golangci-lint GitHub action is sometimes not triggered on PRs opened by dependabot #9566
Comments
k8s-ci-robot
added
kind/bug
|
This issue is currently awaiting triage. If CAPI contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
sbueringer
added
area/ci
|
/triage accepted |
k8s-ci-robot
added
the
triage/accepted
|
I wonder if this is down to our dependabot action somehow - that's the main diff IMO between these PRs and the ones we create manually. This is the current action: https://github.com/kubernetes-sigs/cluster-api/blob/main/.github/workflows/pr-dependabot.yaml It checks out the code, runs make generate and then commits the result. I don't have any idea how that could be impacting the lint action right now, but it's a first place to look. |
|
Maybe somehow. We should try to gather more data, e.g. under which circumstances it exactly happens (e.g. is the pr-dependabot action pushing changes in these cases) |
|
I did a bit of digging and it looks like we only have this problem on PRs which have 2 commits i.e. those that ran the github action and made an additional change. Most recently: #9564 |
|
Okay - I think I found the root cause for this. When using the repo's own repository taken workflows aren't triggered:
The pr-dependabot action uses
The advice is to use a Personal Access Token in the action, which I don't think we want to do. I'm not sure what the best solution to this is right now, but it's working as intended from the GitHub side. I have the subjective feeling that this is happening more often, but I'm not sure that's right. Maybe changing the schedule for dependabot PRs to happen on different days results in more generated commits? |
|
Only curious as to why this doesn't seem to happen in the same way on the controller-runtime repo: e.g. kubernetes-sigs/controller-runtime#2521 |
|
/kind flake |
k8s-ci-robot
added
the
kind/flake
|
@fabriziopandini: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/priority important-longterm |
k8s-ci-robot
added
the
priority/important-longterm
|
If someone has time, might be worth to spend some more time on research to see if there is now some solution to this. (cc @adityabhatia) |
fabriziopandini
added
the
help wanted
|
I was trying to make the following work:
I made the following changes: pr-dependabot.yaml permissions:
# Add
actions: write # Allow to trigger the lint action.
# Add this as last step
- name: Trigger lint action
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
await github.rest.actions.createWorkflowDispatch({
owner: context.repo.owner,
repo: context.repo.repo,
workflow_id: 'pr-golangci-lint.yaml',
ref: context.ref,
})
pr-golangci-lint.yaml on:
# Add
workflow_dispatch:This actually triggers the lint action with the right branch, the problem is that the lint action is not reporting back to the PR... |
|
Okay spend a few hours trying a lot of stuff. I think this is simply not possible either:
|
|
This leads me to, let's get rid of the golangci-lint GitHub action. Let's instead just run it as part of the verify job. I think this won't extend the runtime of that job significantly but let's see. I think there is basically no benefit today to run the linter in an action and the output is relatively hard to understand anyway (compared to a (more generically this means we shouldn't run any mandatory checks in GitHub actions, but I think this only really applies to the lint action today) Steps:
|
|
@killianmuldoon @chrischdi @fabriziopandini Opinions? |
|
I'm okay with that 👍 |
|
Just had an additional idea for #10571. Let's wait until we see the impact of that. Maybe afterwards the dependabot action is very rarely run (today it's run on every bump PR) |
The one benefit - I think - is that any lint issues found will actually have comments on the offending line of code in the PR diff view. That makes it very easy for newcomers to understand what the problem is and where to find it. |
|
Good point. I'm not sure if that works at the moment (but I would assume it's at least fixable) |
|
Just realized (when discussing it with @chrischdi) that the current action implementation has the following issue:
This way we recently ended up with a few linter findings on main. |
|
Okay as we now tried the new dependabot configuration for a while I would close this issue as "won't fix". Basically we now have to manually change a PR description / title once per week in the worst case. This seems okay and not worth additional effort at this point. (In a lot of cases we don't have to do it at all, as dependabot is running go mod tiday and that seems to be enough in a lot of cases, but not always) /close |
|
@sbueringer: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
What steps did you take and what happened?
Sometimes when dependabot opens new bump PRs the golangci-lint GitHub action is not triggered
The PR is then stuck and can't be merged because it's waiting for "lint"
What did you expect to happen?
Action should be triggered as usual
Cluster API version
main
Kubernetes version
Anything else you would like to add?
Workaround is to manually edit the PR description. Potentially also works to edit the PR title but I didn't try that yet
Label(s) to be applied
/kind bug
One or more /area label. See https://github.com/kubernetes-sigs/cluster-api/labels?q=area for the list of labels.
The text was updated successfully, but these errors were encountered: