Push to restricted master branch

Hi all

I’m trying to set up a release pipeline in GitHub Actions. As part of this, the release number in the Maven pom.xml is set and pushed back to the master branch. 

This worked fine when testing in a simple (private) repository. But in the actual repository, we have branch restrictions set on master:

  • Require pull request reviews before merging (with at least 1 approving review)

  • Restrict who can push to matching branches

The push to master by GitHub Actions fails with

! [remote rejected] HEAD -> master (protected branch hook declined)

How can I explicitly allow GitHub Actions to push directly to restricted branches? 

Found similar discussions (i.e. here), but the proposed solution of adding github-actions[bot] doesn’t work.


1 Like

Hi @pgruetter , 

Organization administrators, repository administrators, and users with the Maintain role can always push to a protected branch. 

If you are repository administrators , you could use your personal access token to push changes.  You could store it in secrets. Please remember adding persist-credentials: false to checkout@v2.  

There is my workflow yml example for push with PAT: 

    name: push
    runs-on: ubuntu-latest

    - uses: actions/checkout@v2
        persist-credentials: false
    - name: Create local changes
      run: |
       touch $(hexdump -n 16 -v -e '/1 "%02X"' -e '/16 "\n"' /dev/urandom).yml
       git add --all
      working-directory: data/comments/3DACF59A72960405D3B93DF91EE3C060
    - name: Commit files
      run: |
        git config --local user.email "action@github.com"
        git config --local user.name "GitHub Action"
        git commit -m "Add changes " -a

    - name: Push changes
      uses: ad-m/github-push-action@master
        github_token: ${{ secrets.ADDTAG_PAT }}
        #github_token: ${{ secrets.GITHUB_TOKEN }}

Thanks a lot for the precise description and mentioning persist-credentials. It worked!

@pgruetterI’m an Actions newbie and I’m wanting to do what you did but am not finding the right way. In my case, I simply want to push to the same repo, same branch, but a specific directory. I see the answer which mentioned this action, however is this the right thing in my case? Since my workflows are triggered on commit to master, it shouldn’t produce a commit but simply a silent “upload” to that directory and overwrite all contents. Can you maybe give me a little advice?

Hi @chipzoller 
I don’t fully understand what you’re trying to do. But you can’t just copy files to a directory in git without a commit / push. If you want to add files, you need to checkout your git repo in GitHub Actions, modify it, then commit and push the changes. If that’s what you’re trying to do, then yes, github-push-action is the one I’ve also used here.

Thanks for your confirmation. I’ll need to look for another way to go about my workflow.