Skip to content

fix(ci): use TAGBOT_PAT so TagBot-created tags trigger workflows#31

Merged
s-celles merged 1 commit into
mainfrom
fix/tagbot-pat
May 11, 2026
Merged

fix(ci): use TAGBOT_PAT so TagBot-created tags trigger workflows#31
s-celles merged 1 commit into
mainfrom
fix/tagbot-pat

Conversation

@s-celles
Copy link
Copy Markdown
Owner

@s-celles s-celles commented May 11, 2026

Summary

  • TagBot currently creates tags with GITHUB_TOKEN. Per GitHub Actions anti-recursion policy, events created with GITHUB_TOKEN do not trigger other workflows — so the Documentation workflow has not fired on any tag since v0.9.0. Result: https://s-celles.github.io/Giac.jl/stable/ is frozen on v0.9.0-era content (still mentions TempApi), and there are no per-version docs for v0.11.x, v0.12.0, v0.14.0.
  • Switch TagBot to use a fine-grained PAT (TAGBOT_PAT) — events from a PAT propagate normally, so the next tag push will trigger Documentation and CI.

Prerequisite

A repo secret TAGBOT_PAT must be set, holding a fine-grained PAT scoped to this repo with: Contents: Read and write, Issues: Read-only, Pull requests: Read-only. (Already added.)

Test plan

  • PR CI green
  • After merge, the next TagBot-created tag triggers the Documentation workflow
  • versions.js advances past v0.9.0 and /stable/ reflects the latest tagged release

@s-celles
fix(ci): use TAGBOT_PAT so TagBot-created tags trigger workflows
28ce259 
The default GITHUB_TOKEN used by TagBot creates tags via the GitHub
REST API, but GitHub deliberately does not propagate events from
GITHUB_TOKEN to other workflows (anti-recursion). As a result, the
Documentation workflow has not run on any tag since v0.9.0
(v0.11.x, v0.12.0, v0.14.0 were all silently skipped), leaving
/stable/ frozen on v0.9.0-era content.

Switching to a fine-grained PAT (Contents: write, Issues/PRs: read)
restores the expected behavior: TagBot pushes the tag with the PAT,
GitHub fires the tag-push event, and the Documentation workflow
publishes per-version docs and advances the "stable" symlink.

The TAGBOT_PAT secret must be set in repo settings before the next
TagBot run.
@s-celles s-celles merged commit c4ae5b1 into main May 11, 2026
8 checks passed
@s-celles s-celles deleted the fix/tagbot-pat branch May 11, 2026 20:31
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 11, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.76%. Comparing base (0fc8251) to head (28ce259).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main      #31   +/-   ##
=======================================
  Coverage   79.76%   79.76%           
=======================================
  Files          23       23           
  Lines        2891     2891           
=======================================
  Hits         2306     2306           
  Misses        585      585

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@s-celles @codecov-commenter