ridedott / merge-me-action Goto Github PK
View Code? Open in Web Editor NEWAutomatically merges Pull Requests.
License: MIT License
Automatically merges Pull Requests.
License: MIT License
I think this project gives something like GitLab's "Merge when CI completes" checkbox functionality in GitHub, but it's not clear from the README, which just dives into how to configure the action for 3 different scenarios. It should have an opening sentence, something like:
This action will automatically merge PRs when all the other actions have passed and there are no merge conflicts. It provides similar functionality to GitLab's "Merge when CI completes" checkbox.
If the above is what this action does, I'd really like to use it on my projects. ๐
How would you describe the issue?
We have a bot that updates dependencies once a week and it creates PRs in quick succession.
Once the first PR is merged automatically, other PRs see mergeableState: UNKNOWN
for a short while.
Sometimes you can even observe that in the GitHub UI (the merge button is greyed out).
We tried increasing the MAXIMUM_RETRIES
, but it looks like the action is not retrying in this case.
How can we reproduce the issue?
I'm not sure if it can be reproduced manually without a bot.
But basically create multiple PRs in quick succession.
Here is an example run: https://github.com/moia-dev/scynamo/runs/1548816898#step:2:7
What are the expected results?
Retry on mergeableState: UNKNOWN
according to the MAXIMUM_RETRIES
setting.
What are the actual results?
AFAICT there were no retries in that run.
How much does it hurt?
Unfortunately this problem breaks our use case.
How would you describe the issue?
Hi,
I'm migrating from dependabot-preview
to dependabot
, see https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/. Github integrated depandabot
is missing automerge feature, which was available in preview. Therefor I opted to use this github action to automerge dependabot PR's. Unfortunately it isn't working as expected.
How can we reproduce the issue?
What are the expected results?
merge-me action would recognize configured GITHUB_LOGIN: dependabot
and merge the PR.
What are the actual results?
merge-me action doesn't recognize dependabot
"user" configured via GITHUB_LOGIN
. Pull request not created by dependabot, skipping.
How much does it hurt?
Dependabot migration caught me off guard and I have to manually merge couple of PR's from it manually each day,
How would you describe the issue?
An error occurs when auto-merge is attempted since v2.9.31
(and the corresponding bump of the v2
tag).
How can we reproduce the issue?
Push a new commit that leads to an action execution with an auto-merge step.
What are the expected results?
Auto-merge being executed.
What are the actual results?
The following error is observed:
Run ridedott/merge-me-action@v2
with:
GITHUB_LOGIN: <redacted>
MERGE_METHOD: SQUASH
GITHUB_TOKEN: ***
ENABLE_GITHUB_API_PREVIEW: false
ENABLED_FOR_MANUAL_CHANGES: false
MAXIMUM_RETRIES: 3
env:
ACR_RELEASE: <redacted>.azurecr.io
/home/runner/work/_actions/ridedott/merge-me-action/v2/dist/index.js.cache.js:25
*/const s=r(5680);const toRegexRange=(e,t,r)=>{if(s(e)===false){throw new TypeError("toRegexRange: expected the first argument to be a number")}if(t===void 0||e===t){return String(e)}if(s(t)===false){throw new TypeError("toRegexRange: expected the second argument to be a number.")}let o={relaxZeros:true,...r};if(typeof o.strictZeros==="boolean"){o.relaxZeros=o.strictZeros===false}let n=String(o.relaxZeros);let i=String(o.shorthand);let a=String(o.capture);let u=String(o.wrap);let c=e+":"+t+"="+n+i+a+u;if(toRegexRange.cache.hasOwnProperty(c)){return toRegexRange.cache[c].result}let l=Math.min(e,t);let p=Math.max(e,t);if(Math.abs(l-p)===1){let r=e+"|"+t;if(o.capture){return`(${r})`}if(o.wrap===false){return r}return`(?:${r})`}let d=hasPadding(e)||hasPadding(t);let m={min:e,max:t,a:l,b:p};let g=[];let h=[];if(d){m.isPadded=d;m.maxLen=String(m.max).length}if(l<0){let e=p<0?Math.abs(p):1;h=splitToPatterns(e,Math.abs(l),m,o);l=m.a=0
SyntaxError: Unexpected token '?'
at new Script (vm.js:84:7)
at Object.<anonymous> (/home/runner/work/_actions/ridedott/merge-me-action/v2/dist/index.js:6:16)
at Module._compile (internal/modules/cjs/loader.js:959:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
at Module.load (internal/modules/cjs/loader.js:815:32)
at Function.Module._load (internal/modules/cjs/loader.js:727:14)
at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10)
at internal/main/run_main_module.js:17:11
How much does it hurt?
We can specify the previous working version 2.9.30
to be used, but tag v2
is currently not working for us.
How would you describe the issue?
Upon merging while authenticated as a GitHub Application (bot), the Action prints the following error, but merges successfully anyway:
An error occurred while merging the Pull Request. This is usually caused by the base branch being out of sync with the target branch. In this case, the base branch must be rebased. Some tools, such as Dependabot, do that automatically.
The step doesn't fail despite the error, it simply returns successfully and the PR gets merged.
Example from a recent workflow run: https://github.com/deviantony/docker-elk/actions/runs/3555997794/jobs/5973029853#step:3:12
The Application has the following permissions assigned:
How can we reproduce the issue?
on:
workflow_run:
workflows: [ CI ]
types:
- completed
# ...
jobs:
merge:
if: github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
steps:
- name: Approve and merge
uses: ridedott/merge-me-action@v2
with:
GITHUB_LOGIN: my-app-name
GITHUB_TOKEN: my-app-token
What are the expected results?
