Maybe I could call this ‘The case of the Grumpy GitHub Action’?

I recently added the Auto-merge on a pull request workflow to my https://github.com/flcdrg/dependabot-lockfiles repository.

The idea being that when Dependabot creates a pull request to update a component, if you’ve set the Allow auto-merge option in the repository settings, then the pull request can be merged automatically assuming all requirements are met.

But I’d noticed after making that change, while builds were running correctly for pull requests, the merge commit didn’t have a corresponding build!

Main branch commits and build status

My first thought was had I made a mistake in one of the workflows? But they were working for pull requests. If there was a typo it should have shown up there.

I then took a closer look at the builds that were working. Looking at the screenshot above, I’m expecting to see a green tick next to each merge commit (the commits labelled ‘Merged pull request’).

There’s ones for the two pull requests that I created myself (my GitHub username is ‘flcdrg’), but none for the most recent commit. And interestingly that merge commit says it’s committed by ‘github-actions’. Hmm.. I wonder if that’s significant?

It reminded me of something I’d read previously.

When you use the repository’s GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run.

I began to form a hypothesis. The auto-merge is set by that workflow looks like this:

      - name: Enable auto-merge for Dependabot PRs
        run: gh pr merge --auto --merge "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

It’s using the GitHub CLI to configure the pull request to enable auto-merge. What I did notice is that it’s passing through GITHUB_TOKEN as an environment variable. On reflection, that kind of makes sense as if you recall the merge commit was ‘committed’ by ‘github-actions’. I guess that’s the username that is associated with GITHUB_TOKEN.

I wondered whether changing the token might help.

I have a personal access token that I’d previously created with repository access. I added it as a secret named PAT_REPO_FULL to this repository and updated the workflow to use ${{secrets.PAT_REPO_FULL}}.

Merge commit build success

The next Dependabot pull request then gets merged and this time it shows the committer as me (as the token was for my account), and success, the build now runs correctly!