action-hosting-deploy icon indicating copy to clipboard operation
action-hosting-deploy copied to clipboard
verified publisher icon FirebaseExtended

[BUG] Question on usage to ignore PR's from dependabot

Open jvgreiner opened this issue 3 years ago • 3 comments

Action config

currently we are using Deploy to Firebase Hosting on PR and we have several repo's that contain the config below. When we receive a pull request from dependabot the action fails due to permissions. How can this config be changed to ignore the action (skip or no run) when the PR is opened by dependabot. Thanks for any input on this...

example: name: Deploy to Firebase Hosting on PR 'on': pull_request jobs: build_and_preview: if: '${{ github.event.pull_request.head.repo.full_name == github.repository }}' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - run: yarn && yarn build - uses: FirebaseExtended/action-hosting-deploy@v0 with: repoToken: '${{ secrets.GITHUB_TOKEN }}' firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_BLUI_REACT_SHOWCASE }}' expires: 2d projectId: blui-react-showcase

Error message

https://github.com/etn-ccis/blui-angular-design-patterns/actions/runs/4318181010/jobs/7536164488

Expected behavior

Actual behavior

jvgreiner avatar Mar 03 '23 15:03 jvgreiner

I've tried this config with exclude but fails on line 6 - branches:

name: Deploy to Firebase Hosting on PR 'on': pull_request branches: exclude: - dependabot/* - dependabot/**/* jobs: build_and_preview: if: '${{ github.event.pull_request.head.repo.full_name == github.repository }}' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - run: yarn && yarn build - uses: FirebaseExtended/action-hosting-deploy@v0 with: repoToken: '${{ secrets.GITHUB_TOKEN }}' firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_BLUI_REACT_SHOWCASE }}' expires: 2d projectId: blui-react-showcase

I also tried -
branches:
    - '!dependabot'

and

branches-ignore:
    - 'dependabot/*'

jvgreiner avatar Mar 03 '23 20:03 jvgreiner

@JeffGreiner-eaton Some folks found a fix for the permissions issue. Check out this thread and specifically this comment https://github.com/FirebaseExtended/action-hosting-deploy/issues/108#issuecomment-1406627354

alexdao3 avatar Mar 08 '23 23:03 alexdao3

@dependabot has no access to secrets, see: https://github.com/dependabot/dependabot-core/issues/3253#issuecomment-852541544

You could ignore @dependabot pull requests:

- uses: FirebaseExtended/action-hosting-deploy@v0
  if: ${{ github.actor != 'dependabot[bot]' }}
  ...

Or test for the secret to be available:

- uses: FirebaseExtended/action-hosting-deploy@v0
  if: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_BLUI_REACT_SHOWCASE != '' }}
  ...

qbantek avatar Mar 22 '23 21:03 qbantek