Push to protected branch #344
Comments
|
I have the exact same issue on typescript-eslint/typescript-eslint@19516de And the resulting failure from running the action here: This issue does seem to be specific to github actions. I have an Azure DevOps release pipeline using the exact same lerna configuration using the exact same PAT. What is github actions doing differently? Also FYI, A number of folks seem to be running into this and have reported it on the lerna repo here: lerna/lerna#1957 |
|
i was having the same issue and then i made a personal access token to use instead of the example name: PUBLISH NPM PACKAGE
on:
push:
branches: [ release ]
jobs:
run-checks:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [15.x]
env:
KIIPO_BOT_NPM_AUTOMATION_TOKEN: ${{ secrets.KIIPO_BOT_NPM_AUTOMATION_TOKEN }}
steps:
- uses: actions/checkout@v2
with:
token: ${{ secrets.KIIPO_BOT_GITHUB_REPOSITORY_ADMIN_TOKEN }}
- name: Use node version ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- run: git config user.name "kiipobot"
- run: git config user.email "superuser@kiipo.com"
- run: npm ci
- run: npm run lint
- run: npm run release:ci this allows me to push without problem, however it triggers a new so even though i can now push with a personal access token, its not a solution. when i then disable my branch protections and use the original does anyone know how to use a personal access token to commit and push without re-triggering the push event ? |
|
If you are only update the version in package.json you can ignore it by file or path or even user, this would work file for your solution |
|
Is there any way to configure it so the bot user can push to the protected branch without also being an admin? |
|
Deploy key bypasses branch protections, at least without "Require a pull request before merging". It's possible to skip ci if needed. |
This PR will move changelog updates to PRs because of branch protection. GitHub Actions can't push to protected branches. actions/checkout#344 Branch protection rules currently require signed commits. By default, bots can't sign commits. Setting up bot commit signing is involved, and requires storing a private key on GitHub. The commit signing requirement could be disabled, but this would create the possibility of unauthorized changes being committed. Having bots open PRs avoids this issue, because GitHub will sign the merge with their key. Note that, in order for the merged commit to show up as verified, the `Co-authored-by` trailers must be removed before squashing and merging. A downside of updating the changelog with PRs is that changelog PRs could go unmerged if maintainers forget to merge them. PR auto-merge could help with this, but then other unwanted PRs could be merged also, so auto-merge is currently disabled. Note that PRs or commits created from a GitHub Actions workflow don't trigger further workflows. This means the changelog PR won't trigger the required status checks, so an admin will have to bypass these checks in order to merge the PR. peter-evans/create-pull-request#48 https://github.com/orgs/community/discussions/35047
I have managed to get pushing to a branch working fine but I'd like to push to master which is a protected branch. However if I am on my local machine I can push to master, I assume as I am the owner of the org and repo? Is there any way to use the token or identify myself so the action can make a commit using my name and email and push to the protected branch?
The text was updated successfully, but these errors were encountered: