Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Don't run dependabot on CodeQL PRs #14109

Merged
merged 1 commit into from
Oct 29, 2024
Merged

chore: Don't run dependabot on CodeQL PRs #14109

merged 1 commit into from
Oct 29, 2024

Conversation

AbhiPrasad
Copy link
Member

We get failures when running dependabot on CodeQL PRs: https://github.com/getsentry/sentry-javascript/actions/runs/11561736812/job/32181414647

  Warning: Resource not accessible by integration
  Error: Resource not accessible by integration
  Warning: Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading Code Scanning results requires write access. To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push for more information on how to configure these events.

Given dependabot is not going to change any code (just deps), I think we are safe to remove CodeQL scanning.

@AbhiPrasad AbhiPrasad requested a review from a team October 28, 2024 21:20
@AbhiPrasad AbhiPrasad self-assigned this Oct 28, 2024
@AbhiPrasad AbhiPrasad requested review from mydea and andreiborza and removed request for a team October 28, 2024 21:20
@mydea
Copy link
Member

mydea commented Oct 29, 2024

Makes sense to me!

@mydea mydea merged commit 0982655 into develop Oct 29, 2024
148 checks passed
@mydea mydea deleted the abhi-codeql-dependabot branch October 29, 2024 07:12
@mydea
Copy link
Member

mydea commented Oct 29, 2024

Oops, this does not work: https://github.com/getsentry/sentry-javascript/actions/runs/11570166519

you may only define one of branches and branches-ignore for a single event

Will revert this!

mydea added a commit that referenced this pull request Oct 29, 2024
@mydea
Revert "chore: Don't run dependabot on CodeQL PRs (#14109)"
6610ae7 
This reverts commit 0982655.
@mydea mydea mentioned this pull request Oct 29, 2024
Merged
mydea added a commit that referenced this pull request Oct 29, 2024
@mydea
ci: Fix CodeQL workflow config (#14117)
8f65bf7 
Reverts #14109 and
re-implements this differently.

Actually, the problem was dependabot merging to develop (so the fix
would not have caught that anyhow), + this was incorrect syntax (oops)
as we had ignore-branches _and_ branches, which does not work.

Now, instead we just run this always but check if this is a push from
dependabot, which hopefully works better.

See
https://github.com/getsentry/sentry-javascript/actions/runs/11570166519
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mydea mydea mydea approved these changes

@andreiborza andreiborza Awaiting requested review from andreiborza andreiborza was automatically assigned from getsentry/team-web-sdk-frontend

Assignees

@AbhiPrasad AbhiPrasad

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AbhiPrasad @mydea