This is my github action workflow.
name: Release
on:
push:
branches:
- main
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
with:
persist-credentials: false
- name: Setup java
uses: actions/setup-java#v1
with:
java-version: 11
- name: Setup node
uses: actions/setup-node#v1
with:
node-version: "14.x"
cache: npm
- name: Install dependencies
run: npm ci
- name: Build package
run: npm run build --if-present
- name: Semantic release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
HUSKY: 0
run: chmod +x script/prepare-release.sh && npx semantic-release
However, my workflow fails with the following error log.
[semantic-release] › ✖ An error occurred while running semantic-release: Error: Command failed with exit code 1: git push --tags https://x-access-token:[secure]#github.com/didrlgus/convention-template.git HEAD:main
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: At least 1 approving review is required by reviewers with write access.
Maybe it's because my main branch is a protected branch.
How can I push with a protected branch on github action?
There is a workaround. Steps as follows:
Create new Github user eg. my-org-bot
Generate Personal Access Token for this user on https://github.com/settings/tokens and save it somewhere (select repo scope for the token)
Go to your repo and add my-org-bot to contributors
Open your branch protection rules and add my-org-bot to the rule below:
Go to repository secrets and add new secret for Actions with key =BOT_ACCESS_TOKEN and the value = Personal Access Token generated previously
Modify your GH Workflow Checkout step with below:
Now your workflow should be able to push directly to your protected branch on behalf of my-org-bot user.
The solution that works for us is as follows:
name: Version and Package Repo
on:
push:
branches: [ master, main ]
jobs:
build:
if: github.event.commits[0].author.name != 'GitHubActions'
runs-on: ubuntu-18.04
steps:
- name: Checkout repo
uses: actions/checkout#v2
with:
fetch-depth: 0
token: ${{ secrets.PAT }}
- name: Configure git
run: |
git config user.name "GitHubActions"
git config user.email "<>"
- name: Install NPM Packages
run: npm install
env:
NODE_AUTH_TOKEN: $\{{ secrets.PAT }}
- name: Version and Package
run: npm version patch --force
env:
NODE_AUTH_TOKEN: $\{{ secrets.PAT }}
- name: Update git
run: |
git push
git push --tags
This runs on all pushes to master and main branches (we use the same script on multiple repos) and it:
checks the repo out
configures git
installs and then versions some NPM packages (not relevant to this issue, aside from the job making some kind of change to the repo) - this creates a new commit
pushes the changes back to the same branch
secrets.PAT is a personal access token of a user with admin rights and the repo has branch protection on, but excludes admins.
It is worth considering that if you run git push from an action with the on push trigger and you're using a PAT rather than GITHUB_TOKEN, then the action will run in a loop. If you are using GITHUB_TOKEN then GitHub Actions prevents the action running again automatically. We use the conditional if line at the top of the job to prevent the job running if the author name of the last commit is GitHubActions. This is the author name set in the Configure git stage, so the commits that happen within this job (as a result of npm version patch) are from an author with this name.
If the author variable doesn't work for you, there are plenty of others you can use:
https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
The downside of this approach is that you always get a second run appear in your list of actions which is immediately skipped.
I couldn’t find a solution that was acceptable to me/work. So, the only option I was left with was avoiding updates in CI that need to be pushed up. That means versioning and changelogs have to be done as part of a user commit/PR. And I created some tooling it make sure it’s done right, in case it helps anyone else: https://github.com/Shakeskeyboarde/anglerci
Related
My scenario: I am in a repo1 (that is where I have this workflow file) and trying to pull repo 2 (both are in the same organization) from repo 1 with the following code:
- name: Checkout aaa-frontend repo
uses: actions/checkout#v2
with:
repository: Orgn1-Global/aaa-frontend
path: develop
token: ${{ github.token }}
From the below error, I assume that, it is able to locate the repository but only has a problem in locating the branch. Is this correct?
Run actions/checkout#v2
Syncing repository: Orgn1-Global/aaa-frontend
Getting Git version info
Initializing the repository
Disabling automatic garbage collection
Setting up auth
Determining the default branch
Retrieving the default branch name
Not Found
Waiting 17 seconds before trying again
Retrieving the default branch name
Not Found
Waiting 12 seconds before trying again
Retrieving the default branch name
Error: Not Found
and what's the right way to pull the 'main' branch of repo 2 from this repo 1?
If I understand your requirement correctly, do you want to checkout repo1 and repo2 in the repo1 action workflow ?
If Yes - It has to be like this:
# checkout of repo1 - where you have your workflow file
- name: Checkout
uses: actions/checkout#v2
with:
path: main
# checkout repo2 in a folder called my-tools
- name: Checkout tools repo
uses: actions/checkout#v2
with:
repository: my-org/repo2
path: my-tools
you can always find an awesome examples in Github action public repository. Here is the checkout one.
Below piece of code should fetch you main branch of aaa-frontend repo
- name: Checkout aaa-frontend repo
uses: actions/checkout#v2
with:
repository: Orgn1-Global/aaa-frontend
path: develop
token: ${{ github.token }}
ref: main
Hi i created a repository with the same name of my github account called mortezasabihi. and in this repository i pushed my personal website (nuxtjs static) to it and created github action for autodeployment, but I don't know why my github page URL is this:
I want to be https://mortezasabihi.github.io.
this is my gh action:
name: cd
on: [push, pull_request]
jobs:
cd:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
node: [14]
steps:
- name: Checkout
uses: actions/checkout#master
- name: Setup node env
uses: actions/setup-node#v2.1.2
with:
node-version: ${{ matrix.node }}
- name: Install dependencies
run: yarn
- name: Generate
run: yarn run generate
- name: Deploy
uses: peaceiris/actions-gh-pages#v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
what's wrong? I didn't understand!
The own action-gh-pages documentation allows you to configure many things inside your workflow file.
You can have one site published to https://<username>.github.io by publishing to the master (or main) branch of a repository named “username.github.io” (substituting your actual username), as explained here.
You can also have an additional site per GitHub project published to https://<username>.github.io/<project> (which seems to be what you did here using your username profile repository).
Project sites will publish whatever you push to the gh-pages branch by default, but you can change the publishing source in the repository settings.
Another description is available in the GitHub Pages documentation, including options for using custom domain names.
I have my personal website on Github pages too, and use this strategy:
I create a branch named development and working on that branch.
Based on Nuxt documentation, I add some script in my package.json file:
"scripts": {
"dev": "nuxt",
"generate": "nuxt generate",
"start": "nuxt start",
"deploy": "push-dir --dir=dist --branch=master --cleanup"
},
and when running these commands, the dist folder automatically will be pushed to master.
npm run generate
npm run deploy
I am new to Gatsby and just tried a GH Actions workflow for my site today. I see this error at the build stage:
error "gatsby-source-github-api" threw an error while running the
sourceNodes lifecycle: token is undefined
I am using this to pull all repos on my Github into the site.
What I have tried so far:
Checked the Github personal access token
the build is working locally
Versions:
"gatsby-source-github-api": "^0.2.1" "gatsby": "^2.26.1"
This is my node.js.yml GH Actions workflow file:
name: Node.js CI
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [13.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
steps:
- uses: actions/checkout#v2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- run: npm ci
- run: npm run build
PS: I have used a .env file to hold the value of the token that the plugin 'gatsby-source-github-api' requires. And it is in my .gitignore file. So which means it is not sent to GH and hence can't find it?
So that was it -- the .env file which wasn't being pushed to Github.
So I needed to make the token available to the GH Action build somehow.
I tried the action SpicyPizza/create-envfile#v1. It isn't supported by Github but seemed to do the job. It creates a .env file at build with the keys you provide it.
You could also create a .env file manually. See thread.
I want to define a workflow as follows, for a node.js repo:
When new code is merged into master AND version in package.json is changed, create a new Github release for that version
When a new Github release is created, publish package to NPM
What I hope to achieve is that in our most typical workflow (PR merged to master) a release s created and package is automatically uploaded to NPM but to also be able to trigger an upload to NPM directly from a feature branch (usually a pre-release version, 1.0.3-rc1) by manually creating a release from such branch.
I've set up two Github workflows, each with a single job.
The first:
name: Create release on new version merge
on:
push:
branches:
- master
jobs:
release-on-new-version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Check for version change
id: check
uses: EndBug/version-check#v1
with:
file-url: ::before
static-checking: localIsNew
token: ${{ secrets.GITHUB_TOKEN }}
- name: Log when changed
if: steps.check.outputs.changed == 'true'
run: 'echo "Version change found: ${{ steps.check.outputs.version }}"'
- name: Create Release
if: steps.check.outputs.changed == 'true'
id: create_release
uses: actions/create-release#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v${{ steps.check.outputs.version }}
release_name: v${{ steps.check.outputs.version }}...
The second:
name: Publish on new release
on:
release:
types: created
jobs:
publish-on-release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 10
registry-url: https://registry.npmjs.org/
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
Individually these workflows work as expected: When I merge some work onto master that changes the version number a release is created, and when I manually create a release it gets published to NPM. However I would also expect the release created as the effect of the first workflow to trigger the second flow and therefore when I merge a version change into master eventually automatically see it published to NPM. But to my amazement that does not happen. Is there some sort of mechanism that prevents the effects of one job to (indirectly) trigger another? Or am I missing something?
You might consider to explicitly mention the dependency of one job needed another job, using needs.
You can see that approach illustrated with:
"GitHub Actions: Dependent Jobs" from Edward Thomson (who is also on Stack Overflow)
That would allow to define a third action which would need the first two, forcing them to be chained in their execution.
I have the following action on Github actions that automatically packs and deploy a package to nuget.org every time a PR gets merged into master.
name: Nuget Deploy
on:
push:
branches: [ master ]
jobs:
build:
runs-on: windows-latest
steps:
- uses: actions/checkout#v2
- name: Setup .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: 3.1.101
- name: Generate Nuget package
run: dotnet pack
working-directory: DateOverride
- name: Deploy to nuget.org
run: dotnet nuget push *.nupkg -k ${{ secrets.NUGET_DEPLOY_KEY }} -s https://api.nuget.org/v3/index.json
working-directory: DateOverride/DateOverride/bin/Debug
But I would like that it was not run if my update is only a README.md update, is it possible to do so?
I'd think the paths-ignore setting should help:
on:
push:
branches:
- master
paths-ignore:
- '**/README.md'
You might want to combine your current GitHiub Action with another like MarceloPrado/has-changed-path
This action outputs whether a path or combination of paths has changed in the previous commit.
[This] action is meant to be used inside your job steps, not at the root of your workflow file
Or (opposite filter): dorny/paths-filter
With this Github Action you can execute your workflow steps only if relevant files are modified.