action-dependabot-auto-merge: TypeError: Cannot read property 'owner' of undefined

See https://github.com/mdn/yari/pull/1152/checks?check_run_id=1012806139 on this PR

Run ahmadnassri/action-dependabot-auto-merge@v1
/usr/bin/docker run --name ahmadnassriactiondependabotautomergev1_4f96b1 --label 8118cb --workdir /github/workspace --rm -e INPUT_GITHUB-TOKEN -e INPUT_TARGET -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/yari/yari":"/github/workspace" ahmadnassri/action-dependabot-auto-merge:v1
title: "Bump mdn-browser-compat-data from 1.0.34 to 1.0.35"
from: 1.0.34
to: 1.0.35
dependency update target is "patch", found "patch", will auto-merge
##[error]Unhandled error: TypeError: Cannot read property 'owner' of undefined

The workflow is here: https://github.com/mdn/yari/blob/master/.github/workflows/auto-merge.yml

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 55 (32 by maintainers)

Most upvoted comments

huzzah! 🎉 🎉 🎉 🎉 🎉 🎉

I will update the README with all this info next.

By the way, do you know if it’s possible to use something other than my personal access token?

that’s my one big ~wtf~ wish list item for GitHub … their official advise is to create a new user, call it a bot account and use it for such functionality … which is … sad.

they will charge you for the extra user if you’re a private org AND they might block it for “bot” only behaviour against their API … so good luck!

so, what I do today for private orgs:

  • created an account that is only used for token management, so that:
  • the comments / commits / actions are not shown to be done by a person, to avoid the “hey did you do X?” questions
  • the history / audit log of activity is clearly shown
  • rotating keys as a monthly task becomes easier, when you share the login to that bot account within the security / devops team

seems like it still went down the approve path … fixed it here

run it one more time please!

image

/me cries