I have a branch protection to my test branch, but i need to execute every pull request merged a action to update the version of the software and commit in the test branch.
Even with the tag --force the error appear:
INPUT_TAGGING_MESSAGE:
No tagging message supplied. No tag will be added.
INPUT_PUSH_OPTIONS: --force
remote: error: GH006: Protected branch update failed for refs/heads/test.
remote: error: Changes must be made through a pull request.
! [remote rejected] HEAD -> test (protected branch hook declined)
error: failed to push some refs to 'https://github.com/***/***'
Error: Invalid status code: 1
at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
at ChildProcess.emit (node:events:390:28)
at maybeClose (node:internal/child_process:1064:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) {
code: 1
}
Error: Invalid status code: 1
at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
at ChildProcess.emit (node:events:390:28)
at maybeClose (node:internal/child_process:1064:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
I allowed everyone to push with force in this branch:
My workflow action:
name: Version Update
on:
pull_request:
branches:
- master
- test
types: [closed]
jobs:
version_update:
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
steps:
- uses: shivammathur/setup-php#15c43e89cdef867065b0213be354c2841860869e
with:
php-version: '8.1'
- name: Get branch name
id: branch-name
uses: tj-actions/branch-names#v6
- uses: actions/checkout#v3
with:
ref: ${{ steps.branch-name.outputs.base_ref_branch }}
- name: Copy .env
run: php -r "file_exists('.env') || copy('.env.example', '.env');"
- name: Install Dependencies
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
- name: Generate key
run: php artisan key:generate
- name: Update Patch Version
if: steps.branch-name.outputs.current_branch != 'test'
run: php artisan version:patch
- name: Update Minor Version
if: steps.branch-name.outputs.current_branch == 'test'
run: php artisan version:minor
- name: Update Timestamp
run: php artisan version:timestamp
- name: Update Commit
run: php artisan version:absorb
- name: Commit changes
uses: stefanzweifel/git-auto-commit-action#v4
with:
commit_message: "version: update patch"
branch: ${{ steps.branch-name.outputs.base_ref_branch }}
push_options: '--force'
If the branch protection is active and the option "Require a pull request before merging" is marked, this will prevent any push even with --force to go to your protected branch.
In the github is impossible to push in a branch with option "Require a pull request before merging"
My solution for this problem is to work without this option.
There is a "Allow specified actors to bypass required pull requests" option nested under "Require a pull request before merging". Enable that and put in the user used to run the actions as exception worked for me.
Note that we created a GitHub App identity as "the exception user", added that to the exception list and use that to run the workflow (we use https://github.com/getsentry/action-github-app-token to load token from GitHub App to run workflow) because we don't know how to reference the "default user used to run action workflows".
Related
Hoping someone can help or provide guidance. I am have been bashing my head trying to a GitHub Workflow to run Prettier against all the files that have been added / modified in a pull request, and then commit them back the pull request. I have managed to get the below going so far, but hitting an error when trying to commit the changes back to the PR.
I am new to all this so could be going about it all wrong and just cannot find a example to reference, which makes me think I am doing something wrong :)
name: Pull Request Workflow
on:
pull_request:
types: [opened, reopened, edited, synchronize]
jobs:
lint-analyse-code:
name: Lint & Analyse Code
runs-on: ubuntu-latest
steps:
- name: Step 1 - Checkout Repository
uses: actions/checkout#v3
- name: Step 2 - Setup GIT
run: |
echo "BRANCHES"
git branch -v
echo "REMOTES"
git remote -v
echo "GITHUB_REF is $GITHUB_REF"
echo "GITHUB_HEAD_REF is $GITHUB_HEAD_REF"
echo "GITHUB_BASE_REF is $GITHUB_BASE_REF"
git config advice.ignoredHook false
- name: Step 3 - Setup Node.js
uses: actions/setup-node#v3
- name: Step 4 - Install NPM Dependencies
run: npm install
- name: Step 5 - Get Changed Files
id: changed-files
uses: tj-actions/changed-files#v29.0.7
with:
since_last_remote_commit: true
- name: Step 6 - Prettier
run: npm run prettier-npx ${{ steps.changed-files.outputs.all_changed_files }}
- name: Step 7 - Commit Changes
run: |
echo HEAD:$GITHUB_HEAD_REF
git config user.email "devops#blahblah.co.za"
git config user.name "DevOps"
git add .
git commit -m "Automatically Applied Prettier [skip actions]" || echo "Nothing to push"
git push origin HEAD:$GITHUB_HEAD_REF
Error Message
I recently started working on using some GitHub actions on my projects. I am able to setup them up to run automatically but am struggling with having them run manually. I know that you need the have the workflow_dispatch in the on section. I'm not sure if it's not working because I have it automatically run too. Is someone able to tell me what I am doing wrong?
Here is one of my workflow YAML files
name: Create-Doc-Nightly
on:
push:
branches: [ "nightly" ]
paths:
- 'src/**'
- 'pom.xml'
workflow_dispatch:
jobs:
doc:
name: Create Doc
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
name: Step 1 - Checkout Nightly Branch
with:
persist-credentials: false
fetch-depth: 0
- name: Step 2 - Setup JDK 17
uses: actions/setup-java#v3.4.1
with:
java-version: 17
distribution: 'temurin'
- name: Step 3 - Remove Doc
run: |
git remote set-url origin https://jnstockley:${{ secrets.TOKEN }}#github.com/jnstockley/BTTN.git
git config user.email "jack#jstockley.com"
git config --local user.name "Jack Stockley"
git rm -r docs
git commit -m "Removed Docs"
git push origin nightly
- name: Step 4 - Create Doc
run: mvn dokka:dokka -f pom.xml
- name: Step 5 - Move Docs
run: |
rm -rf docs
mkdir -p docs
mv target/dokka/* docs
- name: Step 6 - Publish docs
run: |
git remote set-url origin https://jnstockley:${{ secrets.TOKEN }}#github.com/jnstockley/BTTN.git
git config user.email "jack#jstockley.com"
git config --local user.name "Jack Stockley"
git add -f docs
git commit -m "Updated Docs"
git push origin nightly
Link to GitHub repo, nightly branch: https://github.com/jnstockley/BTTN/tree/nightly
The workflow must be on your default branch in order to use workflow_dispatch.
I believe in your case it's only on the branch nightly while it should also be on main.
To manually trigger a workflow, use the workflow_dispatch event. You can manually trigger a workflow run using the GitHub API, GitHub CLI, or GitHub browser interface. For more information, see Manually running a workflow
on: workflow_dispatch
Providing inputs
You can configure custom-defined input properties, default input values, and required inputs for the event directly in your workflow. When you trigger the event, you can provide the ref and any inputs. When the workflow runs, you can access the input values in the inputs context. For more information, see Contexts
This example defines inputs called logLevel, tags, and environment. You pass values for these inputs to the workflow when you run it. This workflow then prints the values to the log, using the inputs.logLevel, inputs.tags, and inputs.environment context properties.
yaml
on:
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
type: choice
options:
- info
- warning
- debug
tags:
description: 'Test scenario tags'
required: false
type: boolean
environment:
description: 'Environment to run tests against'
type: environment
required: true
jobs:
log-the-inputs:
runs-on: ubuntu-latest
steps:
- run: |
echo "Log level: $LEVEL"
echo "Tags: $TAGS"
echo "Environment: $ENVIRONMENT"
env:
LEVEL: ${{ inputs.logLevel }}
TAGS: ${{ inputs.tags }}
ENVIRONMENT: ${{ inputs.environment }}
If you run this workflow from a browser you must enter values for the required inputs manually before the workflow will run.
You might like the following documentation links
workflow_dispatch
github docs - events-that-trigger-workflows
How can I push some files that were generated by the runner (user1/repo1) to the main branch from another remote repo (user2/repo1) via GitHub actions?
Please note that:
I set-up a secret key (named ACCESS_TOKEN) in user1/repo1, such that it corresponds to the Personal Access Token from the destination repo (user2/repo1)
the GitHub actions needs to be repeated every ~30 minutes
there already exists a file.rds in the destination repo. The push thus needs to override that file every time
the runner needs to be macOS-latest
This is what I have tried so far:
name: gitaction
on:
schedule:
- cron: "*/30 * * * *"
workflow_dispatch:
jobs:
genFileAndPush:
runs-on: macOS-latest
steps:
- uses: actions/checkout#master
- uses: r-lib/actions/setup-r#master
with:
r-version: '4.1.2'
- name: Run R scripts and generate file
run: |
saveRDS(1:3, file = "file.rds")
shell: Rscript {0}
- name: Push to remote repository
run: |
git config --local user.name actions-user
git config --local user.email "actions#github.com"
git add file.rds
git commit -m "commit"
git remote set-url origin https://env.REPO_KEY#github.com/user2/repo1.git
git push -u origin main
env:
REPO_KEY: ${{secrets.ACCESS_TOKEN}}
username: github-actions
It returns the following error:
remote: Permission to user2/repo1.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/user2/repo1.git/': The requested URL returned error: 403
Error: Process completed with exit code 128.
What am I missing?
Edit
As suggested, I tried using GuillaumeFalourd/git-commit-push#v1.1:
name: gitaction
on:
workflow_dispatch:
jobs:
genFileAndPush:
runs-on: macOS-latest
steps:
- uses: actions/checkout#master
- uses: r-lib/actions/setup-r#master
with:
r-version: '4.1.2'
- name: Run R scripts and generate file
run: |
saveRDS(1:3, file = "file.rds")
shell: Rscript {0}
- uses: actions/checkout#v2.3.4
- uses: GuillaumeFalourd/git-commit-push#v1.1
with:
target_branch: main
files: file.rds
remote_repository: https://github.com/user2/repo1
access_token: ${{secrets.ACCESS_TOKEN}}
force: true
Although there were no error, the file was not pushed (because it was not detected?):
Run GuillaumeFalourd/git-commit-push#v1.1
Run CURRENT_BRANCH=${GITHUB_REF}
WARNING: No changes were detected. git commit push action aborted.
There are some actions on the Github Marketplace that can help you with pushing files to other repositories.
Here is an example of one supported on all OS runners.
The workflow would look like this:
name: gitaction
on:
workflow_dispatch:
jobs:
genFileAndPush:
runs-on: macOS-latest
steps:
- uses: actions/checkout#master
- uses: r-lib/actions/setup-r#master
with:
r-version: '4.1.2'
- name: Run R scripts and generate file
run: |
saveRDS(1:3, file = "file.rds")
shell: Rscript {0}
- uses: GuillaumeFalourd/git-commit-push#v1.3
with:
target_branch: main
files: file.rds
remote_repository: https://github.com/user2/repo1
access_token: ${{secrets.ACCESS_TOKEN}}
force: true
You can find more actions like this one on the marketplace.
Otherwise, you can also perform the whole operation manually using command lines to clone the remote repository, copy the files from the local repo wherever you want on the remote repo, then push the new files to the remote repository.
I have npm publish github actions, I want to run this action if my commit has tag, otherwise I don't want to run my action because of that if I do not add any tag my commit then action is run and failed because it try to publish already publish npm package with same tag. For example with my last commit I have tag 1.2.3 and my npm package was publish with 1.2.3 version. When I add new commit to my branch without any tag actions try to publish my package with 1.2.3 version tag so it failed. Here my actions code below, is there any solution for it.
Thanks for advive.
name: NPM Publish
on:
push:
branches:
- master
tags:
- v*
jobs:
build:
name: Build π & Publish π
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v2.4.0
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- run: npm install
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
I need something like that on yml file
if(git_commit has tag) continue job else stop job;
EDITTED VERSION
I edit my yml file base on #Enrico Campidoglio suggestion but still is does not work. I made two commit first one without tag and it canceled the action but second one has tag it still canceled action. Is there any new suggestion or solution ?
name: NPM Publish
on:
push:
branches:
- master
jobs:
build:
name: Build π & Publish π
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v2.4.0
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- run: echo "GIT_COMMIT=`echo $(git rev-parse --short HEAD)`" >> $GITHUB_ENV
- run: echo "GIT_TAG=`echo $(git describe --tags --exact-match ${{ env.GIT_COMMIT }} || :)`" >> $GITHUB_ENV
- run: echo ${{ env.GIT_TAG }} != v*
- run: |
if [[ ${{ env.GIT_TAG }} == v* ]] ; then
echo "Tag found..."
