-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check branch-protection of branch where this workflow is run #291
Check branch-protection of branch where this workflow is run #291
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -42,6 +42,11 @@ jobs: | |||
branch-up-to-date-check-enabled: | |||
runs-on: ubuntu-22.04 | |||
steps: | |||
- env: | |||
BRANCH: ${{ github.base_ref || github.ref }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this will work if the workflow is triggered by the release
event, as github_ref
will be equal to a tag (which cannot have branch protection with status check). We should add a short explanation to the docs with the supported events.
https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the events i expected to trigger this would have been:
- push
- workflow_dispatch
I'm calling this workflow from these events:
on:
workflow_dispatch:
push:
branches:
- main
- release-*
An alternative is that this workflow supports a branch
input.
I'd REALLY like to be able to merge into a release-1.xx
branch, and have the charm published to my 1.xx/edge track. It would make sense this workflow check that the release-1.xx
has branch-protection-status enabled the same as main.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but my point is that other users might try to trigger the workflow on the release
event, which might fail. Maybe an edge case, but I still think it is worth adding a one-liner in the docs about which workflow events are supported (push, workflow_dispatch, pull_request) to avoid having to troubleshoot this in the future if someone complains.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@addyess , if you could add a small explanation with this in the readme that'd be great
/canonical/self-hosted-runners/run-workflows d158e22 |
Issue: #290
Overview
Remove the hard-coded link to the
main
branch on the charm to support branch protection checks on release branchesRationale
On push to a main branch, it makes sense to push to
latest/edge
, so one should check the branch protection rules ofmain
On push to a
release-xxx
branch, a charm could publish the xxx/edge and ought to check branch protection rules of thatrelease-xxx
branchWorkflow Changes
Look up the active branch based on the workflow event:
Checklist
urgent
,trivial
,complex
)