This is an automated email from the ASF dual-hosted git repository.
xuanwo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/opendal-reqsign.git
The following commit(s) were added to refs/heads/main by this push:
new 5536ae9 ci: skip secret-required tests for dependabot PRs (#704)
5536ae9 is described below
commit 5536ae96f2f2ce250c3b40007d2a93db8e988285
Author: Xuanwo <[email protected]>
AuthorDate: Wed Mar 18 16:20:06 2026 +0800
ci: skip secret-required tests for dependabot PRs (#704)
Dependabot pull requests in this repository cannot access CI secrets,
but several workflows currently treat same-repo PRs as secret-eligible
and still run integration tests. This causes unrelated dependency bump
PRs to fail before functional checks complete. This PR updates the
workflow guards so secret-required integration jobs are skipped for
Dependabot PRs while preserving existing behavior for normal PRs and
pushes.
Context: https://github.com/apache/opendal-reqsign/pull/701 failed
because 1Password credentials were unavailable in a Dependabot PR, and
the same pattern exists in multiple service workflows.
---
.github/workflows/aws_v4.yml | 6 +++---
.github/workflows/azure_storage.yml | 6 +++---
.github/workflows/google.yml | 6 +++---
.github/workflows/tencent_cos.yml | 2 +-
4 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/.github/workflows/aws_v4.yml b/.github/workflows/aws_v4.yml
index 0bdbb6d..e65d3ab 100644
--- a/.github/workflows/aws_v4.yml
+++ b/.github/workflows/aws_v4.yml
@@ -60,12 +60,12 @@ jobs:
- name: Check if secrets are available
id: check
run: |
- if [[ "${{ github.event_name }}" == "push" || ( "${{
github.event_name }}" == "pull_request" && "${{
github.event.pull_request.head.repo.fork }}" == "false" ) ]]; then
+ if [[ "${{ github.event_name }}" == "push" || ( "${{
github.event_name }}" == "pull_request" && "${{
github.event.pull_request.head.repo.fork }}" == "false" && "${{ github.actor
}}" != "dependabot[bot]" ) ]]; then
echo "has_secrets=true" >> $GITHUB_OUTPUT
- echo "::notice::Integration tests will be executed (base
repository)"
+ echo "::notice::Integration tests will be executed (base
repository and non-dependabot PR)"
else
echo "has_secrets=false" >> $GITHUB_OUTPUT
- echo "::warning::Integration tests will be skipped (forked
repository or no secrets available)"
+ echo "::warning::Integration tests will be skipped (forked
repository, dependabot PR, or no secrets available)"
fi
# Signing tests - test signature algorithm with static credentials
diff --git a/.github/workflows/azure_storage.yml
b/.github/workflows/azure_storage.yml
index f289206..c354743 100644
--- a/.github/workflows/azure_storage.yml
+++ b/.github/workflows/azure_storage.yml
@@ -60,12 +60,12 @@ jobs:
- name: Check if secrets are available
id: check
run: |
- if [[ "${{ github.event_name }}" == "push" || ( "${{
github.event_name }}" == "pull_request" && "${{
github.event.pull_request.head.repo.fork }}" == "false" ) ]]; then
+ if [[ "${{ github.event_name }}" == "push" || ( "${{
github.event_name }}" == "pull_request" && "${{
github.event.pull_request.head.repo.fork }}" == "false" && "${{ github.actor
}}" != "dependabot[bot]" ) ]]; then
echo "has_secrets=true" >> $GITHUB_OUTPUT
- echo "::notice::Integration tests will be executed (base
repository)"
+ echo "::notice::Integration tests will be executed (base
repository and non-dependabot PR)"
else
echo "has_secrets=false" >> $GITHUB_OUTPUT
- echo "::warning::Integration tests will be skipped (forked
repository or no secrets available)"
+ echo "::warning::Integration tests will be skipped (forked
repository, dependabot PR, or no secrets available)"
fi
# Signing tests - test signature algorithm with static credentials
diff --git a/.github/workflows/google.yml b/.github/workflows/google.yml
index b30564d..ac5c452 100644
--- a/.github/workflows/google.yml
+++ b/.github/workflows/google.yml
@@ -60,12 +60,12 @@ jobs:
- name: Check if secrets are available
id: check
run: |
- if [[ "${{ github.event_name }}" == "push" || ( "${{
github.event_name }}" == "pull_request" && "${{
github.event.pull_request.head.repo.fork }}" == "false" ) ]]; then
+ if [[ "${{ github.event_name }}" == "push" || ( "${{
github.event_name }}" == "pull_request" && "${{
github.event.pull_request.head.repo.fork }}" == "false" && "${{ github.actor
}}" != "dependabot[bot]" ) ]]; then
echo "has_secrets=true" >> $GITHUB_OUTPUT
- echo "::notice::Integration tests will be executed (base
repository)"
+ echo "::notice::Integration tests will be executed (base
repository and non-dependabot PR)"
else
echo "has_secrets=false" >> $GITHUB_OUTPUT
- echo "::warning::Integration tests will be skipped (forked
repository or no secrets available)"
+ echo "::warning::Integration tests will be skipped (forked
repository, dependabot PR, or no secrets available)"
fi
# Signing tests - test signature algorithm with static credentials
diff --git a/.github/workflows/tencent_cos.yml
b/.github/workflows/tencent_cos.yml
index 0d4a1a9..b0f8fa3 100644
--- a/.github/workflows/tencent_cos.yml
+++ b/.github/workflows/tencent_cos.yml
@@ -55,7 +55,7 @@ jobs:
permissions:
contents: "read"
id-token: "write"
- if: github.event_name == 'push' ||
!github.event.pull_request.head.repo.fork
+ if: github.event_name == 'push' ||
(!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]')
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
