My scenario: I am in a repo1 (that is where I have this workflow file) and trying to pull repo 2 (both are in the same organization) from repo 1 with the following code:
- name: Checkout aaa-frontend repo
uses: actions/checkout#v2
with:
repository: Orgn1-Global/aaa-frontend
path: develop
token: ${{ github.token }}
From the below error, I assume that, it is able to locate the repository but only has a problem in locating the branch. Is this correct?
Run actions/checkout#v2
Syncing repository: Orgn1-Global/aaa-frontend
Getting Git version info
Initializing the repository
Disabling automatic garbage collection
Setting up auth
Determining the default branch
Retrieving the default branch name
Not Found
Waiting 17 seconds before trying again
Retrieving the default branch name
Not Found
Waiting 12 seconds before trying again
Retrieving the default branch name
Error: Not Found
and what's the right way to pull the 'main' branch of repo 2 from this repo 1?
If I understand your requirement correctly, do you want to checkout repo1 and repo2 in the repo1 action workflow ?
If Yes - It has to be like this:
# checkout of repo1 - where you have your workflow file
- name: Checkout
uses: actions/checkout#v2
with:
path: main
# checkout repo2 in a folder called my-tools
- name: Checkout tools repo
uses: actions/checkout#v2
with:
repository: my-org/repo2
path: my-tools
you can always find an awesome examples in Github action public repository. Here is the checkout one.
Below piece of code should fetch you main branch of aaa-frontend repo
- name: Checkout aaa-frontend repo
uses: actions/checkout#v2
with:
repository: Orgn1-Global/aaa-frontend
path: develop
token: ${{ github.token }}
ref: main
Related
Currently, when I have a new release on a GitHub repo, I need to update all the readme with the new tag.
Example of readme.md (version 1.0.0):
My Java library project
You need to add
`implementation io.github.me:javalib:1.0.0`
And I update the readme to (version 2.0.0):
My Java library project
You need to add
`implementation io.github.me:javalib:2.0.0`
But this manual update is fastidious and sometimes I forgot some tag when I update the documentation.
How can we can automate that?
You can automatize that with a GitHub Action like this:
Requirements
You need to give permission to your GitHub Actions to create a pull request in your GitHub repo settings (Settings -> Actions -> General).
GitHub Actions examples
These GitHub Actions get automatically the tag of the new release and update your readme with the old tag with the new tag.
Update the readme with a pull request
name: Update files
on:
release:
types: [published]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Update files
uses: MathieuSoysal/file-updater-for-release#v1.0.1
with:
files: README.md # List of files to update
prefix: "io.github.me:javalib:" # Prefix before the version in your cas is io.github.me:javalib:
- name: Create Pull Request
uses: peter-evans/create-pull-request#v4
with:
token: ${{ secrets.GITHUB_TOKEN }} # You need to create your own token with pull request rights
commit-message: update readme
title: Update readme
body: Update readme to reflect release changes
branch: update-readme
base: main
Update the readme directly with a commit
name: Update files with commit
on:
release:
types: [published]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v3
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }} # You need to create your own token with commit rights
ref: main # The branch you want to commit to
- name: Update files
uses: MathieuSoysal/file-updater-for-release#v1.0.1
with:
files: README.md # List of files to update
prefix: "io.github.me:javalib:" # Prefix before the version in your cas is io.github.me:javalib:
with-checkout: false # If you don't want to checkout the repo, default is: true
- name: Push changes
uses: EndBug/add-and-commit#v9
with:
committer_name: GitHub Actions
committer_email: actions#github.com
add: .
message: 'update files'
Source
file-updater-for-release
Github actions on pull request were working yesterday. Today they are not running.
.github/workflows/pull_request.yml looks like
name: Pull Request
on:
pull_request:
paths-ignore:
- '.github/**'
jobs:
black_and_flake8:
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout#v3
- name: "Lint project"
uses: ./.github/actions/lint_project
test_common:
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout#v3
- name: "Test common"
uses: ./.github/actions/test_common
test_dags:
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout#v3
- name: "Test dags"
uses: ./.github/actions/test_dags
[etc there are a lot of jobs for different parts of this repo]
For example, ./github/actions/test_dags has a single action.yml file inside that looks like this
name: "test_dags"
description: "Tests for code that lives in /dags"
runs:
using: "composite"
steps:
- name: Run pytest
working-directory: dags
run: |
docker build -t dagtest -f Dockerfile.airflow_dags_test .
docker run --name=dagtestimage dagtest
docker cp dagtestimage:/tmp/htmlcov .
shell: bash
- uses: actions/upload-artifact#v3
with:
name: dags_htmlcov
path: /home/runner/work/processing/processing/dags/htmlcov/
Putting aside that there may be a smarter way to run these tests, why are no actions being fired at all when I make a pull request now? It happily ran all my checks yesterday. Nothing has merged into main related to github actions- just some pytest stuff for one of the modules, and that ran the checks.
My PR is changing the dockerfile referenced in the action above, updating requirements.txt, and to debug I changed a python file (in case those file types were magically excluded).
The GUI for the PR doesn't show any checks. Nothing new shows up in the Actions tab.
How do I figure out why this isn't working?
