AL-Go icon indicating copy to clipboard operation
AL-Go copied to clipboard
verified publisher icon microsoft

protected branch query

Open rolandpthompson opened this issue 2 years ago • 6 comments

This is more a Github thing I think. But reading the docs its recommended to protect the main branch, which makes sense. But if we want to protect our branch and only allow merges once specific status checks have passed, how can we do that?

For example, say we want to run the action Increment version no.. It creates a new pull request, but it would never pass any checks (assuming we created them), as it doesnt run anything.

Really speaking, we'd want to make sure any builds (with the tests etc) pass before merging, but this would stop us merging a pull request for just a version increment...

rolandpthompson avatar May 26 '23 11:05 rolandpthompson

I would assume that a version increment would kick off a build as well. I think any PR to the main branch should kick off a build. It might not build all projects in the repo, but it should kick off a PR build, isn't that what you are seeing?

freddydk avatar Jun 01 '23 03:06 freddydk

With the main branch protected requiring PR and build to be successful, the following happens: A: Run Increment Version with Direct Commit = Y Fails due to PR being required

B: Run Increment Version with Direct Commit = N PR created, no PR build starts The PR cannot be merged as checks are not run The org/repo admin must force merge the PR

AskeHolst avatar Jun 07 '23 20:06 AskeHolst

Will have a look at why a PR build isn't kicked off by this,

freddydk avatar Jun 08 '23 04:06 freddydk

Apparently, this is by design by GitHub. When creating a PR using the GITHUB_TOKEN https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow

This does have an effect on all workflows, which includes:

  • Create new app, testapp, bcpt app
  • Add existing app
  • Increment version number
  • Create development environment
  • Create release

And could leave people in problems. A related problem is that some organizations will disallow GitHub Actions to create PRs (microsoft org being one). Other policies might say that a PR is required and/or all PR checks needs to succeed.

The only fix suggested by GitHub is to use a personal access token (like the ghTokenWorkflow) to run the action.

A possible fix would be to include a check-box in these workflows for using the GhTokenWorkflow instead of the GITHUB_TOKEN - will investigate this option

freddydk avatar Jul 02 '23 15:07 freddydk

Using the GhTokenWorkflow does solve the issue (in this test) image

freddydk avatar Jul 02 '23 16:07 freddydk

The PR created by the GITHUB_TOKEN will be created by BOT, the one created by GhTokenWorkflow will be created by the owner of the token: image

freddydk avatar Jul 02 '23 16:07 freddydk