The context is as follows: -
I configure my GitHub CI workflow file (the YAML file) such that the workflow runs only when there are changes to certain directories:
name: testing
on:
pull_request:
branches:
- develop
paths:
- 'dir_1/**'
- '!dir_1/README.md'
- 'dir_2/**'
- '!dir_2/README.md'
I have set a branch protection rule on the develop branch that makes a merge into it possible only when the status checks are successful.
Now when I create a branch based off of the develop branch, make some changes to dir_3 (please note it is different from dir_1 and dir_2 mentioned in the YAML file code snippet), push that branch and create a pull request, GitHub expects status checks to be completed and merging is blocked till the time they are, as follows:
When I check the Actions tab, I find no action running.
So the merging is blocked indefinitely. I think that's because the branch protection rule and the YAML file code snippet contradict each other (the branch protection rule is waiting for the status check to be completed but due to the restriction in the YAML file, no status check is run). I have the following questions: -
Is my reasoning correct?
If yes, is there a way to protect certain subdirectories of a branch instead of the whole branch on GitHub? I want to allow merging if the 'protected subdirectories' are unchanged.
If the answer to 1 is yes and 2 is no, is there some other way to allow merging if the subdirectories not specified in the YAML file are changed (while retaining the branch protection rule)?
Thank you for taking the time to read the question.
On Googling the question, I found this result but it wasn't very helpful.
One of my office colleagues suggested an alternate solution to the above problem. Using paths-filter action instead of using the paths or paths-ignore key as mentioned in the Github Actions documentation solves the problem. So if the changed path is not supposed to trigger a step in a workflow, the step will be shown as skipped while running the tests and GitHub will not wait indefinitely for the tests to finish running (i.e. it will show that the pull request can be accepted).
This problem is also described in this comment of the issue. My colleague has posted the solution as a comment in the same issue. You can refer to it to see how the paths-filter action can be used to solve the above issue.
If someone has a better solution to solve this problem, please do post it. For now, I am marking this as the accepted solution. Thank you.
Related
I am wondering if there is any way to do the following. Say I have an "open data" repo, which allows people to submit content. The repo saves all the data, and the changes to the structured JSON/YAML is reviewed in a PR. But then because I am in a serverless system (like Vercel), I need to upload the changes to the data to the production database, on merge of the branch. So there should be required a custom data migration in the PR, which runs when the PR is approved and merged.
How can that be accomplished? All I can imagine as a solution is having a special "code block" in markdown with some JSON config explaining what script to run for the data migration, and you add that marked code snippet as a comment to the PR, then parse the PR comments and figure out what script to run from that. But that would be of course (seemingly) a super hack, so is there a right way to do something like this?
The other option is to have to run the script/command manually after you merge the PR, but ideally there would be a more automatic way of doing it.
GitHub itself can run code on various events through actions. Actions are configured through YAML files in the directory .github/workflows in the repository. Some actions relative to a branch use the workflow files from that branch, while “global” actions use the workflow files from the default branch (typically called main, or master for older repositories).
For example, this workflow runs bin/update-production-database whenever the main branch is updated (whether from a pull request merge or by pushing directly):
name: Update database
on:
push:
branches:
- main
jobs:
update-database:
runs-on: ubuntu-latest
steps:
- run: bin/update-production-database
See more examples in Deploying with GitHub Actions. To pass the credentials needed to access the database, set up an encrypted secret.
To only run the job on a PR merge and not on other pushes, see Running your workflow when a pull request merges.
If you use Vercel (which I know nothing about), it claims it “automatically deploys your GitHub projects” so there may be a built-in solution there (either using actions so that the trigger comes from GitHub, or using some Vercel-owned server which polls GitHub).
I'm using github actions cache for persisting remotely downloaded dependencies from tests across CI executions. https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows
The issue I'm having is that I only want the action write to the cache when it's running on the push action on the master branch. If the action is a pull_request, I'd like it to read from the cache, but not write to it.
The reason for this is that caches that are originated from master are mostly reusable for any PR, but caches generated from a PR may not be super useful for other CI invocations because the code is yet to be reviewed and the developer may be trying out things which may just mess up the cache for other invocations.
Right now I'm doing something like this
- name: Cache packages
uses: actions/cache#v3
with:
key: 'cache-${{ github.event_name }}'
restore-keys: |
cache-push
path: |
/path/to/cache
This way I have 2 cache keys, one for PRs and one for master, master will always use the cache from he previous master invocation because it will only match cache-push, but prs will use a different key, cache-pull_request and fallback to cache-push if it doesnt exist. This way master pushes never use a cache that was generated from a pr, only caches that were generated from the previous master push.
Ideally I'd like the cache-pull_request key to not even exist and just have PRs use cache-push but not write to it at the end of the execution. Is this possible?
EDIT: Github Actions now officially supports this as of version 3.2.0!
Original comment:
I've been looking for the same thing and unfortunately it does not seem to be possible. There are open PRs and issues in the repo on Github
https://github.com/actions/cache/pull/489
So until it get merged or implemented in some other way it is not a possibility with the official Github cache workflow.
I also noticed that this PR had been closed
https://github.com/actions/cache/pull/474
The author closed it himself due to inactivity, but forked it to another repo and implemented it there. See https://github.com/MartijnHols/actions-cache
I have not used this repo myself but it might be worth checking out
Check actions/cache/restore#v3 and actions/cache/save#v3.
You can restore or save cache separately.
To keep it short, I'm using a script in Azure DevOps that generates a pull request automatically every time a new branch is pushed to the repository.
Said script enables the pull request "auto-complete" funcionality, which lets me merge code using GIT after I complete all the branch policies. I have only one branch policy enabled, which compiles my code and checks whether it should complete the pull request or not, based on the pipeline compilation results.
Everything was working fine before one week ago, people pushed their branches normally and ADO automatically created the PR, build checked, merged and auto-completed the PR, as my only branch policy had always been met.
Now even all branch policies are met, the PR is stuck and won't auto-complete for some reason, even after the build compilation turns out as success and there are no merge conflicts.
If I click on approve, it then begins to complete automatically as it should. However, this manual step was never necessary for the PR to finish, nor I have a branch policy that demands an approval to complete the PR.
This is affecting all the projects in my ADO organization, so it may not be a configuration problem.
Maybe anyone has stumbled across the same problem?
Edit: Microsoft is looking at the issue: https://developercommunity.visualstudio.com/t/Pull-Request-doesnt-automatically-compl/10082816
Based on the link provided in the question, this issue apepears to have been fixed on Jul 28, 2022
"Microsoft Solution - Feedback Bot
Closed - Fixed
We have released a fix for this issue! Thank you for providing valuable feedback to help improve the product."
You could check if the user account has the permission: Bypass policies when completing pull requests.
I have written a Jenkinsfile for use in a GitHub Organization object in Jenkins. Part of the Jenkinsfile is error correcting, and often makes changes to the project. At the end of the pipeline, Jenkins commits the changes to our git repository.
Now that I have all of this working, I have realized that upon pushing the corrections to the repo, the same job that just ran and corrected the errors will run again, since it is triggered by webhooks. It wouldn't be an infinite loop because there would be no errors to correct after running the first time, but it would run one more time than it needs to.
The fact that the changes made by the job end up triggering the job is problematic because the pipeline includes a deploy step. Redeploying the same code twice in a row feels like the result of a poorly written pipeline. That said, short of searching the last commit message for keywords, I cannot figure out a good way to make commits from the job not trigger the job. Is there a less hacky way to solve this problem?
edit: I am aware of the ci-skip plugin, but I can't documentation for making it work in a declarative pipeline. I would prefer an approach that lets me do something with the default scm checkout step at the start of the build.
edit 2: I ended up just running a grep of the last commit message everytime the pipeline starts to see if the message contained the text [ci skip]. Its dirty, but it works if its placed in a setup stage of the pipeline.
In the configuration to checkout a git repo, you can specify there to ignore certain commit messages (advanced checkout behavior) Rather than using code to do it. However, I'm not sure if if a github org job can do the same thing.
Another option would be to ignore certain directories if the changes are confined to certain directories, and those directories aren't normally changes otherwise. Again, not sure if github org supports this.
Don't use webhook triggeers, possibly, but this isn't a preferred option.
Is it possible to merge pull request automaticaly to master branch on github after success of travis test webhook?
You can use Mergify to do this.
It allows to configure rules and define criteria for your pull request to be automatically merged. In your case, setting something like "Travis check is OK and one reviewer approved the PR" would allow the PR to be automatically merged.
(Disclosure: I'm part of the Mergify team.)
You can most probably add an after_success action to your .travis.yml that would merge the PR using GitHub API. I do not know of any ready to use script for this, but there is no reason for it to be hard. Special care needed for authentication ...
GitHub recently shipped this auto-merge feature in beta. To use this, you can enable it in the repo settings. Just keep in mind you will need to add branch protection rules as well.
See the documentation for more info.
https://docs.github.com/en/free-pro-team#latest/github/collaborating-with-issues-and-pull-requests/automatically-merging-a-pull-request
I work on a project that requires pull requests to be up to date with the target branch, and also to have passed all the checks before merging.
This means we can often be waiting for checks to finish, only to find a new commit has been made to the target branch, which requires the pull request to be synchronised and the checks to run all over again. I wanted a simple app to merge the PR automatically once the checks are successful, so I created one.
Mergery is:
Free, including for private repositories.
Fast. It's event-driven, it doesn't run on a schedule.
Simple. No configuration required. Just label your PRs with automerge.