Use GitHub app credentials for auto-dependabot#508
Merged
llucax merged 6 commits intofrequenz-floss:v0.x.xfrom Feb 18, 2026
Merged
Use GitHub app credentials for auto-dependabot#508llucax merged 6 commits intofrequenz-floss:v0.x.xfrom
llucax merged 6 commits intofrequenz-floss:v0.x.xfrom
Conversation
Contributor
Author
|
I'm still not a 100% sure this will fix it, but it is worth trying, it seems to be the only thing that could be wrong. |
b730dc9 to
27406cd
Compare
Contributor
Author
|
Test: #508 |
This utility function replaces a whole file. We also update the function `replace_file_contents_atomically()` to use the new function and avoid duplication. Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
To be able to enable auto-merge effectively, we need to use an external auth token to interact with GitHub, otherwise no events are produced when using the Action's provided token, and the merge never happens (either because the auto-merging doesn't trigger, or because the PR is queued but no CI is run on the queue so it times out). This job now requires the repo having a APP ID and PRIVATE KEY to generate a token to do the auto-merging and approving. To be able to get credentials for the GitHub App, we need to use the `pull_request_target` event instead of `pull_request`, as the later won't pass credentials to untrusted actors. This also means some extra care need to be taken. Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com> # This is the commit message frequenz-floss#2: # fixup! template: Update auto-dependabot workflow to use an app token
We remove the fine-grained update for ubuntu-slim from a previous step because now we are just replacing the whole file. Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
27406cd to
de30890
Compare
Contributor
Author
|
Tests show this seems to work now, so ready for a review. |
Marenz
approved these changes
Feb 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Actions performed with
GITHUB_TOKENmay not trigger follow-up workflow runs, which can prevent merge queue CI (merge_group) from starting and can leave auto-merge “stuck” without merging. Using a GitHub App token avoids this suppression and restores reliable merge-queue processing.