This post is to explain one of the pain point I have encountered while trying to do Github Actions with Terraform Cloud for CI/CD of NSX-T. The difficulty is to chain workflow/pipeline automatically. In my case, I wanted to launch a workflow base of a PR create by another workflow. When you use Github Actions to interface with Github, you need to authenticate your Github Actions script against Github. You can then use the GITHUB_TOKEN that has been made for this purpose. As this token is known from Github to be automation token, to avoid loops, you can use it to create a PR to trigger another workflow. The workaround to this [known limitation] is to create the PR with a personal access token.
You can find below an example of using the personal access token to create a PR. To create the Pull Request we are using github-script that will send a REST API query thanks to the github pre-authenticated octokit/rest.js client with pagination plugins.
- name: CreatePR if apply succeed
uses: actions/github-script@v4.0.2
if: steps.apply.outcome == 'success'
with:
github-token: ${{ secrets.PERSO_GITHUB_TOKEN }}
script: |
github.pulls.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: "Auto PR",
head: "dev",
base: "main"
});