Print a more detailed error: what failed and why.
Alternatively, don't print an error if the PR was merged successfully.
How much does it hurt?
1/10
What do you want to achieve?
Squash merge is disabled in the repo i want to use this in. At the moment i get an error saying squash merge isn't enabled:
GraphqlError: Squash merges are not allowed on this repository.
at evalmachine.<anonymous>:1:301669
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at Object.t.pullRequestHandle (evalmachine.<anonymous>:1:112743)
What is the current way of working?
Have to manually merge at the end.
How much does it hurt?
Sadly, currently can't use this action, without an enhancement, unless there's a configuration option I can't find.
What do you want to achieve?
It would be great to be able to use multiple GitHub logins instead of just one (e.g., only dependabot[bot]
). This would allow for greater automation possibilities.
For instance, in my case, I'm creating a CD pipeline. Twice per week, a GitHub action starts a PR from main into production. Then another action (the one that using this "merge-me" action) will merge the PR after all tests pass. For this, I can just whitelist 'github-actions[bot]' instead of the default dependabot. However, sometimes it's good manually push things to production (e.g., there's a nasty bug in production that needs to be fixed ASAP). To streamline things, a user (me) should just need to start a PR from main to production, then the actions do the rest of the work. But since I'm not a github-actions[bot]
, the PR will not be automatically merged.
- name: Merge me!
uses: ridedott/[email protected]
with:
GITHUB_LOGIN:
- 'github-actions[bot]'
- 'dependabot[bot]'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
or perhaps set a wildcard:
- name: Merge me!
uses: ridedott/[email protected]
with:
GITHUB_LOGIN: '*'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
What is the current way of working?
You can list the merge-me action multiple times, each with a different GITHUB_LOGIN specified. However, this means that all actions will run longer (merge-me always run multiple times), it's not DRY, and it doesn't scale.
How much does it hurt?
7/10
Currently master version of merge-me-action
can not handle push, pull_request events.
Example:
Warning: Unknown event pull_request, skipping.
It has been disabled here: aa86df2
Question: Could you clarify why it is not supported more?
What do you want to achieve?
Make it work
What is the current way of working?
eksperimental-debug/merge_test#4
How much does it hurt?
I have not been able to make it work once. Am I missing something?
How would you describe the issue?
From this weekend I have this error:
Automatic merges enabled for GitHub login: dependabot-preview[bot].
Found pull request information: {"reviewEdges":[{"node":{"state":"APPROVED"}}]}.
An error ocurred while merging the Pull Request. This is usually caused by the base branch being out of sync with the target branch. In this case, the base branch must be rebased. Some tools, such as Dependabot, do that automatically.
##[error]An unexpected error occurred: Required status check "Continuous integration" is in progress., GraphqlError: Required status check "Continuous integration" is in progress.
at key (/home/runner/work/_actions/ridedott/dependabot-auto-merge-action/master/node_modules/@octokit/graphql/dist-node/index.js:42:1)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at approveAndMergePullRequestMutation (/home/runner/work/_actions/ridedott/dependabot-auto-merge-action/master/src/common/merge.ts:40:9)
at Object.mergeWithRetry (/home/runner/work/_actions/ridedott/dependabot-auto-merge-action/master/src/common/merge.ts:49:14)
at Object.logInfo (/home/runner/work/_actions/ridedott/dependabot-auto-merge-action/master/src/eventHandlers/pullRequest/index.ts:86:5).
How can we reproduce the issue?
Run this workflow:
https://github.com/mapfish/mapfish-print/blob/master/.github/workflows/dependabot-auto-merge.yaml
In // of a required and running workflow
What are the expected results?
Validate the pull request
What are the actual results?
Error in the workflow, e.-g.:
https://github.com/mapfish/mapfish-print/pull/1453/checks?check_run_id=1020852174
How much does it hurt?
It makes this action unusable for us...
How would you describe the issue?
I've got a pipeline that is failing and branch protection rules that don't allow merging unless pipeline passes. Yet, github api returns "mergeable": "MERGEABLE"
which causes this action to attempt merging regardless of pipeline status. This seems to cause issues if the github token has privileges that allow it to merge with failing pipelines.
How can we reproduce the issue?
mergeable
flag in github apiWhat are the expected results?
It shouldn't merge PRs with failed pipeline.
What are the actual results?
It merges the PR.
How much does it hurt?
As far as I understand if I want to allow repository administrators to still be able to merge failing PRs I have to create a separate account without administrator access just for running this action, otherwise it would merge everything regardless of pipeline status. If that's intended it would be good to add this into readme, so it doesn't cause issues
Real life example:
Dependabot opened this PR mavend/octoboard#296 which caused tests to fail, yet merge-me still merged it here https://github.com/mavend/octoboard/runs/2307308047?check_suite_focus=true because mergeableState
was set to MERGEABLE
. I had branch protection rules configured like this:
I guess the reason for this is that it was running with administration privileges, and administrators were allowed to merge with pipelines failures?
More investigation:
Here's a test PR I made that causes CI to fail mavend/octoboard#298. Requesting it's data from github api returns the following
{
"data": {
"repository": {
"pullRequest": {
"id": "MDExOlB1bGxSZXF1ZXN0NjEyNTgzMTM1",
"merged": false,
"mergeable": "MERGEABLE",
"state": "OPEN",
"title": "Test GH actions"
}
}
}
}
though it's clearly not mergable
According to github docs this flag only checks for merge conflicts and doesn't account for pipeline status.
There seem to be a way of getting actual pipeline results from statusCheckRollup
in commit data:
commits(last: 1) {
edges {
node {
commit {
message
statusCheckRollup {
state
which returns
"commits": {
"edges": [
{
"node": {
"commit": {
"message": "Test",
"statusCheckRollup": {
"state": "FAILURE"
}
}
}
}
]
}
How would you describe the issue?
From little time ago I get the following error:
Automatic merges enabled for GitHub login: dependabot-preview[bot].
Found pull request information: {"reviewEdges":[]}.
##[warning]MERGE_METHOD value input is ignored because its malformed, defaulting to SQUASH.
##[error]GraphqlError: 2 of 2 required status checks have not succeeded: 1 expected.
I suspect this dependency update:
d9046ac
How can we reproduce the issue?
Used workflow:
https://github.com/camptocamp/ngeo/blob/master/.github/workflows/dependabot-auto-merge.yaml
What are the expected results?
Validate the PR
What are the actual results?
Error in workflow
How much does it hurt?
The action doesn't work anymore...
What do you want to achieve?
I got a bot to do my release and do auto-backporting.
It would be nice to be able to specify another kind of bot, that we allow the PR to be automerged.
What is the current way of working?
I just do it manually
How much does it hurt?
Not much, I just like automatised what is possible :)
What do you want to achieve?
Hey there ๐ I'm trying to have the action go through only when other status checks are complete. These are split into separate workflows, so what ends up happening is that the action passes and the PR is merged before other workflows are finished.
This seems to be happening because only requiresStrictStatusChecks
is being checked, which looks like it only covers the Require branches to be up to date before merging
option:
We don't have this option turned on in our repo, so this returns false even though mergeStateStatus
is BLOCKED
for the branch and the merge goes through. Is what I'm looking for possible if requiresStatusChecks
is also checked?
Alternatively, is it possible to expose an option to use the enablePullRequestAutoMerge mutation rather than mergePullRequest?
I'm happy to help contribute to this change ๐
What is the current way of working?
We don't have a workaround right now, other than having the DEPENDABOT_MINOR
preset in place, but breaking changes still manage to sneak in because our other status checks are being ignored.
How much does it hurt?
It's painful! ๐
What do you want to achieve?
GitHub is encouraging people to move to Github-native dependabot. As you know they removed auto-merge function.
With dependabot preview we are using NPM semantic versioning so that it only auto-merges minors and patches version, leaving major versions alone. It leaves us the opportunity to review (and learn) about major changes in the library (even if they don't break the tests) while making it as low maintenance as possible for other upgrades. We can arrive in the morning and all the safe/easy upgrades are done.
This is our current setting in dependabot-preview:
I think it is not possible to do this right now with merge-me-action (and maybe it is just too hard to implement).
What is the current way of working?
Using the tandem Github-native dependabot we are either forced to auto-merge everything with merge-me-action or manually merge all upgrades PR.
How much does it hurt?
It is unsustainable for us, so, for now, we plan to stay as long as possible on dependabot-preview.
How would you describe the issue?
I'm trying to use this workflow in a project of mine. The project has a protected master branch, and I'm seeing the following error in the run log. The run url is here. Additionally, the run is marked as successful even though the operation failed.
Run ridedott/dependabot-auto-merge-action@master
pullRequestHandle: PullRequestId: MDExOlB1bGxSZXF1ZXN0MzQ0NjY5OTc1, commitHeadline: build(deps): bump gatsby-plugin-typescript from 2.1.18 to 2.1.19.
##[warning]GraphqlError: You're not authorized to push to this branch. Visit https://help.github.com/articles/about-protected-branches/ for more information.
##[warning]{"data":{"mergePullRequest":null},"errors":[{"type":"UNPROCESSABLE","path":["mergePullRequest"],"locations":[{"line":3,"column":5}],"message":"You're not authorized to push to this branch. Visit https://help.github.com/articles/about-protected-branches/ for more information."}],"name":"GraphqlError","request":{"query":"\n mutation ($commitHeadline: String!, $pullRequestId: ID!) {\n mergePullRequest(input: {commitBody: \"\", commitHeadline: $commitHeadline, mergeMethod: SQUASH, pullRequestId: $pullRequestId}) {\n clientMutationId\n }\n }\n","variables":{"commitHeadline":"build(deps): bump gatsby-plugin-typescript from 2.1.18 to 2.1.19","pullRequestId":"MDExOlB1bGxSZXF1ZXN0MzQ0NjY5OTc1"}}}
Hi there! I recently installed this action on a couple of my repos and noticed that the action fails to correctly recognise PRs opened by dependabot. I believe thereโs a bug in this line:
merge-me-action/src/common/merge.ts
Line 146 in bf7c57b
commitAuthorName
should be updated to authorLogin
; in my case, commitAuthorName
is logged as Daniel Eden
(my name), whereas authorName
is logged as dependabot
(the allowed merge username). See this run log for details.
How would you describe the issue?
Looks like after 172fa69 action starts failing with error if ENABLE_GITHUB_API_PREVIEW
is disabled (it is disabled by default).
How can we reproduce the issue?
Here is our workflow file - https://github.com/networkservicemesh/sdk-kernel/blob/main/.github/workflows/automerge.yaml.
---
name: automerge
on:
workflow_run:
types:
- completed
workflows:
- 'ci'
jobs:
automerge:
name: Automerge
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }}
steps:
- name: Check out the code
uses: actions/checkout@v2
- name: Fetch main
run: |
git remote -v
git fetch --depth=1 origin main
- name: Only allow go.mod, go.sum, *.gen.go files
run: |
find . -type f ! -name 'go.mod' ! -name 'go.sum' -exec git diff --exit-code origin/main -- {} +
- name: Merge PR
uses: ridedott/merge-me-action@master
with:
GITHUB_LOGIN: nsmbot
ENABLED_FOR_MANUAL_CHANGES: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAXIMUM_RETRIES: 25
What are the expected results?
Here is the last successful output before update:
Run ridedott/merge-me-action@master
with:
GITHUB_LOGIN: nsmbot
ENABLED_FOR_MANUAL_CHANGES: true
GITHUB_TOKEN: ***
MAXIMUM_RETRIES: 25
MERGE_METHOD: SQUASH
Automatic merges enabled for GitHub login: nsmbot.
Found pull request information: {"authorLogin":"nsmbot","commitMessage":"Update go.mod and go.sum to latest version from networkservicemesh/sdk@main networkservicemesh/sdk#\n\nnetworkservicemesh/sdk PR link: https://github.com/networkservicemesh/sdk/pull/\n\nnetworkservicemesh/sdk commit message:\ncommit b086a10c94fe8cf762fe7bde478e6ce0bafc6d61\nAuthor: Denis Tingaikin <[email protected]>\nDate: Mon Jul 19 20:27:47 2021 +0700\n\n qfix: DNSNSEResolve server should correctly translate NSE for floating side and for querying side (#1027)\n\n * fix issue with interdomain nse labels\n\n Signed-off-by: Denis Tingaikin <[email protected]>\n\n * apply review comments\n\n Signed-off-by: denis-tingajkin <[email protected]>\n\nSigned-off-by: NSMBot <[email protected]>","commitMessageHeadline":"Update go.mod and go.sum to latest version from networkservicemesh/sdโฆ","mergeableState":"MERGEABLE","merged":false,"pullRequestId":"MDExOlB1bGxSZXF1ZXN0NjkyNjA5MDAz","pullRequestNumber":296,"pullRequestState":"OPEN","pullRequestTitle":"Update from update/networkservicemesh/sdk","repositoryName":"sdk-kernel","repositoryOwner":"networkservicemesh","reviewEdges":[]}.
What are the actual results?
Here is the current output:
Run ridedott/merge-me-action@master
with:
GITHUB_LOGIN: nsmbot
ENABLED_FOR_MANUAL_CHANGES: true
GITHUB_TOKEN: ***
MAXIMUM_RETRIES: 25
ENABLE_GITHUB_API_PREVIEW: false
MERGE_METHOD: SQUASH
Automatic merges enabled for GitHub login: nsmbot.
Error: An unexpected error occurred: Cannot read property 'endCursor' of undefined, TypeError: Cannot read property 'endCursor' of undefined
at makeGraphqlIterator (/home/runner/work/_actions/ridedott/merge-me-action/master/webpack:/@ridedott/merge-me-action/src/common/makeGraphqlIterator.ts:50:1)
at process.node (internal/process/task_queues.js:93:5)
at branchProtectionRules (/home/runner/work/_actions/ridedott/merge-me-action/master/webpack:/@ridedott/merge-me-action/src/common/listBranchProtectionRules.ts:50:1)
at continuousIntegrationEndHandle (/home/runner/work/_actions/ridedott/merge-me-action/master/webpack:/@ridedott/merge-me-action/src/eventHandlers/continuousIntegrationEnd/index.ts:80:1).
How much does it hurt?
We can temporary switch to using previous version, but we rather want to use your latest version.
Currently this totally breaks our CI, please help us :)
How would you describe the issue?
Attempting to perform an auto-merge, the step fails unexpectedly
How can we reproduce the issue?
Add this to the end of a build and packaging YAML file:
auto-merge:
needs:
- package
runs-on: ubuntu-latest
steps:
- uses: ridedott/merge-me-action@v2
with:
preset: DEPENDABOT_PATCH
github_token: ${{ secrets.PULL_NPM }}
What are the expected results?
Error is produced (log below)
What are the actual results?
Merge should complete successfully
How much does it hurt?
Quite a lot, mostly because the feedback loop is pretty massive.
Here is the log output:
2021-07-08T15:17:50.8254989Z Found online and idle hosted runner(s) in the current repository's organization account that matches the required labels: 'ubuntu-latest'
2021-07-08T15:17:50.8255037Z Waiting for a hosted runner in 'organization' to pick this job...
2021-07-08T15:18:13.2215311Z Current runner version: '2.278.0'
2021-07-08T15:18:13.2244633Z ##[group]Operating System
2021-07-08T15:18:13.2245758Z Ubuntu
2021-07-08T15:18:13.2246135Z 20.04.2
2021-07-08T15:18:13.2246530Z LTS
2021-07-08T15:18:13.2246918Z ##[endgroup]
2021-07-08T15:18:13.2247432Z ##[group]Virtual Environment
2021-07-08T15:18:13.2248039Z Environment: ubuntu-20.04
2021-07-08T15:18:13.2248498Z Version: 20210628.1
2021-07-08T15:18:13.2249376Z Included Software: https://github.com/actions/virtual-environments/blob/ubuntu20/20210628.1/images/linux/Ubuntu2004-README.md
2021-07-08T15:18:13.2250744Z Image Release: https://github.com/actions/virtual-environments/releases/tag/ubuntu20%2F20210628.1
2021-07-08T15:18:13.2251466Z ##[endgroup]
2021-07-08T15:18:13.2253185Z ##[group]GITHUB_TOKEN Permissions
2021-07-08T15:18:13.2254319Z Actions: write
2021-07-08T15:18:13.2254743Z Checks: write
2021-07-08T15:18:13.2255206Z Contents: write
2021-07-08T15:18:13.2255825Z Deployments: write
2021-07-08T15:18:13.2256375Z Discussions: write
2021-07-08T15:18:13.2256852Z Issues: write
2021-07-08T15:18:13.2257260Z Metadata: read
2021-07-08T15:18:13.2257699Z Packages: write
2021-07-08T15:18:13.2258194Z PullRequests: write
2021-07-08T15:18:13.2258687Z RepositoryProjects: write
2021-07-08T15:18:13.2259243Z SecurityEvents: write
2021-07-08T15:18:13.2259983Z Statuses: write
2021-07-08T15:18:13.2260571Z ##[endgroup]
2021-07-08T15:18:13.2263328Z Prepare workflow directory
2021-07-08T15:18:13.3041838Z Prepare all required actions
2021-07-08T15:18:13.3055004Z Getting action download info
2021-07-08T15:18:15.0688257Z Download action repository 'ridedott/merge-me-action@v2'
2021-07-08T15:18:15.8060213Z ##[group]Run ridedott/merge-me-action@v2
2021-07-08T15:18:15.8061241Z with:
2021-07-08T15:18:15.8061752Z preset: DEPENDABOT_PATCH
2021-07-08T15:18:15.8063265Z github_token: ***
2021-07-08T15:18:15.8063799Z GITHUB_LOGIN: dependabot
2021-07-08T15:18:15.8064241Z MERGE_METHOD: SQUASH
2021-07-08T15:18:15.8064750Z ENABLED_FOR_MANUAL_CHANGES: false
2021-07-08T15:18:15.8065278Z MAXIMUM_RETRIES: 3
2021-07-08T15:18:15.8065689Z env:
2021-07-08T15:18:15.8066252Z webapp_path: BennettJones.EthicalWalls
2021-07-08T15:18:15.8066786Z ##[endgroup]
2021-07-08T15:18:16.4184499Z Automatic merges enabled for GitHub login: dependabot.
2021-07-08T15:18:16.4230498Z ##[error]An unexpected error occurred: Cannot read property 'pullRequest' of null, TypeError: Cannot read property 'pullRequest' of null
at getPullRequestInformationByPullRequestNumber (/home/runner/work/_actions/ridedott/merge-me-action/v2/webpack:/@ridedott/merge-me-action/src/common/getPullRequestInformation.ts:68:1)
at process.pullRequestInformation (internal/process/task_queues.js:93:5)
at pullRequestInformation (/home/runner/work/_actions/ridedott/merge-me-action/v2/webpack:/@ridedott/merge-me-action/src/common/getPullRequestInformation.ts:125:1)
at pullRequestHandle (/home/runner/work/_actions/ridedott/merge-me-action/v2/webpack:/@ridedott/merge-me-action/src/eventHandlers/pullRequest/index.ts:21:1).
2021-07-08T15:18:16.4279670Z Cleaning up orphan processes
We use this action to auto merge our dependabot PRs that is configured to create PRs against our non-default branch develop
.
Our dependabot.yml
is this:
version: 2
registries:
composer-repository-nova-laravel-com:
type: composer-repository
url: https://nova.laravel.com
username: "${{secrets.NOVA_USERNAME}}"
password: "${{secrets.NOVA_PASSWORD}}"
updates:
- package-ecosystem: composer
directory: "/"
schedule:
interval: weekly
open-pull-requests-limit: 20
target-branch: develop
versioning-strategy: increase
registries:
- composer-repository-nova-laravel-com
However, when dependabot runs for JavaScript security updates it makes them against our default branch e.g. master
which we don't want but can accept if our merge me workflow didn't auto merge them.
I know adding JavaScript to the depandbot.yml
may fix it but we don't want to be getting any dependabot updates for javascript at this time.
How would you describe the issue?
I'm using github's built-in dependabot and added merge-me according to documentation. The action doesn't seem to properly recognise dependabot as commits author out of the box.
How can we reproduce the issue?
jobs:
merge-me:
name: Merge me!
runs-on: ubuntu-latest
steps:
- name: Merge me!
uses: ridedott/[email protected]
with:
GITHUB_TOKEN: ${{ secrets.AUTO_MERGE_TOKEN }}
What are the expected results?
dependabot PRs get merged
What are the actual results?
Job fails with the following output:
Automatic merges enabled for GitHub login: dependabot.
Found pull request information: {"authorLogin":"dependabot","commitAuthorName":"dependabot[bot]","commitMessage":"Bump @sentry/node from 6.2.4 to 6.2.5\n\nBumps [@sentry/node](https://github.com/getsentry/sentry-javascript) from 6.2.4 to 6.2.5.\n- [Release notes](https://github.com/getsentry/sentry-javascript/releases)\n- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.2.4...6.2.5)\n\nSigned-off-by: dependabot[bot] <[email protected]>","commitMessageHeadline":"Bump @sentry/node from 6.2.4 to 6.2.5","mergeableState":"MERGEABLE","merged":false,"pullRequestId":"MDExOlB1bGxSZXF1ZXN0NjExMjQ4NzIz","pullRequestState":"OPEN","pullRequestTitle":"Bump @sentry/node from 6.2.4 to 6.2.5","reviewEdges":[]}.
