Chore: Dependabot PRs initially fail Chromatic (token access) #907
Comments
|
#910 will fix this since we're exposing the token. The token is safe to expose (to get access to Chromatic still requires Git auth and being in the coder organization). The one downside to exposing the token is that any/all forks can run builds on our chromatic, which we are billed for. We'll have to see what this entails as we open source and gain traction, though I imagine going with a Again, we'll need to monitor. |
|
This should be fixed! Thanks for linking the issue, and the additional context @vapurrmaid. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When dependabot issues PRs to update dependencies, the Chromatic check will always initially fail until re-run by someone at Coder. This is because the token is not applied for that agent.
Steps to Reproduce
Expected
Logs
See here: https://github.com/coder/coder/runs/5859401270?check_suite_focus=true#step:4:47
From this PR created by dependabot: #902
Notes
A simple stop-gap solution is to not run chromatic on dependabot updates; however this feels unfortunate, as we'd be losing visual regression prevention on dependency updates. Ideally there's some way to allow dependabot to access this secret.
The text was updated successfully, but these errors were encountered: