-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Required checks do not run on terraform-docs commits, blocking auto-merge #107
Comments
This is a limitation of the I have spoken about this with GitHub (i.e. prevent the automatically generated You either will need to manually run the Workflows after the commit has been made (or automate that process, which is what I've done), or create a Personal Access Token that is used in place of the automatically generated |
Hi @jonathanio ! Thank you for this response. Do you happen to have an example handy of how you automate running the workflows after the terraform-docs commit is pushed? Managing personal access tokens would likely make this more effort than it's worth for us, unfortunately. |
I'm in the process of rebuilding a lot of my infrastructure, so it's a bit all over the place, but if you take a look at my workflows for one of my older Terraform modules, you can see I've built up a tiered set of workflows. One will trigger on Pull Requests (i.e. pushes and opens), the other on labels being added. They then each call the CI as a reusable workflow internally. This is needed to ensure that the CI Workflows are always at the same level, and therefore the required status checks can match regardless of how it was called. If I'm using Mergify now too to help automate when the labels get added, reviews approved, etc. (see my Like you, I didn't like the idea of PATs in this context as limiting their scope to the repository is difficult unless you go down the GitHub App route, which provides other risks. |
That first link looks like a private repo, but I'll check out the other one. Thanks again. |
Oops! You're right. I've updated the link above to a gist which has the files and layout. Hopefully that'll help. |
Do you have an example of this somewhere? I'm trying with the following but it isn't working: ...
- name: Render terraform docs inside the README.md and push changes back to PR branch
uses: terraform-docs/gh-actions@f6d59f89a280fa0a3febf55ef68f146784b20ba0 # v1.0.0
env:
GITHUB_TOKEN: ${{ secrets.MY_TOKEN }}
with:
args: --hide-empty=true
git-push: "true"
recursive: true
recursive-path: .
working-dir: modules/ |
As such, you need to update your - name: Checkout the repository
uses: actions/checkout@v4
with:
token: ${{ secrets.MY_TOKEN || secrets.GITHUB_TOKEN }} Update that job, and your push back to the repository should now be under the required principal. |
Ah yep, that did the trick. Thank you for the help and quick response! |
What problem are you facing?
When using terraform-docs with push enabled, the commit pushed by terraform-docs does not have required checks run on it. Therefore, automation for updating dependencies cannot self-merge if checks are required by branch protection rules.
How could terraform-docs help solve your problem?
#79 suggested force-pushing the terraform-docs commit. I don't want terraform-docs to co-mingle its commits with mine.
Instead, it may be better to delay the workflows until tf-docs has pushed, or else restart the workflows after pushing.
The text was updated successfully, but these errors were encountered: