Bypass status check only for the initial push #24615
-
When I enable a branch protection for When I also enable “Include administrators” for the branch protection, no one can create a new branch under I tried this workaround but it looks only for PR. Troubleshooting required status checks - GitHub Docs In this situation, we need to create a branch first to create a PR i.e. deadlock here. Is there any workaround? Currently, the only workaround I found is disabling “Include administrators.” This workaround also enables automated push by Deploy keys because it has administrator privileges. Managing deploy keys - GitHub Docs However, “Include administrators” should be enabled. Also, this workaround doesn’t apply to GitHub App token or PAT or GITHUB_TOKEN. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
Another workaround would be keeping a single |
Beta Was this translation helpful? Give feedback.
-
Tried an empty commit but it still requires status check:
|
Beta Was this translation helpful? Give feedback.
-
Ah, looks like this part was wrong. If the exact same commit has the passed status check, it can pass the protection rule:
Now the error is only:
|
Beta Was this translation helpful? Give feedback.
-
Now I got the proper workaround. First, push the target commit to a non-protected branch (I used a GitHub Actions workflow). Then, trigger a GitHub Actions workflow on push branch event with GitHub App token which is specified to allow bypass pull request for the protected branch (“Allow specified actors to bypass required pull requests”). In the workflow, run a job named the same as the check status job (
With this workaround, I can keep “Require a pull request before merging”, “Require status checks to pass before merging”, “Include administrators”, and “Restrict who can push to matching branches” all enabled! Also, even if the commit is “approved”, administrators still can’t create the protected branch because of " Organization and repository administrators These members cannot bypass", which is good actually since we want to create the protected branch only by the GitHub App. |
Beta Was this translation helpful? Give feedback.
Now I got the proper workaround.
First, push the target commit to a non-protected branch (I used a GitHub Actions workflow). Then, trigger a GitHub Actions workflow on push branch event with GitHub App token which is specified to allow bypass pull request for the protected branch (“Allow specified actors to bypass required pull requests”). In the workflow, run a job named the same as the check status job (
approved
in this example) before pushing to the protected branch.