Fix re-run detection and improve messaging #1010
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The handling of the GITHUB_ACTOR has changed for re-runs which has broken our detection of improper re-runs (workflow re-run from the actions tab instead of requested via Dependabot). Now when a re-run occurs the GITHUB_ACTOR stays as dependabot[bot] and the GITHUB_TRIGGERING_ACTOR indicates the user that triggered the re-run.
GITHUB_TRIGGERING_ACTOR is available starting in GHES 3.7 so I've treated it as an optional field.
https://github.blog/changelog/2022-07-19-differentiating-triggering-actor-from-executing-actor/