Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Protected branch update failed #27

Closed
EinfachHans opened this issue Oct 11, 2021 · 6 comments · Fixed by #28
Closed

bug: Protected branch update failed #27

EinfachHans opened this issue Oct 11, 2021 · 6 comments · Fixed by #28
Labels
bug Something isn't working

Comments

@EinfachHans
Copy link

Current behavior

we got the following error in a project: remote: error: GH006: Protected branch update failed for refs/heads/dev.
This is, because we have a rule that we need a PR which has at least one approved review. But Admins can push to the repo without it.

In the action that starts semantic release we set a GITHUB_TOKEN env from an account that has admin rights but this seems not to work.

Expected behavior

Maybe the GITHUB_TOKEN isn't used?

Environment

  • semantic-release/semantic-release version: 17.4.7
  • CI environment: GitHub Action
  • @saithodev/semantic-release-backmerge version: 1.5.3
@saitho
Copy link
Owner

saitho commented Oct 11, 2021

Hi @EinfachHans,

thanks for the report. In fact I don't think we use GITHUB_TOKEN here. I'm also not familiar with the latest changes to semantic-release. If they use it, we should probably do that here as well.

To be honest I'm not using this plugin myself anymore since I'm now mostly working on master/main. ^^
So I'm not sure if I can find the time to examine this – but I'd appreciate any pull requests fixing this bug.

@EinfachHans
Copy link
Author

That's sad, i really like the plugin 😃 As we have many main branches it's great to keep everything updated!

I guess i have too less experience but i will look into it when i find the time 🤔

@saitho
Copy link
Owner

saitho commented Oct 11, 2021

Hacktoberfest is happening right now: https://hacktoberfest.digitalocean.com/
I've just added the tag to this repo, maybe someone comes around to investigate this. ;)

@saitho saitho added the bug Something isn't working label Oct 11, 2021
@EinfachHans
Copy link
Author

i researched a bit. The @semantic-release/github (which is only for github of course) works like this: https://github.com/semantic-release/github/blob/master/lib/get-client.js

So maybe the solution could be a new config like isGithub: boolean and if this is set it could work like mentioned above?

@saitho
Copy link
Owner

saitho commented Oct 14, 2021

i researched a bit. The @semantic-release/github (which is only for github of course) works like this: https://github.com/semantic-release/github/blob/master/lib/get-client.js

The GitHub Plugin does not push new commits. It creates a release using the GitHub API.
I think an approach similar to this is needed: https://github.com/ad-m/github-push-action/blob/master/start.sh#L26
So GITHUB_ACTOR from GitHub Actions and the provided GITHUB_TOKEN need to be used in context.options.repositoryUrl to authenticate properly.

@saitho
Copy link
Owner

saitho commented Oct 14, 2021
edited
Loading

So GITHUB_ACTOR from GitHub Actions and the provided GITHUB_TOKEN need to be used in context.options.repositoryUrl to authenticate properly.

Actually, semantic-release should already do that: https://github.com/semantic-release/semantic-release/blob/v17.4.7/index.js#L56. However that repository URL with credentials is only used internally and not passed to the plugins.

I'll validate that and propose a change on semantic-release. Meanwhile we could just copy the get-git-auth-url.js until this is fixed in semantic-release or in case it's rejected.

EDIT: get-git-auth-url requires a branch name, so it's purely used in merging/pushing context. So we can't provide that to plugins. Instead I'll try to call the method here.

saitho added a commit that referenced this issue Oct 14, 2021
@saitho
fix: use Git auth URL for pushing (#27)
d3ae394 
Get GitAuthUrl via semantic-release and use it when pushing the branch
to be able to use the plugin also with protected branches.
@saitho saitho linked a pull request Oct 14, 2021 that will close this issue
bugfix: push with authorized url #28
Merged
saitho added a commit that referenced this issue Oct 22, 2021
@saitho
fix: use Git auth URL for pushing (#27)
c973a2b 
Get GitAuthUrl via semantic-release and use it when pushing the branch
to be able to use the plugin also with protected branches.

Additional steps for backmerging into protected branches on GitHub are documented in README.
saitho added a commit that referenced this issue Oct 22, 2021
@saitho
fix: use Git auth URL for pushing (#27)
9b76e14 
Get GitAuthUrl via semantic-release and use it when pushing the branch
to be able to use the plugin also with protected branches.

Additional steps for backmerging into protected branches on GitHub are documented in README.
github-actions bot pushed a commit that referenced this issue Oct 22, 2021
@semantic-release-bot
chore(release): 2.0.0 [skip ci]
1b7819a 
# [2.0.0](v1.5.3...v2.0.0) (2021-10-22)

### Bug Fixes

* use Git auth URL for pushing ([#27](#27)) ([9b76e14](9b76e14))

### chore

* require semantic-release >=13.0.0 ([13288a4](13288a4))

### BREAKING CHANGES

* semantic-release >=13.0.0 is set as minimum
dependency to use this plugin.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bugfix: push with authorized url saitho/semantic-release-backmerge
2 participants
@saitho @EinfachHans