Implement requiredStatusChecks #21644
Replies: 31 comments
-
Is it possible to see if the base branch has required status checks and go off of those? Our configuration looks like the below, but it always opens a PR since the required status checks we have on master prevent branch automerge.
|
Beta Was this translation helpful? Give feedback.
-
@stevenzeck can you describe more about what branch protection configuration you have? e.g. does your repo have 5 status checks but only 3 of them are marked as required? |
Beta Was this translation helpful? Give feedback.
-
For one of the repos I count 12, where 4 are required. The Renovate dashboard error says |
Beta Was this translation helpful? Give feedback.
-
@rarkins do you know of any ways for Renovate to work with GitHub required status checks while continuing to have |
Beta Was this translation helpful? Give feedback.
-
I think it’s possible to look up via the commit hash like we did with status checks. |
Beta Was this translation helpful? Give feedback.
-
Can you share how to configure our renovate files to do that? Right now we're disabling required status checks against master so that Renovate doesn't run into errors when merging from branches. |
Beta Was this translation helpful? Give feedback.
-
Sorry, I misunderstood your previous question and thought it was about the new check runs. Right now Renovate just waits for all test to be passed (then it merges the branch), or for any to be failed (it then raises a PR instead), or for for a timeout (default: 25 hours) in which case it also raises a PR. I guess what you'd prefer is that Renovate can read which status checks you have configured in branch protection and wait only on those before deciding to merge or raise PR? The alternative if that is too hard is to make you configure the same status checks in the Renovate config's |
Beta Was this translation helpful? Give feedback.
-
@rarkins thanks for the information. Ultimately when Renovate is configured with renovate/lib/platform/github/index.js Line 498 in 8f8cffb |
Beta Was this translation helpful? Give feedback.
-
From memory, that query returns all statuses including pending. So Renovate will wait until they are all "passed", or one is "failed", or for the 25 hour pending timeout. |
Beta Was this translation helpful? Give feedback.
-
@rarkins I looked into this a bit more and not all checks are present in the combined status response, which is what renovate looks at. For this repo, here are the PR "checks" and which API they show in:
I'm not sure where codeclimate/total-coverage and codeclimate/diff-coverage are. I know Travis CI recently stopped using statuses in favor of checks. But this is definitely part of our problem with automerging. Edit: #2659 looks to have implemented check-runs into renovate |
Beta Was this translation helpful? Give feedback.
-
Here's a good example. The first run of renovate found that The second run only returned one status when it should have returned six. If you curl it now Edit: @rarkins I think the checks that start with a dark brown circle (like codeclimate/coverage) are not in the status response until they have been reported. When I open a sample PR and run the code immediately after I open it, it does not include the two codeclimate/coverage statuses. When I wait until the statuses are not in the dark brown color and run, they are returned. |
Beta Was this translation helpful? Give feedback.
-
Thanks, that is very helpful. I think we can look for that message like “2 of 4 required status checks are expected” and if so then not raise a PR yet because it’s hopefully a temporary failure and not a permanent one |
Beta Was this translation helpful? Give feedback.
-
Might want to consider retrieving the required status checks under the branch protection rules for the repo and branch, then compare that with the status and checks API response and see if they are included in that yet. |
Beta Was this translation helpful? Give feedback.
-
We're also experiencing that setting e.g. 3 out of 6 checks to required makes Renovate "give up" trying to automerge, so to speak, even before the status checks have finished running. However, today it looks like it actually came back later and merged it. That's a first 🙂 |
Beta Was this translation helpful? Give feedback.
-
I’ve added extra logic to the branch automerge try/catch so that it shouldn’t force a PR if the error is just because some requires status checks aren’t met. But beware you shouldn’t set checks that are incompatible with a branch automerge, such as required reviews or checks that only fire when there’s a PR. |
Beta Was this translation helpful? Give feedback.
-
@stevenzeck thank you for the detailed logs. You were right - we were rewriting the |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
@karfau confirmed: only |
Beta Was this translation helpful? Give feedback.
-
BTW I have a suspicion that some people want this to mean "only require certain status checks and ignore if others are incomplete or failing" while others want this to mean "don't merge until at least these status checks are met, and of course only if all others are passing too" |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
I'm trying to understand the current behavior of this option. I understand that an actual list doesn't work and the only choices are "default" and "null". For the default behavior, documented as "Currently Renovate's default behavior is to only automerge if every status check has succeeded.", does "every" mean "every status check that starts running on the branch within a period of time", or "every status check that's marked as required"? (I'm particularly curious about GitHub.) |
Beta Was this translation helpful? Give feedback.
-
Renovate won't merge if any status check fails, even if it's not part of the non-required set |
Beta Was this translation helpful? Give feedback.
-
Is it possible to configure renovate to merge branch if no jobs were started at all for the branch since it was created? |
Beta Was this translation helpful? Give feedback.
-
Nope, thats not possible, you can simply add a dummy job, which passes always and does nothing. |
Beta Was this translation helpful? Give feedback.
-
We have a use-case where this would be amazing We have optional tests defined in https://github.com/prisma/e2e-tests/blob/7669f82bc665725881581d72cd82777f3c04e9e9/.github/workflows/optional-test.yaml And all Renovate PRs are currently failing because of of the job of the optional test workflow is failing prisma/ecosystem-tests#1958 Not sure if there was a suggestion to implement the "opposite" that would be easier to maintain in this case to only ignore the optional tests? |
Beta Was this translation helpful? Give feedback.
-
An issue I'm noticing is that when retrieving status checks only one is retrieved instead of waiting for all. Check these logs:
While you can see here ng-easy/platform#507 that one status check failed |
Beta Was this translation helpful? Give feedback.
-
@samuelfernandez unfortunately that doesn't prove anything. That status check could have been added after. GitHub's UI indicates that Renovate's view at the time was correct too: Isn't that literally saying "this PR was merged when it had 1 passing check"? |
Beta Was this translation helpful? Give feedback.
-
@rarkins exactly that... It is possible that the other checks from the CI pipeline were added after Renovate run, so it can be an unfortunate timing issue. That update was in "Pending status checks" phase, and in the same cycle Renovate created the PR and immediately merged it before other checks were added. I'm starting to suspect that it is because I have the CI configured to run on PR, but not on branches. Do you think it would be possible to somehow delay a bit the detection of status checks so that they are added? |
Beta Was this translation helpful? Give feedback.
-
Do you have branch protections enabled? That's generally the best approach, because GitHub enforces it. Otherwise we could look into whether we can skip a status check immediately after PR creation, although that would be a different request to this current issue. |
Beta Was this translation helpful? Give feedback.
-
Yes I do. Maybe it is a permissions issue, since Renovate is self-hosted and runs with a personal token, so it still has permissions. Anyway, after configuring CI to run on pushes to Renovate branches now all checks are found in the commit, so it will likely solve the issue https://github.com/ng-easy/platform/pull/512/files |
Beta Was this translation helpful? Give feedback.
-
This is a:
The
requiredStatusChecks
option is not fully implemented - it only works if you set it tonull
(i.e. NO required status checks).We should implement the feature fully so that users can specify a list of status checks that are required for automerge to be "green" and we ignore the rest.
Beta Was this translation helpful? Give feedback.
All reactions