Fix dependabot commits not deploying. Closes #261

[juliangruber]

Closes #261

[bajtos]

Quoting from dependabot/dependabot-core#3253 (comment) (Oct 2021):

The Actions team is also working on enabling Actions to fetch Dependabot secrets during Dependabot workloads, which will allow you to fetch secrets again. I'll link to the changelog post when it's shipped.

Have you tried adding FLY_API_TOKEN to Dependabot secrets? I suspect such a fix should solve the problem in a much simpler way.

[bajtos]

See https://github.blog/changelog/2021-11-30-github-actions-workflows-triggered-by-dependabot-receive-dependabot-secrets/

GitHub Actions workflows triggered by Dependabot will now be sent the Dependabot secrets.

This change will enable you to pull from private package registries in your CI using the same secrets you have configured for Dependabot to use and will improve how Actions and Dependabot work together.

[juliangruber]

If you look at https://github.com/filecoin-station/spark-evaluate/commits/main/, there's no CI being run on dependabot #main commits. It looks like unfortunately this is also the case for core-fly, where we thought we had fixed this issue: https://github.com/filecoin-station/core-fly/commits/main/ / https://github.com/filecoin-station/core-fly/actions/workflows/deploy.yaml.

This PR won't work then, unfortunately. I don't see how adding a dependabot secret will fix this either. I think we're back to the drawing board.

[bajtos]

If you look at https://github.com/filecoin-station/spark-evaluate/commits/main/, there's no CI being run on dependabot #main commits. It looks like unfortunately this is also the case for core-fly, where we thought we had fixed this issue: https://github.com/filecoin-station/core-fly/commits/main/ / https://github.com/filecoin-station/core-fly/actions/workflows/deploy.yaml.

This PR won't work then, unfortunately. I don't see how adding a dependabot secret will fix this either. I think we're back to the drawing board.

😢

I think the first step is to find out why our CI workflow is not triggered for commits created by Dependabot that were pushed to the main branch. WDYT?

[bajtos]

I don't see how adding a dependabot secret will fix this either.

Is it possible that GHA is smart enough to check if the Dependabot Secrets config provides values for all secrets used by the workflow, and if not, then it does not run the workflow at all?

[bajtos]

Possibly related:

• chore: added auto-approve for Dependabot PRs infonl/dimpact-zaakafhandelcomponent#553
• push workflow not triggered in v3. fastify/github-action-merge-dependabot#134

[juliangruber]

I don't see how adding a dependabot secret will fix this either.

Is it possible that GHA is smart enough to check if the Dependabot Secrets config provides values for all secrets used by the workflow, and if not, then it does not run the workflow at all?

If that were the case, then https://github.com/filecoin-station/core-fly/blob/main/.github/workflows/dependabot-deploy-check.yml should have worked as the fix though 🤔

[juliangruber]

But even that action isn't run https://github.com/filecoin-station/core-fly/actions/workflows/dependabot-deploy-check.yml

[juliangruber]

Apparently it's because of auto-merge! dependabot/fetch-metadata#111

[juliangruber]

So, we need to configure auto-merge using a personal access token. We can use the bot user https://github.com/orgs/filecoin-station/people/filecoin-station-robot for this. Do you have any concerns, @bajtos?

[bajtos]

Apparently it's because of auto-merge! dependabot/fetch-metadata#111

Sight. Why are they creating so much friction. 😢

So, we need to configure auto-merge using a personal access token. We can use the bot user https://github.com/orgs/filecoin-station/people/filecoin-station-robot for this. Do you have any concerns, @bajtos?

None come to my mind. Let's give it a try!

[juliangruber]

Let's see how this goes: filecoin-station/core-fly@d8fb90b

When it works after the next update, I'll port that here