Turns out github is having an issue - https://www.githubstatus.com/ said everything was green when I posted this, but it has since updated to
Incident with GitHub Actions, API Requests, Codespaces, Git Operations, GitHub Packages, and GitHub Pages
Currently I have a submodule repo, that contains 8 or so github actions. These will be shared between many repos that use the same github actions. I cannot seem to retrigger the actions inside the submodule path, and it only runs the initial action which pulls the submodules
on:
pull_request:
jobs:
sync:
name: 'Submodules Sync'
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: Checkout
uses: actions/checkout#v2
with:
token: ${{ secrets.BOT_GITHUB_ACCESS_PACKAGES_TOKEN }}
submodules: recursive
- name: Checkout submodules
run: git submodule sync && git submodule update --init --recursive
which pulls the submodule into .github/workflows/service-workflows
This is my github action workflow.
name: Release
on:
push:
branches:
- main
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
with:
persist-credentials: false
- name: Setup java
uses: actions/setup-java#v1
with:
java-version: 11
- name: Setup node
uses: actions/setup-node#v1
with:
node-version: "14.x"
cache: npm
- name: Install dependencies
run: npm ci
- name: Build package
run: npm run build --if-present
- name: Semantic release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
HUSKY: 0
run: chmod +x script/prepare-release.sh && npx semantic-release
However, my workflow fails with the following error log.
[semantic-release] › ✖ An error occurred while running semantic-release: Error: Command failed with exit code 1: git push --tags https://x-access-token:[secure]#github.com/didrlgus/convention-template.git HEAD:main
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: At least 1 approving review is required by reviewers with write access.
Maybe it's because my main branch is a protected branch.
How can I push with a protected branch on github action?
There is a workaround. Steps as follows:
Create new Github user eg. my-org-bot
Generate Personal Access Token for this user on https://github.com/settings/tokens and save it somewhere (select repo scope for the token)
Go to your repo and add my-org-bot to contributors
Open your branch protection rules and add my-org-bot to the rule below:
Go to repository secrets and add new secret for Actions with key =BOT_ACCESS_TOKEN and the value = Personal Access Token generated previously
Modify your GH Workflow Checkout step with below:
Now your workflow should be able to push directly to your protected branch on behalf of my-org-bot user.
The solution that works for us is as follows:
name: Version and Package Repo
on:
push:
branches: [ master, main ]
jobs:
build:
if: github.event.commits[0].author.name != 'GitHubActions'
runs-on: ubuntu-18.04
steps:
- name: Checkout repo
uses: actions/checkout#v2
with:
fetch-depth: 0
token: ${{ secrets.PAT }}
- name: Configure git
run: |
git config user.name "GitHubActions"
git config user.email "<>"
- name: Install NPM Packages
run: npm install
env:
NODE_AUTH_TOKEN: $\{{ secrets.PAT }}
- name: Version and Package
run: npm version patch --force
env:
NODE_AUTH_TOKEN: $\{{ secrets.PAT }}
- name: Update git
run: |
git push
git push --tags
This runs on all pushes to master and main branches (we use the same script on multiple repos) and it:
checks the repo out
configures git
installs and then versions some NPM packages (not relevant to this issue, aside from the job making some kind of change to the repo) - this creates a new commit
pushes the changes back to the same branch
secrets.PAT is a personal access token of a user with admin rights and the repo has branch protection on, but excludes admins.
It is worth considering that if you run git push from an action with the on push trigger and you're using a PAT rather than GITHUB_TOKEN, then the action will run in a loop. If you are using GITHUB_TOKEN then GitHub Actions prevents the action running again automatically. We use the conditional if line at the top of the job to prevent the job running if the author name of the last commit is GitHubActions. This is the author name set in the Configure git stage, so the commits that happen within this job (as a result of npm version patch) are from an author with this name.
If the author variable doesn't work for you, there are plenty of others you can use:
https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
The downside of this approach is that you always get a second run appear in your list of actions which is immediately skipped.
I couldn’t find a solution that was acceptable to me/work. So, the only option I was left with was avoiding updates in CI that need to be pushed up. That means versioning and changelogs have to be done as part of a user commit/PR. And I created some tooling it make sure it’s done right, in case it helps anyone else: https://github.com/Shakeskeyboarde/anglerci
I want to define a workflow as follows, for a node.js repo:
When new code is merged into master AND version in package.json is changed, create a new Github release for that version
When a new Github release is created, publish package to NPM
What I hope to achieve is that in our most typical workflow (PR merged to master) a release s created and package is automatically uploaded to NPM but to also be able to trigger an upload to NPM directly from a feature branch (usually a pre-release version, 1.0.3-rc1) by manually creating a release from such branch.
I've set up two Github workflows, each with a single job.
The first:
name: Create release on new version merge
on:
push:
branches:
- master
jobs:
release-on-new-version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Check for version change
id: check
uses: EndBug/version-check#v1
with:
file-url: ::before
static-checking: localIsNew
token: ${{ secrets.GITHUB_TOKEN }}
- name: Log when changed
if: steps.check.outputs.changed == 'true'
run: 'echo "Version change found: ${{ steps.check.outputs.version }}"'
- name: Create Release
if: steps.check.outputs.changed == 'true'
id: create_release
uses: actions/create-release#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v${{ steps.check.outputs.version }}
release_name: v${{ steps.check.outputs.version }}...
The second:
name: Publish on new release
on:
release:
types: created
jobs:
publish-on-release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 10
registry-url: https://registry.npmjs.org/
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
Individually these workflows work as expected: When I merge some work onto master that changes the version number a release is created, and when I manually create a release it gets published to NPM. However I would also expect the release created as the effect of the first workflow to trigger the second flow and therefore when I merge a version change into master eventually automatically see it published to NPM. But to my amazement that does not happen. Is there some sort of mechanism that prevents the effects of one job to (indirectly) trigger another? Or am I missing something?
You might consider to explicitly mention the dependency of one job needed another job, using needs.
You can see that approach illustrated with:
"GitHub Actions: Dependent Jobs" from Edward Thomson (who is also on Stack Overflow)
That would allow to define a third action which would need the first two, forcing them to be chained in their execution.