Pull request changes were not made by dependabot.
How much does it hurt?
Just setting GITHUB_LOGIN to dependabot[bot]
(which is commitAuthorName
) prevents the job from running since PR author doesn't match anymore:
Automatic merges enabled for GitHub login: dependabot[bot].
Pull request created by dependabot, not dependabot[bot], skipping.
However, it's possible to workaround this with micromatch:
GITHUB_LOGIN: '(dependabot|dependabot\[bot\])'
Here's an example workflow that failed https://github.com/mavend/octoboard/runs/2307117681?check_suite_focus=true and it's job definition https://github.com/mavend/octoboard/actions/runs/733497847/workflow
And a workflow with workaround that merged the PR https://github.com/mavend/octoboard/runs/2307312762?check_suite_focus=true and it's job definition https://github.com/mavend/octoboard/actions/runs/733570773/workflow
How would you describe the issue?
First, im not sure if this is a real bug here or something wrong with the config or gh workflow fail, maybe you can help me?
I recently added the workflow for auto-merges here: https://github.com/maglnet/ComposerRequireChecker/blob/3.6.x/.github/workflows/merge-dependabot-upgrades.yml
I wanted that these workflows listed there should all be successfully run and then the PR from dependatbot should be auto-merged.
Here one PR that was merged to fast: maglnet/ComposerRequireChecker#323
What are the expected results?
I would expect that all jobs need to be successful for the auto-merge.
What are the actual results?
The merge happens before all job were green.
How much does it hurt?
The solution would be to put all workflow files into one "Continues Integration" which is really not nice for maintainance. For example here: https://github.com/Roave/BetterReflection/tree/5.0.x/.github/workflows
How would you describe the issue?
The preset DEPENDABOT_MINOR
doesn't appear to work with the new GitHub-native Dependabot. (The old dependabot will be turned off in early August). The logs indicate Dependabot was not recognized.
How can we reproduce the issue?
What are the expected results?
Dependabot-created PR merges
What are the actual results?
Dependabot-created PR does not merge. Log indicates Dependabot was not detected by merge-me-action
Run ridedott/merge-me-action@v2
with:
GITHUB_TOKEN: ***
PRESET: DEPENDABOT_MINOR
GITHUB_LOGIN: dependabot
MERGE_METHOD: SQUASH
ENABLED_FOR_MANUAL_CHANGES: false
MAXIMUM_RETRIES: 3
Automatic merges enabled for GitHub login: dependabot.
Found pull request information: {"authorLogin":"dependabot","commitMessage":"Merge branch 'master' into dependabot/npm_and_yarn/mocha-9.0.2","commitMessageHeadline":"Merge branch 'master' into dependabot/npm_and_yarn/mocha-9.0.2","mergeableState":"MERGEABLE","merged":false,"pullRequestId":"MDExOlB1bGxSZXF1ZXN0NjgzNjgyMzQ4","pullRequestNumber":179,"pullRequestState":"OPEN","pullRequestTitle":"chore(deps-dev): bump mocha from 9.0.1 to 9.0.2","repositoryName":"advent-of-code","repositoryOwner":"amclin","reviewEdges":[]}.
Pull request changes were not made by dependabot.
How much does it hurt?
A lot, especially come August when legacy Dependabot goes away without a reliable automerge solution.
The action runs on checksuite-success. It retries three times and fails on each.
Doing a dependabot recreate
triggers automerge correctly, and the rebasing of other open dependabot prs closes other PRs successfully too.
It fails on with the following error message:
Run ridedott/dependabot-auto-merge-action@master
Found pull request information: {"reviewEdges":[{"node":{"state":"APPROVED"}}]}.
##[error]An unexpected error occurred: (e || "").replace is not a function, TypeError: (e || "").replace is not a function
at escapeData (evalmachine.<anonymous>:1:65447)
at Command.toString (evalmachine.<anonymous>:1:65373)
at issueCommand (evalmachine.<anonymous>:1:64866)
at Object.issue (evalmachine.<anonymous>:1:64935)
at Object.error (evalmachine.<anonymous>:1:91320)
at Object.t.pullRequestHandle (evalmachine.<anonymous>:1:117513)
at processTicksAndRejections (internal/process/task_queues.js:93:5).
##[error]Node run failed with exit code 1
What are the expected results?
It should work on initial try.
What are the actual results?
PRs are not properly merged on the initial try, but the Checksuite is all green. It retries 3 times and then fails.
Rebasing or recreating the PR with dependabot recreate
in chat resolves the issue as shown in the pr example below.
How much does it hurt?
Telling Dependabot to recreate takes as long as merging with admin privileges. Therefore the action does not smooth anything when this bug occurs.
Further Links:
An example failing Action and the corresponding failing example PR.
The Action YML Is the default.
What do you want to achieve?
It should be possible to lunch the action on a workflow_run
action, with workflow like this:
name: Auto merge Dependabot updates
on:
workflow_run:
workflows:
- Workflow 1
- Workflow 2
types:
- completed
jobs:
auto-merge:
name: Auto merge
runs-on: ubuntu-latest
steps:
- name: Auto merge
uses: ridedott/dependabot-auto-merge-action@master
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
In this case, we get an event like this (from github
context) (largely simplified):
{
"event_name": "workflow_run",
"event": {
"action": "completed",
"workflow_run": {
"conclusion": "success",
"pull_requests": [
{
"number": <number>,
"url": "https://api.github.com/repos/<org>/<repo>/pulls/<number>"
}
]
}
}
}
What is the current way of working?
