[wp-trac] [WordPress Trac] #56407: Rerun GitHub Action workflows on the first failure
WordPress Trac
noreply at wordpress.org
Thu Sep 1 14:56:59 UTC 2022
#56407: Rerun GitHub Action workflows on the first failure
------------------------------+----------------------
Reporter: desrosj | Owner: desrosj
Type: enhancement | Status: closed
Priority: normal | Milestone: 6.1
Component: Build/Test Tools | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch commit | Focuses:
------------------------------+----------------------
Comment (by desrosj):
Great question, @TobiasBg!
I definitely wanted to just use `GITHUB_TOKEN` instead. But in my testing,
`GITHUB_TOKEN` I found that does not have the required permissions to
modify workflow runs through the REST API.
The documentation for creating a workflow dispatch event mentions
`actions:write` is
[https://docs.github.com/en/rest/actions/workflows#create-a-workflow-
dispatch-event required, but that specifically mentions GitHub Apps].
GitHub Actions does [https://docs.github.com/en/actions/using-workflows
/workflow-syntax-for-github-actions#permissions support specifying custom
permissions in a workflow] through `permissions` at the top or job level,
but in my testing, even specifying `permissions: write-all` had no effect.
It can also be a bit hard to get to the bottom of because calling
`github.rest.actions.createWorkflowDispatch()` with a token lacking the
required permissions still returns a `204` status (the one
[https://docs.github.com/en/rest/actions/workflows#create-a-workflow-
dispatch-event documented as expected]). But eventually, I found the
[https://docs.github.com/en/actions/using-
workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
right documentation on this here].
> When you use the repository's `GITHUB_TOKEN` to perform tasks, events
triggered by the `GITHUB_TOKEN` will not create a new workflow run. This
prevents you from accidentally creating recursive workflow runs... If you
do want to trigger a workflow from within a workflow run, you can use a
personal access token instead of `GITHUB_TOKEN` to trigger events that
require a token.
So seems that it's an intentional design decision to prevent user error.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56407#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list