Push to restricted master branch #26460

pgruetter · 2020-04-21T11:38:20Z

pgruetter
Apr 21, 2020

Hi all

I’m trying to set up a release pipeline in GitHub Actions. As part of this, the release number in the Maven pom.xml is set and pushed back to the master branch.

This worked fine when testing in a simple (private) repository. But in the actual repository, we have branch restrictions set on master:

Require pull request reviews before merging (with at least 1 approving review)
Restrict who can push to matching branches

The push to master by GitHub Actions fails with

! [remote rejected] HEAD -> master (protected branch hook declined)

How can I explicitly allow GitHub Actions to push directly to restricted branches?

Found similar discussions (i.e. here), but the proposed solution of adding github-actions[bot] doesn’t work.

Thanks

Answered by Yanjingzhu

Apr 22, 2020

Hi @pgruetter ,

Organization administrators, repository administrators, and users with the Maintain role can always push to a protected branch.

If you are repository administrators , you could use your personal access token to push changes. You could store it in secrets. Please remember adding persist-credentials: false to checkout@v2.

There is my workflow yml example for push with PAT:

jobs:
  job1:
    name: push
    runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
  with:
    persist-credentials: false
- name: Create local changes
  run: |
   touch $(hexdump -n 16 -v -e '/1 "%02X"' -e '/16 "\n"' /dev/urandom).yml
   git add --all
  working-directory: data/comments/3DACF5…

View full answer

Yanjingzhu · 2020-04-22T06:21:06Z

Yanjingzhu
Apr 22, 2020

Hi @pgruetter ,

Organization administrators, repository administrators, and users with the Maintain role can always push to a protected branch.

If you are repository administrators , you could use your personal access token to push changes. You could store it in secrets. Please remember adding persist-credentials: false to checkout@v2.

There is my workflow yml example for push with PAT:

jobs: job1: name: push runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: persist-credentials: false - name: Create local changes run: | touch $(hexdump -n 16 -v -e '/1 "%02X"' -e '/16 "\n"' /dev/urandom).yml git add --all working-directory: data/comments/3DACF59A72960405D3B93DF91EE3C060 - name: Commit files run: | git config --local user.email "action@github.com" git config --local user.name "GitHub Action" git commit -m "Add changes " -a - name: Push changes uses: ad-m/github-push-action@master with: github_token: ${{ secrets.ADDTAG_PAT }} #github_token: ${{ secrets.GITHUB_TOKEN }}

0 replies

pgruetter · 2020-04-22T11:39:30Z

pgruetter
Apr 22, 2020
Author

Thanks a lot for the precise description and mentioning persist-credentials. It worked!

0 replies

chipzoller · 2020-04-26T22:25:26Z

chipzoller
Apr 26, 2020

@pgruetterI’m an Actions newbie and I’m wanting to do what you did but am not finding the right way. In my case, I simply want to push to the same repo, same branch, but a specific directory. I see the answer which mentioned this action, however is this the right thing in my case? Since my workflows are triggered on commit to master, it shouldn’t produce a commit but simply a silent “upload” to that directory and overwrite all contents. Can you maybe give me a little advice?

0 replies

pgruetter · 2020-04-27T05:29:49Z

pgruetter
Apr 27, 2020
Author

Hi @chipzoller
I don’t fully understand what you’re trying to do. But you can’t just copy files to a directory in git without a commit / push. If you want to add files, you need to checkout your git repo in GitHub Actions, modify it, then commit and push the changes. If that’s what you’re trying to do, then yes, github-push-action is the one I’ve also used here.

0 replies

chipzoller · 2020-04-27T12:41:37Z

chipzoller
Apr 27, 2020

Thanks for your confirmation. I’ll need to look for another way to go about my workflow.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Push to restricted master branch #26460

{{title}}

Replies: 5 comments

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

GitHub Community

Push to restricted master branch #26460

pgruetter Apr 21, 2020

Replies: 5 comments

Yanjingzhu Apr 22, 2020

pgruetter Apr 22, 2020 Author

chipzoller Apr 26, 2020

pgruetter Apr 27, 2020 Author

chipzoller Apr 27, 2020

pgruetter
Apr 21, 2020

Yanjingzhu
Apr 22, 2020

pgruetter
Apr 22, 2020
Author

chipzoller
Apr 26, 2020

pgruetter
Apr 27, 2020
Author

chipzoller
Apr 27, 2020