Actually, the merge is done by Dependabot v1
How much does it hurt?
I can't migrate to Dependabot v2, and the solution of putting merge-me-action at the ends of my main workflow doesn't work well because in some cases I should wait on more than one workflow.
How would you describe the issue?
We are using this action to auto-merge dependabot PRs, and this has been consistently working well for us (thanks!). This morning, I had some dependabot PRs that passed all checks but weren't being auto-merge. Our github action that auto-merges was failing with this error:
Run ridedott/merge-me-action@v2
with:
GITHUB_TOKEN: ***
GITHUB_LOGIN: dependabot
ENABLE_GITHUB_API_PREVIEW: false
MERGE_METHOD: SQUASH
ENABLED_FOR_MANUAL_CHANGES: false
MAXIMUM_RETRIES: 3
Automatic merges enabled for GitHub login: dependabot.
Error: An unexpected error occurred: Cannot read property 'endCursor' of undefined, TypeError: Cannot read property 'endCursor' of undefined
at makeGraphqlIterator (/home/runner/work/_actions/ridedott/merge-me-action/v2/webpack:/@ridedott/merge-me-action/src/common/makeGraphqlIterator.ts:50:1)
at process.node (internal/process/task_queues.js:93:5)
at branchProtectionRules (/home/runner/work/_actions/ridedott/merge-me-action/v2/webpack:/@ridedott/merge-me-action/src/common/listBranchProtectionRules.ts:50:1)
at continuousIntegrationEndHandle (/home/runner/work/_actions/ridedott/merge-me-action/v2/webpack:/@ridedott/merge-me-action/src/eventHandlers/continuousIntegrationEnd/index.ts:80:1).
I'm guessing the latest release of this action broke something.
How can we reproduce the issue?
It looks like it is happening on all of our repos that use this action, so it should be easy to repeat. Here is the bit of our yml file that uses the action:
merge-me:
name: Merge me!
runs-on: ubuntu-latest
steps:
- name: Merge me!
if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: ridedott/merge-me-action@v2
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
What are the expected results?
There shouldn't be an error while using the action.
What are the actual results?
The error is preventing the action from working correctly.
How much does it hurt?
This appears to be breaking the action.
What do you want to achieve?
Add some logic to prevent the action to approve a PR multiple times as seen here https://github.com/ridedott/test-workflows/pull/4
What is the current way of working?
Currently there is no logic to prevent this behaviour in the action
How much does it hurt?
A lot of unnecessary approvals makes the PR messy
Hey there,
first of all: thanks for this action. This safes me a whole bunch of manually merging PRs from dependabot.
What do you want to achieve?
I actually have this action as part of my repository. It does update deps on a weekly base and this action always have a huge amount of releases in between.
There were 3 releases on thursday last week within 4 Minutes:
https://github.com/ridedott/merge-me-action/releases/tag/v2.8.41
https://github.com/ridedott/merge-me-action/releases/tag/v2.8.42
https://github.com/ridedott/merge-me-action/releases/tag/v2.8.43
So whenever whatever chore dependency is merged to this repository, a new release is being tagged. I don't think that this is really necessary and creates a whole bunch of versions which almost no one will ever use (due to the constraints used in upstream projects).
The worst thing what might happen is, that some of your dependencies starts using the same logic as this component uses: Whenever a dependency has changes, bump that dependency via dependabot and create a release.
This will end-up in an infinite loop and depending on the frequency dependabot will create PRs to bump dependencies, this wont end-up well ๐
What is the current way of working?
Every dependabot PR which is being merged will end-up being a dedicated release. ๐คท๐ผโโ๏ธ
How much does it hurt?
Not that much. Just realized this in my package and having that large amount of releases might not be necessary.
How would you describe the issue?
Merge-me action sometimes fails with ##[error]GraphqlError: Base branch was modified. Review and try the merge again.
Example https://github.com/z0rc/dotfiles/pull/1451/checks?check_run_id=797772548. Re-running affected job works fine, the error doesn't reproduce.
How can we reproduce the issue?
This one is tricky. I'm using this for single repo, where dependabot updates submodules and PR's can be merged only via rebase. As Dependabot creates multiple PR's almost simultaneously, same number of simultaneous github-actions being executed. I think there is run condition, where one action action updates the master
branch, and another actions fails on merge, until github "unlocks" PR for being able to merge again. See https://github.community/t/merging-via-rest-api-returns-405-base-branch-was-modified-review-and-try-the-merge-again/13787
What are the expected results?
Merge-me action would succeed. Maybe retry on failure.
What are the actual results?
Merge-me action fails with ##[error]GraphqlError: Base branch was modified. Review and try the merge again.
.
How much does it hurt?
One or two PR's from daily dependabot update batch (5-10 PR's) fail on merge-me action.
Dependabot couldn't authenticate with npm.pkg.github.com/ridedott.
Dependabot tried to authenticate with the details you previously provided, but authentication failed. If they are no longer valid you will need to provide Dependabot with new credentials.
You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.
How would you describe the issue?
