Is it possible within GitHub Actions to mark a workflow as something that is not a check? I can't find a hint inside the (good) documentation unfortunatly
I have included two default workflows to label pull requests and to greet first time contributors, but i don't want those workflows to be listed as "checks" since they aren't checking anything.
See here: https://github.com/wujood/awesome-gamejam/pull/3
It looks like it's not possible if you're triggering on the pull_request event. As a workaround you could try using a schedule or another event as a trigger.
As per https://github.blog/changelog/2019-09-24-ui-changes-in-github-actions-checks/ they explicitly changed the UI to don't display some checks.
GitHub Actions uses the Checks API for representing and storing information about job executions.
[...]
At the same time, Actions can be triggered not just when somebody pushes code to GitHub but when many other events occur. In these cases, GitHub Actions looks for workflow files in the default branch of the repository and creates and associates the checks with the SHA of the latest commit.
[...]
We have found that this can be noisy and not relevant in the context of a pull request. It can also cause friction when protected branch rules are enabled. As of today, we’re deploying a change to remove checks generated due to events other than push and pull_request from the context of pull requests or in the calculation of commit statuses. These checks will be available in the Actions tab for observability.
(emphasis mine)
And also:
GitHub Actions use the Checks API to output statuses, results, and logs for a workflow. GitHub creates a new check suite for each workflow run. The check suite contains a check run for each job in the workflow, and each job includes steps.
source: https://docs.github.com/en/free-pro-team#latest/actions/managing-workflow-runs/using-workflow-run-logs
There is also the following closed issue corresponding to the UI change described above: https://github.com/actions/toolkit/issues/86.
Related
In a repository we have :
a workflow that runs on: pull_request
so it runs each time I open/ commit to the pull-request (which I opened)
we have an action (runs manually) that commits to the pull-request (updating some files in the branch)
when the second action finishes to run, I can see its commit on the pull request
but it doesn't trigger the first workflow to run again
(in order to run the workflow after the action's commit, I need each time to insert a dummy commit or close and re-open the pull-request)
Is there another way to trigger the first workflow after a "bot" from the 2nd github action commits?
Don't do that. GitHub generally "dislike" having workflows trigger other workflows, for the obvious reason.1 Instead, write a reusable workflow, then use and re-use it.
See also Github Actions - trigger another action after one action is completed.
1If the reason isn't obvious, see this question. Follow the link until it becomes obvious why this is a bad idea. (In Computer Science, see the definition of recursion. In Philosophy, a closely related idea is called Begging the Question.)
You could add push trigger as well to the workflow as follows:
on:
- push
- pull_request
It should then run the workflow when you push a commit or tag. See docs here.
I have enabled a couple of different code scanning tools in my GitHub Actions workflow that each upload their results to the GitHub Security tab (via upload-sarif).
One of these scans produces a lot of alerts that are not relevant for my project, as it scans the built container image and produces alerts for all of the packages and utilities included in the base (Linux) image regardless of whether they are used by my application. So I have reviewed all of the alerts on the GitHub Security tab and dismissed (as "Won't Fix") the alerts that are not relevant.
Subsequent executions of the GitHub Actions workflow on the default branch work fine - the code scanning tool still generates all of the alerts, but GitHub sees that the alerts have already been dismissed and doesn't add or re-open them on the Security tab.
However, I also want to run the scan on PRs targeting my default branch in order to catch any new alerts before they are merged. But here GitHub doesn't appear to be checking that the alerts have already been dismissed on the default branch, so the code scanning check fails on every PR. Worse, if I ignore the check and merge the PR anyway, the alerts are transferred over to the default branch and need to be manually dismissed again.
Is there a workaround for this, or should I be approaching this in a different way?
I have discovered that the code scanning tool in question (Trivy) does not include fingerprints in its SARIF output, which is what confuses GitHub. I've made a feature request for Trivy here: https://github.com/aquasecurity/trivy/issues/1840
As a workaround, I've discovered that keeping the container image name static for code scanning allows GitHub's fallback deduplication logic to correctly identify duplicate alerts.
I have set up some Github actions workflows in my repo and want to require some of them to pass before a PR can be merged into the main branch. Therefore I selected these actions in branch protection rules, but these do not seem to apply. Only the styleci and appveyor checks are marked as required. All actions are not.
Any ideas what I am missing?
Example PR
Screenshot from settings
Thanks
Seems like Github does support emojis in job names, but does not support matching jobs as required, when there are emojis in job names. Removing the emojis makes the jobs look less nice, but makes the branch protection rules work. 😥
I'm using GitHub actions to automate pull requests to my repositories. In particular, I'd like to run actions whenever a pull request gets a review to automatically label it. Because of this, I'd like to run code from the context of my base branch (similarly to how pull_request_target works as a counterpart to pull_request).
I've looked at the events, but there doesn't seem to be a pull_request_review_target or any similar events that would be the counterpart to pull_request_review.
And what's about submitted on pull_request_review
on:
pull_request_review:
types: [submitted]
Or maybe I misunderstood you
For a variety of reasons, I need to manually trigger a GitHub Actions run from a comment on a PR mentioning a bot (I’m using ProBot). I figured out how to start the workflow by setting the start to on: workflow_dispatch and calling the API. Where I’m running into an issue is linking the run to the PR. Right now, the action just starts and completes without ever appearing in the checks section of the PR.
I noticed that there is a checks create method on the API, but it seems more geared towards making your own check suite. I could use that to create a check run, manually watching the GitHub Actions process, and appropriately updating the check run, but it seems like overkill. I haven’t seen anything in The API that would allow this to happen. There may be a way to do it from the action itself too, but I haven’t found anything.
I don't think you can use workflow_dispatch to add/update checks on a PR. This seems to be confirmed by this response to a similar question on the community forums.
Checks are only added/updated for the following events:
pull_request
pull_request_review
pull_request_review_comment
pull_request_target
push
So your manual operation needs to trigger one of these events to run. There are probably a number of different ways you can do this, depending on your use case. Just as an example, you could call the API to add a label and allow a pull_request workflow to execute on that type.
on:
pull_request:
types: [labeled, opened, synchronize, reopened]
The other thing to note is that the API call (or git push) must use a PAT instead of GITHUB_TOKEN. This is to allow further workflows to execute.
It is possible with some workaround. First, you have to identify the PR that invoked your workflow. If you need to use the workflow_dispatch trigger event, you can pass this PR number as input parameter. Otherwise, you mentioned you trigger this workflow on a specific comment so you could also use the issue_comment event which will give you the PR number as github.event.issue.pull_request.
Next, you have to find out the latest commit of this Pull Request. This depends on how your workflow got invoked:
if you use the issue_comment event, you can use the xt0rted/pull-request-comment-branch action to determine the right branch and commit
if you use the workflow_dispatch event, you can use the actions/github-script action to run some query to get the right commit for a given PR number
Finally, you can use the myrotvorets/set-commit-status-action action to attach the workflow result as check on the latest commit of the PR.
I wrote a blog post that describes this process in some more details: Trigger GitHub Workflow for Comments on Pull Request