docs(examples): gracefully handle no bump-eligible commits#17
Open
bearomorphism wants to merge 3 commits intocommitizen-tools:mainfrom
Open
docs(examples): gracefully handle no bump-eligible commits#17bearomorphism wants to merge 3 commits intocommitizen-tools:mainfrom
bearomorphism wants to merge 3 commits intocommitizen-tools:mainfrom
Conversation
Update both bump-release.yaml examples so that pushing only commits which do not trigger a version bump (e.g. docs:, ci:, build(deps):) does not fail the workflow with exit code 21. The bump step now passes `--no-raise 21` to cz bump and detects whether HEAD changed; if not, it sets `bumped=false` and exits 0. Subsequent steps (changelog, release, trigger-other-workflow) are guarded by `steps.bump-version.outputs.bumped == 'true'` so they are skipped on no-op runs. This mirrors the same pattern already used in commitizen's own bumpversion.yml workflow (see commitizen-tools/commitizen#1950). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Collaborator
Author
|
draft this and will do a human review later |
2 tasks
The test-trigger-other-job job runs `gh workflow run`, which requires
`actions: write` on the GITHUB_TOKEN. The job has been failing on:
- Fork PRs (e.g. contributor PRs from forks): fork-originated PRs
always receive a read-only GITHUB_TOKEN.
- Dependabot PRs (e.g. commitizen-tools#15): even though dependabot creates branches
in the same repo, the dependabot[bot] actor receives a restricted
token by default.
Both produce:
could not create workflow dispatch event: HTTP 403:
Resource not accessible by integration
Skip this job in both cases by gating on `head.repo.full_name` and on
`github.actor`. The job continues to run on PRs from same-repo
branches authored by humans, where the token has the required
permissions.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bearomorphism
changed the title
bearomorphism
changed the title
6 tasks
`--no-raise` is a top-level commitizen option, so it must appear
before the `bump` subcommand. With it placed after, argparse treats
`--no-raise 21` as unknown trailing arguments and the CLI exits with
code 18 (`INVALID_COMMAND_ARGUMENT`):
Invalid commitizen arguments were found: `--no-raise`.
Please use -- separator for extra git args
This is what failed the bump workflow on commitizen-tools/commitizen
master in run 25542335831, which copy-pasted the same pattern from
these examples.
Move the option before `bump` in both examples and add a comment so
future readers do not repeat the mistake.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Open
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR contains two related changes that together fix two distinct CI papercuts uncovered by commitizen-tools/commitizen#1950 (suggested in this comment).
1.
docs(examples): gracefully handle no bump-eligible commitsWhen users copy-paste these example workflows and only push commits that do not trigger a version bump (e.g.
docs:,ci:,build(deps):),cz bump --yesexits with code21(NO_COMMITS_TO_BUMP), which causes the entire workflow to fail.This commit updates both
examples/bump-release.yamlandexamples/trigger-other-job/.github/workflows/bump-release.yamlso that:--no-raise 21tocz bumpto avoid hard-failing on the no-commits case.HEADbefore and after the bump; if unchanged, it logs a message, setsbumped=falseand exits0.Build changelog,Releaseandtrigger other workflowsteps are guarded bysteps.bump-version.outputs.bumped == 'true'so they are skipped on no-op runs.This mirrors the same pattern that commitizen itself adopted in its own bumpversion workflow.
2.
ci(test): skip test-trigger-other-job when token is read-onlyThe
test-trigger-other-jobjob in.github/workflows/test.yamlrunsgh workflow run, which requiresactions: writeon theGITHUB_TOKEN. This call fails with HTTP 403 (Resource not accessible by integration) in two cases where the token is read-only:GITHUB_TOKENfor security.dependabot[bot]actor receives a restricted token by default.Examples of the resulting failures:
This commit guards the job with:
The job continues to run on PRs from same-repo branches authored by humans, where the token has the right permissions.
Why not other approaches?
pull_request_targetwould give fork PRs a writeable token — major security risk, not appropriate here.continue-on-error: trueon the trigger step would hide real failures, making the test meaningless.permissions: { actions: write }block does not help: fork and dependabot tokens stay read-only regardless.Checklist
Was generative AI tooling used to co-author this PR?
Generated-by: GitHub Copilot
Expected Behavior
test-trigger-other-jobcheck; same-repo human PRs and pushes tomainretain full coverage.