From this commit: 40e52df
I get the following error (full log):
Run ridedott/dependabot-auto-merge-action@master
with:
GITHUB_TOKEN: ***
GITHUB_LOGIN: dependabot
ENABLE_GITHUB_API_PREVIEW: false
MERGE_METHOD: SQUASH
ENABLED_FOR_MANUAL_CHANGES: false
MAXIMUM_RETRIES: 3
/home/runner/work/_actions/ridedott/dependabot-auto-merge-action/master/dist/index.js.cache.js:25
*/const s=r(5680);const toRegexRange=(e,t,r)=>{if(s(e)===false){throw new TypeError("toRegexRange: expected the first argument to be a number")}if(t===void 0||e===t){return String(e)}if(s(t)===false){throw new TypeError("toRegexRange: expected the second argument to be a number.")}let o={relaxZeros:true,...r};if(typeof o.strictZeros==="boolean"){o.relaxZeros=o.strictZeros===false}let n=String(o.relaxZeros);let i=String(o.shorthand);let a=String(o.capture);let u=String(o.wrap);let c=e+":"+t+"="+n+i+a+u;if(toRegexRange.cache.hasOwnProperty(c)){return toRegexRange.cache[c].result}let l=Math.min(e,t);let p=Math.max(e,t);if(Math.abs(l-p)===1){let r=e+"|"+t;if(o.capture){return`(${r})`}if(o.wrap===false){return r}return`(?:${r})`}let d=hasPadding(e)||hasPadding(t);let m={min:e,max:t,a:l,b:p};let g=[];let h=[];if(d){m.isPadded=d;m.maxLen=String(m.max).length}if(l<0){let e=p<0?Math.abs(p):1;h=splitToPatterns(e,Math.ab
SyntaxError: Unexpected token '?'
at new Script (vm.js:84:7)
at Object.<anonymous> (/home/runner/work/_actions/ridedott/dependabot-auto-merge-action/master/dist/index.js:6:16)
at Module._compile (internal/modules/cjs/loader.js:959:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
at Module.load (internal/modules/cjs/loader.js:815:32)
at Function.Module._load (internal/modules/cjs/loader.js:727:14)
at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10)
at internal/main/run_main_module.js:17:11
How can we reproduce the issue?
On action run with the following workflow:
---
name: Auto merge Dependabot updates
on:
workflow_run:
workflows:
- Continuous integration
types:
- completed
jobs:
auto-merge:
name: Auto merge Dependabot updates
runs-on: ubuntu-18.04
timeout-minutes: 5
steps:
- name: Auto merge
uses: ridedott/dependabot-auto-merge-action@master
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
What are the expected results?
No error
What are the actual results?
The CI fail every time (if she has something to merge to review or nothing to do)...
How much does it hurt?
The action becomes unusable
What do you want to achieve?
Most likely, this is already possible, and I just don't get it from the docs. What I'd like to do is back-merge master
into dev
automatically. Both master
and dev
are protected (dev
requires a review and CI passing). Currently, when I merge a release into master
, a new PR is automatically created (using a Github Action) to pull master
back to dev
. I'd like this to be auto-merged, with the only required criteria being that it's up-to-date (i.e. I don't want to have to review it, or for it to pass CI tests, since that's redundant). However, I don't want the Merge-Me action to automatically merge other PRs to dev
!
Is there a way of constraining Merge-Me
to operate only on PRs that have a certain label, for example? (Currently these PRs are labeled with auto-pr
).
What is the current way of working?
Currently, I just do it manually -- I have to go to Github and click merge.
How much does it hurt?
It's fairly annoying, especially as I'm sure someone must have fixed this problem before!
How would you describe the issue?
The action is not working anymore. It doesn't merge depedabot PRs
How can we reproduce the issue?
Example of failure: https://github.com/char0n/json-api-merge/pull/224/checks?check_run_id=2063134861
What are the expected results?
The action merges the PR
What are the actual results?
Action fails on
/home/runner/work/_actions/ridedott/merge-me-action/master/node_modules/@actions/github/lib/internal/utils.js:23
const httpClient = __importStar(require("@actions/http-client"));
How much does it hurt?
A lot ;]
How would you describe the issue?
Auto merge me from a workflow_run reports success with a generic error message.
How can we reproduce the issue?
On a public repository, use this exact setup:
Follow this guide: https://stefanzweifel.io/posts/2021/04/28/auto-merge-dependabot-pull-requests
Comment the pull request with @dependabot rebase
to trigger the workflow where github..actor = dependabot[bot]
What are the expected results?
The pull request was merged
What are the actual results?
The action reports success โ
, the pull-request was not merged, but this message is logged to the action console:
An error occurred while merging the Pull Request. This is usually caused by the base branch being out of sync with the target branch. In this case, the base branch must be rebased. Some tools, such as Dependabot, do that automatically.
How much does it hurt?
The action does not seem to work.
How would you describe the issue?
https://github.com/ClearcodeHQ/jira_timemachine/actions/runs/3327307904/jobs/5501967216
I'm getting this weird bug across all repositories I have. It happens after I merge the dependabot's pull requests (major version change so I have to do it manually) to main branch.
How can we reproduce the issue?
Not sure, merge something dependabot updates to major version to master?
What are the expected results?
One out of three:
What are the actual results?
https://github.com/ClearcodeHQ/jira_timemachine/actions/runs/3327307904/jobs/5501967216
How much does it hurt?
Not sure yet, worst case scenario, if it fails on all prs, then that means I'll have to merge event the patch dependabot updates across many of my repositories, if it's main branch only, that means a lot of spam emails.
It fails also on regular patch updates so that means that the action does not work currently at all.
https://github.com/ClearcodeHQ/pytest-dynamodb/actions/runs/3326150718
How would you describe the issue?
How can we reproduce the issue?
What are the expected results?
What are the actual results?
How much does it hurt?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.