add its comment.

Would it be possible to remove the check? Or am I misunderstanding the issue?

I want to track the dependencies of e.g. feature requests by the community. Thus, I can/want to add a comment with Depends on #123 to make dependencies.

As far as I understand the code of this action, only the major body of the issue (aka the feature request itself) is checked for the keywords. I just get the message No dependencies found. Running clean-up for all issues.

If this is out of scope of this action it would be useful to state that in the action description as I thought it should work but only after having a glance at the source, I am pretty (?) sure, it is not implemented.

I have setup a workflow that runs this action. The check created by this action is required for the branch protection. I tried using the new merge queues but the queue fails to recognise the check created by this action, even if the correct workflow trigger is set (there is a new merge_group: trigger).

Repeatedly saw this error in a workflow run:

HttpError: Not Found
    at /home/runner/work/_actions/z0al/dependent-issues/v1/webpack:/dependent-issues/node_modules/@octokit/request/dist-node/index.js:86:1
    at processTicksAndRejections (internal/process/task_queues.js:97:5)

Using latest version.

I wonder if it would be useful to have this bot manage backreferences: If in PR #12 I say it depends on PR #10, then the bots’ comment at #10 could maybe say something like

The following PRs are depending on this one…

and/or a label blocking-other-PRs could be added to #10.

The main documentation of the workflow is outdated. The ignore_dependabot seems no longer be a valid input option. Also the example is referencing an old version (@v1) of the workflow.

I get this error HttpError: API rate limit exceeded for installation ID 9256508 on all our workflows after i added this workflow to our repo. It tries to check every open issue and PR for dependencies and i assume that is the reason why we are exceeding the api limit.

i had these usecases in mind when i merged over the workflow in our repo.

1. PR1 is dependent on PR2 (PR2 has to be merged/closed first in order to get PR1 merged). This one is pretty straight forward.

2. PR1 is dependent on issue1 (issue1 has to be closed first in order to get PR1 merged). This can be helpful when someone already created PR1 but u want issue1 to get addressed first but nobody has created a PR for it yet.

3. issue1 is dependent on PR1 (PR1 has to be merged/closed first in order to close issue1). This can be helpful when somebody forgets to link PR1 as dependency when they create PR2 for issue1

4. issue1 is dependent on issue2 (issue2 has to be closed first in order to close issue1). This can be helpful when there are no PR's yet that addresses one of the issues.

Are the usecases above valid for this workflow? if so is there a way to not hit the api limit so fast?

edit: i've just closed an issue because it was a duplicate and the workflow ran and gave the error again https://github.com/FreeTubeApp/FreeTube/runs/5979395780?check_suite_focus=true

why did it ran the workflow and can i prevent this?

Copy pasted the example workflow yaml in the README, got this warning in github run logs on "set up jobs" step.

I see the following error on my runs:

Node.js 12 actions are deprecated. Please update the following actions to use Node.js 16: z0al/dependent-issues@v1. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

It looks like we would need to bump to node v. 16.

Is there a way to allow this action to be able to see the issues and PRs of private repos that I have access to?
I've tried using a Personal Access Token that has these permissions:

But this still doesn't work; the action still fails with Error: Not Found.
Any tips on what I'm doing wrong?

A question about this cool GitHub Action. I'm trying it out in a throwaway repo I have, and I tested it here:

mathomp4/labeltest#6

In this repo, I made main a protected branch, and set Dependent Issues as a required status check under the branch protections. So I had two PRs (5 and 6) and closed and merged 5. And eventually the bot seemed to report to 6 that 5 closed. I then created a new PR, 7:

mathomp4/labeltest#7

and after opening it, I added a comment saying "Blocked by 6". This didn't seem to trigger the bot.

So I guess my question is: is this one of those actions that only the daily crontab sweep will pick up? Maybe there's something I can add to the pull_request_target to act on... pull request comments?

Hello, a month ago, I played a bit with your action. I found out, that its possible to use a repository disptach to trigger the workflow from another workflow by using a PAT. What about adding this to the Readme.md? Here is an example. And the handler for that can be found in the main project

I hope you like that idea.
luwol03

Hi @z0al!

Thank you for this nice action! I'm trying to use it but I'm getting the following error:

I've verified and confirmed that the secret is available to use in the action. Can you please share any tips or point me in the right direction to solve this issue? Thank you!!

To make the setup of the action for cross-reporsitory-dependencies a FAQ with a short description is desired.

See #83 (comment)