I would like to know if there's a way of protecting specific branches from random people that wants to contribute to a project.
For example:
I've master, develop and beta branches in my project and sometimes people create pull request targeting master or even beta. What I would like is that, when they create their pull request only the develop branch can be the selected (aka "Base" on github)
Is this possible ?
Similarely to the GitHub Action (workflow set on GitHub server side) "hmarr/auto-approve-action", you can write then set-up an "auti-reject action".
name: Auto approve
on: pull_request_target
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: <you>/auto-reject-action#v1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
That action would automatically reject a PR done with, as a target, a branch you would not approve of.
await client.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: prNumber,
event: "REJECT",
});
core.info(`pull request #${prNumber} done on the wrong branch`);
Related
In our github repository, we have set up a protected environment named Sandbox, for which the main branch is the only allowed deployment branch. Now we want to deploy automatically to that environment if a pullrequest is merged into main (and the if the pullrequest in addition bears the label "Sandbox").
Our workflow is roughly as follows:
name: Pull Request Merged
concurrency:
group: ${{ github.ref }}
on:
pull_request:
types: [closed]
jobs:
deploy_to_sandbox:
if: |
github.event.pull_request.merged == true &&
contains(github.event.pull_request.labels.*.name, 'Sandbox')
name: Deploy to Sandbox
uses: ./.github/workflows/deploy.yml
with:
environment: Sandbox
secrets: inherit
The workflow is triggered as expected upon merging a PR, but somehow it tries to deploy from the feature branch instead of deploying from main. Since the environment is protected, the deployment fails accordingly. How can we achieve that the deployment uses the target branch (i. e. , main) that was merged into, instead of the source branch?
There’s no way to specify that a workflow should be triggered when a pull request is merged. the reason why it's the feature branch that gets deployed is because it's the one that triggers the workflow. However, because a merged pull request always results in a push, you can use the push event to accomplish your goal.
For example, let’s say that you want to run a workflow whenever a pull request is merged to your main branch. You can do something like this:
on:
push:
branches:
- main
also if you want to prevent push directly to main it's part of github pro plan.
GitHub Actions support running workflows for pull requests targets specific branches but the names of the branches must be specified, thus if we want it to run on repositories with default branch named main:
pull_request:
branches:
- main
I'm wondering if there's a way to share the same workflow across multiple repositories without the need to asking each repositories to specify their default branch name, and the workflow can work upon renaming default branches. Is there a way to just run the workflow upon pull requests to default branch without specifying all the possible default branch names across these repositories as below?
I want to avoid:
pull_request:
branches:
- main
- master
- develop
- dev
- i-dont-know-what-else
- ${{ remember-to-update-this-after-renaming-default-branch }}
I've tried listing all possible default branch names and use a variable but these are not elegant.
You can achieve this with the conditional github.ref == github.event.repository.default_branch.
Here's an example which only runs when a PR is merged into the default branch.
on:
pull_request:
types:
- closed
jobs:
example:
if: github.event.pull_request.merged && github.ref == github.event.repository.default_branch
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
I'm looking on a way to trigger a GitHub pipeline ONLY on successful pull request merge.
I have to move from Azure DevOps where I had some arguments like these:
condition: and(succeeded(), eq(variables['Build.Reason'], 'PullRequest'))
But I can't seem to find a way to do something similar on GitHub
EDIT:
So
on:
pull_request:
types: [closed]
jobs:
on-success:
if: ${{ github.event.pull_request.merged }}
steps:
- name: my-step
run: echo "Hello World!"
Works but only on manually accepted PRs, which is not what I need.
The answers should work with git CLI if you do:
git checkout main
git merge dev
and then accept the changes and commit+push
Then the actions should be triggered and these last answers doesn't work with that.
The try using this to double check for sucess.
on:
pull_request:
types: [closed]
branches: [main]
jobs:
on-success:
if: ${{ github.event.pull_request.conclusion == 'success'}}
steps:
https://docs.github.com/en/github-ae#latest/actions/using-workflows/events-that-trigger-workflows#running-your-workflow-when-a-pull-request-merges-1
on:
pull_request_target:
types:
- closed
jobs:
if_merged:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- run: |
echo The PR was merged
IMHO you cannot do this.
When you're running git merge you're just merging branches in git, you're not merging a Pull Request in GitHub. Git is the underlying version control system used by GitHub, but git itself has no concept of pull requests.
If you want to trigger a GitHub action, you need to generate an event on the GitHub pull request, therefore you need to use github's own CLI, not git CLI. See gh pr merge https://cli.github.com/manual/gh_pr_merge
You can use push trigger. Please refer to https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
On the branch that the Pull request will be merged, you can add the condition and it will get triggered.
Ex:
on:
push:
branches:
- 'main'
- 'releases/**'
I have a repository with Dependabot in it, that opens PR on version updates, etc which I would like to keep.
In the same repository, I have a GitHub Action for Pull Requests for my team to use.
My issue is that the Dependabot keeps triggering the Pull Request action no matter what I tried.
My PR action have to be triggered on staging branch pull requests, like so:
name: Pull Request
on:
pull_request:
branches:
- staging
So I can't use both on pull_reuqest AND branches_ignore - as stated in the documentation
Workflow attempts I have tried so far that unfortunately haven't worked:
name: Pull Request
on:
pull_request:
branches:
- staging
- '!dependabot/**'
name: Pull Request
on:
pull_request:
branches:
- staging
jobs:
Build:
if: github.actor!= 'dependabot-preview[bot]'
name: Build
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout#v2
I have also tried excluding the Dependabot user like so:
if: github.actor!= 'depbot'
Would love some insights or answers on how you have dealt with this issue.
Thanks!
I guess there were many changes over the years and you can find outdated ways all over the web. The actual way is documented in the Dependabot documentation
if: ${{ github.actor != 'dependabot[bot]' }}
Note that nowadays you can also check the github.triggering_actor - if you want workflow to be skipped if Dependabot triggered it, but want to be able to manually trigger it on a PR that was opened by Dependabot
I'm trying to wrap my head around GitHub actions as well as how YAML is parsed.
For obvious reasons, I'd like to make use of actions already available on the marketplace. This is what I have so far..
- name: Bump Version
on:
pull_request:
branches:
- main
jobs:
bump-patch:
runs-on: ubuntu-latest
steps:
- name: Get current package version
uses: martinbeentjes/npm-get-version-action#v1.1.0
with:
# Path to package.json file (directories only), e.g. packages/mypackage/
path: ./
- name: Bump Patch Version
uses: jessicalostinspace/bump-semantic-version-action#v1.0.1
with:
semantic-version: 1.0.0
version-type: PATCH
So a few obvious things.. I need to read the current package/bower version in order to Bump it correctly with the action. I also need to make sure the branch in the PR is the one that gets updated and commits the change to that branch. Additionally the action should only run depending on the user who opened the PR.
The question:
Is it even possible to do this with GitHub actions or would a github app/service be better suited?