What the contition of a puch with a tocken to trigger a workflow

In practical why this commit
https://github.com/camptocamp/demo_geomapfish/commit/0f56604d77d7f1e370e1fc7ba45309030784d8b8

didn’t trigger this workflow

https://github.com/camptocamp/demo_geomapfish/blob/0f56604d77d7f1e370e1fc7ba45309030784d8b8/.github/workflows/ci.yaml

?

@sbrunner ,

In your workflow (Upgrade 2.5), I noticed that you configure the input parameter on the checkout action like as below:

- uses: actions/checkout@v2
  with:
    ref: 'prod-2-5'

When using the checkout action, few points you need to understand:

1) If you do not specify the value of the input parameter " token", by default the action will use ${{ github.token }} to set the value.

2) The input parameter " persist-credentials" is used to define whether to configure the token or SSH key with the local git config. By default it is " true".

3) When " persist-credentials" is " true", the checkout action will use the value of " token" or " ssh-key" to configure the credentials of the local git config. The configured credentials will be kept to continue to use in the subsequent steps in the same job, even if you provide a new ssh-key/token in the subsequent steps. The newly provided ssh-key/token will be ignore.

4) When you use the repository’s GITHUB_TOKEN ( github.token ) to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.

In summary, there are two solutions to solve the problem you are facing:

Solution 1:

- name: Checkout
  uses: actions/checkout@v2
  with:
    token: ${{ secrets.GITHUB_GOPASS_CI_TOKEN }}
. . .
- name: Push changes
  run: |
    git config user.email "<ci@camptocamp.com>"
    git config user.name "Continuous integration"
    . . .
    git push

Using your GitHub PAT to authenticate on the  checkout action, and let " persist-credentials" be " true". Because the PAT you provide has been configured as the credentials of the local git config , you do not need to provide the credentials when executing  git push.

Solution 2:

- name: Checkout
  uses: actions/checkout@v2
  with:
    persist-credentials: false
. . .
- name: Push changes
  run: |
    git config user.email "<ci@camptocamp.com>"
    git config user.name "Continuous integration"
    . . .
    git push https://c2c-bot-gis-ci:${{ secrets.GITHUB_GOPASS_CI_TOKEN }}@github.com/camptocamp/demo_geomapfish.git

Set " persist-credentials" to be " false". Because no  credentials  is configured for the local git config , you need to provide the credentials when executing  git push.

Related docs:

Checkout V2
Authenticating with the GITHUB_TOKEN

1 Like

I tested the solution 1 and it’s working thanks :slight_smile: