DEV Community

loading...
Play Button Pause Button
GitHub

Conditional Workflows and Failures in GitHub Actions

bdougieyo profile image Brian Douglas ・2 min read

Coming up on March 1st, GitHub, changing the way GitHub Actions work with Dependabot PRs. This change will treat all these Dependabot PRs as forks to your repo, so they will not have access to things like the GITHUB_TOKEN token. So if you're using Dependabot in any of your projects, consider changing over to pull_request_target after reading up on the recent GitHub Actions Security vulnerabilities research.

I have an example workflow that dumps the context of the runner in my Action logs. This is helpful if you don't want to use tmate or similar to debug. It's an excellent little debugging tool.


name: dump

on:
  pull_request:

jobs:
  dump:
    runs-on: ubuntu-latest
    steps:
      - name: Dump context
        uses: crazy-max/ghaction-dump-context@v1
Enter fullscreen mode Exit fullscreen mode

Per the changelog, I can update it to use pull_request_target so it has access to the GITHUB_TOKEN with write access. But I also only want dependabot PRs leveraging this workflow. To do this, I can add a conditional expression to my workflow that checks that the github.actor is only 'dependabot[bot]'.

name: dump

on:
  pull_request:

jobs:
  dump:
    runs-on: ubuntu-latest
    steps:
      - name: Dump context
        if: github.actor == 'dependabot[bot]' // added condiontal
        uses: crazy-max/ghaction-dump-context@v1
Enter fullscreen mode Exit fullscreen mode

Now the conditional will skip the workflow step if the actor is not 'dependabot[bot]'. But what if I want to fail the workflow from human contributors? I can inverse the conditional, but I can also add a failure, but running exit 1 like so.

name: dump

on:
  pull_request:

jobs:
  dump:
    runs-on: ubuntu-latest
    steps:
      - name: Dump context
        if: github.actor == 'dependabot[bot]'
        run: exit 1 // added failure
      - name: the dump
        uses: crazy-max/ghaction-dump-context@v1
Enter fullscreen mode Exit fullscreen mode

But keep in mind if you have a conditional, and it's not dependent by any don't want a failure, it'll just skip the job.

I hope you found this helpful. Be sure to keep an eye on the GitHub Changelog for future Action updates, as well as other features.

This is part of my 28 days of Actions series. To get notified of more GitHub Action tips, follow the GitHub organization right here on Dev. Learn how to build action with Node.js

Discussion (0)

pic
Editor guide