Skip to content

fix: allow update workflow PRs to trigger CI#104

Open
LeonidasZhak wants to merge 1 commit into
easystats:mainfrom
LeonidasZhak:fix/update-workflow-ci-token-83
Open

fix: allow update workflow PRs to trigger CI#104
LeonidasZhak wants to merge 1 commit into
easystats:mainfrom
LeonidasZhak:fix/update-workflow-ci-token-83

Conversation

@LeonidasZhak

Copy link
Copy Markdown

Summary

Let the reusable update-to-latest-easystats workflow use an optional caller-supplied token when it creates dependency update PRs.

Thanks to maintainers

Thanks for maintaining these shared workflows. The issue report and datawizard#640 example made the failure mode clear.

Issue or motivation

Closes #83. PRs created with the default GITHUB_TOKEN do not trigger the usual pull_request or push workflows, so the automated dependency-update PR can appear without CI checks.

Root cause

The workflow always passed secrets.GITHUB_TOKEN to peter-evans/create-pull-request. GitHub suppresses most workflow events caused by GITHUB_TOKEN, which prevents the generated PR from starting the package CI.

Change

  • Declare an optional EASYSTATS_BOT_TOKEN secret on the reusable workflow.
  • Use that token for create-pull-request when callers provide it, with github.token as the fallback to preserve current behavior.
  • Document the optional secret in README.Rmd and regenerate README.md.

Tests

  • actionlint .github/workflows/update-to-latest-easystats.yaml
  • Rscript -e 'rmarkdown::render("README.Rmd", quiet = TRUE)'
  • R CMD build .
  • R CMD check --no-manual workflows_0.1.0.tar.gz

R CMD check reports the same pre-existing 1 WARNING and 2 NOTEs on origin/main and on this branch: the CC0 license string, LICENSE top-level note, and .github hidden-directory note.

Scope

This only changes the token used to create the automated dependency PR and the README note for callers. It does not change the dependency-update logic, branch naming, PR title/body, labels, or any general-purpose workflow.

@etiennebacher

Copy link
Copy Markdown
Member

@LeonidasZhak

Copy link
Copy Markdown
Author

Thanks, that create-pull-request note is the behavior this patch is targeting.

I rechecked the branch locally today:

  • actionlint .github/workflows/update-to-latest-easystats.yaml
  • git diff --check origin/main...HEAD
  • Rscript -e 'rmarkdown::render("README.Rmd", quiet = TRUE)'
  • R CMD build .
  • R CMD check --no-manual workflows_0.1.0.tar.gz

The check result is still the repository baseline: 1 WARNING and 2 NOTEs for the CC0 license string, top-level LICENSE, and included .github directory.

The current failing format-suggest job stops before formatting because pull_request_target refuses to check out fork PR code with allow-unsafe-pr-checkout: false. I have not changed that here, since it is a separate repository security-policy choice. This patch stays limited to letting callers provide a bot/PAT token for dependency-update PRs, while keeping github.token as the fallback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

"Update to latest easystats" workflow should trigger CI

2 participants