else
echo "No git tag found, action cancelled..."
exit 1
fi
- uses: andymckay/cancel-action#0.2
if: ${{ env.GIT_TAG }} != v*
- run: npm install
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
there is action result I cannot figure out what is the problem,
here the lastest failed action: https://github.com/sametcelikbicak/enum2array/runs/3513521031?check_suite_focus=true
I found the solution finally after too many tried. I changed my mind and try to run shell script and it works :)
Just add that line in my yml file
- name: Check Git Tag to continue publish
run: ./scripts/publish.sh
and I created a sh file for control the commit tag. You can find the latest script and yml file definitions below
Here is my lastest yml file, npm-publish.yml
name: NPM Publish
on:
push:
branches:
- master
jobs:
build:
name: Build π & Publish π
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v2.4.0
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- name: Check Git Tag to continue publish
run: ./scripts/publish.sh
- run: npm install
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Here is my script file, publish.sh
#!/usr/bin/env bash
GIT_COMMIT=$(git rev-parse --short HEAD)
GIT_TAG=$(git describe --tags --exact-match $COMMIT || :)
if [[ ${GIT_TAG} == v* ]] ; then
echo "$GIT_TAG Tag found..."
else
echo "No git tag found, action cancelled..."
exit 1
fi
For the time being, there isn't an official action to cancel the current workflow. There is, however, an official GitHub API and a third-party action that invokes it. You could combine it with an if conditional and the github context to achieve what you want:
steps:
- uses: andymckay/cancel-action#0.2
if: startsWith(github.ref, 'refs/tags')
Be aware that cancelling a workflow through the API is an asynchronous operation, which means that later steps might still get executed until the workflow runner handles the request.
A much more solid approach would be to put a condition on your publishing step to only run when the workflow was triggered by a new tag:
steps:
- run: npm publish --access public
if: startsWith(github.ref, 'refs/tags')
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
I have a build and deploy GitHub action that runs when I update my GitHub pages repository. In addition I have one that updates the recipes using I store.
Most of the time it runs fine but occasionally I update from my phone (with Working Copy) and do a merge, then each action runs twice, all of them triggered by the same push. The recipe update action succeeds both times.
Yet when that happens one of the build and deploy actions fails with something like β! [remote rejected] master -> gh-pages (cannot lock ref 'refs/heads/gh-pages': is at 37c581108d857f9d9c8fe584103d78e4473d280b but expected ceaf2249cc2f7864f0269e64d372fc40ce0b06e0)β
It doesnβt break anything but Iβm not sure why it happens and Iβd like to fix it.
Build and deploy
on:
push:
branches:
- main
schedule:
- cron: '0 */2 * * *'
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout#v2
with:
persist-credentials: false
- name: Setup Python Environment
uses: actions/setup-python#v2
with:
python-version: 3.8
- name: Install Requirements
run: pip install -r requirements.txt
- name: Execute Python script
run: |
python3 -m papexp
env:
EMAIL: ${{ secrets.EMAIL }}
PASSWORD: ${{ secrets.PASSWORD }}
- name: setup git config
run: |
git config --local user.name ${{ secrets.USERNAME_GITHUB }}
git config --local user.email ${{ secrets.EMAIL }}
git pull --ff-only origin main
git add images/recipes/*
git add .
git commit -am "Update recipes" || echo "Nothing to update"
- name: Push changes
uses: ad-m/github-push-action#master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}
I don't think the action is running twice because of a single push, and I don't think it's related to whether you update from your mobile or not.
Your action runs when you push to main, but it also runs every 2 hours. So sometimes you're going to get conflicts, when the action triggered by a push runs at the same time as a scheduled action.
If you need the action to run in both situations (triggered and scheduled), and if the occasional collisions aren't causing you problems, I'd just put up with it TBH. Trying to implement some kind of locking mechanism to avoid collisions is probably more effort than it's worth.