Push to restricted master branch

pgruetter · April 21, 2020, 11:38am

Hi all

I’m trying to set up a release pipeline in GitHub Actions. As part of this, the release number in the Maven pom.xml is set and pushed back to the master branch.

This worked fine when testing in a simple (private) repository. But in the actual repository, we have branch restrictions set on master:

Require pull request reviews before merging (with at least 1 approving review)
Restrict who can push to matching branches

The push to master by GitHub Actions fails with

! [remote rejected] HEAD -> master (protected branch hook declined)

How can I explicitly allow GitHub Actions to push directly to restricted branches?

Found similar discussions (i.e. here), but the proposed solution of adding github-actions[bot] doesn’t work.

Thanks

yanjingzhu · April 22, 2020, 6:21am

Hi @pgruetter ,

Organization administrators, repository administrators, and users with the Maintain role can always push to a protected branch.

If you are repository administrators , you could use your personal access token to push changes. You could store it in secrets. Please remember adding persist-credentials: false to checkout@v2.

There is my workflow yml example for push with PAT:

jobs:
  job1:
    name: push
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
      with:
        persist-credentials: false
    - name: Create local changes
      run: |
       touch $(hexdump -n 16 -v -e '/1 "%02X"' -e '/16 "\n"' /dev/urandom).yml
       git add --all
      working-directory: data/comments/3DACF59A72960405D3B93DF91EE3C060
    - name: Commit files
      run: |
        git config --local user.email "action@github.com"
        git config --local user.name "GitHub Action"
        git commit -m "Add changes " -a

    - name: Push changes
      uses: ad-m/github-push-action@master
      with:
        github_token: ${{ secrets.ADDTAG_PAT }}
        #github_token: ${{ secrets.GITHUB_TOKEN }}

pgruetter · April 22, 2020, 11:39am

Thanks a lot for the precise description and mentioning persist-credentials. It worked!

chipzoller · April 26, 2020, 10:25pm

@pgruetterI’m an Actions newbie and I’m wanting to do what you did but am not finding the right way. In my case, I simply want to push to the same repo, same branch, but a specific directory. I see the answer which mentioned this action, however is this the right thing in my case? Since my workflows are triggered on commit to master, it shouldn’t produce a commit but simply a silent “upload” to that directory and overwrite all contents. Can you maybe give me a little advice?

pgruetter · April 27, 2020, 5:29am

Hi @chipzoller
I don’t fully understand what you’re trying to do. But you can’t just copy files to a directory in git without a commit / push. If you want to add files, you need to checkout your git repo in GitHub Actions, modify it, then commit and push the changes. If that’s what you’re trying to do, then yes, github-push-action is the one I’ve also used here.

chipzoller · April 27, 2020, 12:41pm

Thanks for your confirmation. I’ll need to look for another way to go about my workflow.