Circumvent pull request for script - bitbucket-server

We use Jalopy to reformat the code. On jenkins/svn, we checked out, formatted and commited again. Now on bamboo/stash, we want to do the same.
We set up this restriction for the master branch:
Prevent changes without a pull request (Everyone)
(AFAIK, it is not possible, to exclude certain users from this rule, is it?)
Now, as expected, when we try to push the formatted sources, we get this error:
remote: Branch refs/heads/master can only be modified through pull requests.
remote: Check your branch permissions configuration with the project administrator.
remote: ----------------------------------------------------
remote:
To ssh://git#mystash.com/proj/proj1.git
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'ssh://git#mystash.com/proj/proj1.git'
Any suggestions on how we can keep the enforcement for pull requests, while still being able to push directly to master from a Bamboo script? Or any better approach?

That is currently correct ... kind of. The Stash UI doesn't provide a way to set this (or see if you have) at the moment. However, the REST API will actually let you set branch permissions and specify users who are exempt. For details, see this comment on the feature suggestion to add full support.

Related

Bypass branch protection with action and Github app

I have an action, that automatically indexes all files in the repository and creates a csv. Currently this action always creates their own pull request. This creates the annoying need to approve two pull requests per change (the first one with the change itself and the second one with the change in the index.csv file created by the action minutes later).
What I tried now, is creating a Github App, which is added to the "Allow specified actors to bypass required pull requests" in the branch protection and using tibdex/github-app-token#v1 to create a token in the context of the GitHub app.
Unfortunately, it still does not work. I get the following error:
Run echo "Hello World" >> HelloWorld.txt
[main f8445ab] Add unncessary file for testing
1 file changed, 1 insertion(+)
create mode 100644 HelloWorld.txt
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: Required status check "*****" is expected. At least 1 approving review is required by reviewers with write access.
To https://github.com/***/***.git
! [remote rejected] main -> main (protected branch hook declined)
error: failed to push some refs to 'https://github.com/***/***.git'
Error: Process completed with exit code 1.
The code I'm trying to run in the action is the following:
echo "Hello World" >> HelloWorld.txt
git config --global user.email "****"
git config --global user.name "****"
git add .
git commit -m "Add unncessary file for testing"
git push "https://action-name:${{ steps.generate_token.outputs.token }}#github.com/***/***.git"
I know that it is bad practice and breaks the permission concept to be able to do this, but in this case, it is fine for many reasons which go beyond the discussion at this point.
I'm happy for any suggestions on how to achieve this.
Thanks so much in advance

Using env variable github.ref_name doesn't give me branch name

When I use in my workflow github.ref_name it doesn't provide me a branch name from where I triggered this workflow. I get 16/merge. Why? When I use github.ref_type I clearly see that my ref type is branch so why I don't get branch name?
Also it's showing when I use $GITHUB_REF or git symbolic-ref HEAD (and separating refs/heads/ off). Ah and I tried github.event.push.ref but it's not showing me anything.
How to get always branch name from where I triggered the workflow?
For following code:
Run echo running on branch ${GITHUB_REF##*/} ${GITHUB_REF}
When your workflow runs becuase of push event you will get:
running on branch main refs/heads/main
But for pulr request event it would be:
running on branch merge refs/pull/3/merge
Why's that?
If the repository is on GitHub and you have any Pull Requests that have been opened, you’ll get these references that are prefixed with refs/pull/. These are basically branches, but since they’re not under refs/heads/ you don’t get them normally when you clone or fetch from the server — the process of fetching ignores them normally.
You can also check this question here

Cannot push on github suddently

Well, it is very weird. I'm using Github protection rules to enforce to make pull requests and to trigger TravisCI for every push. However, because of continuous translation, I need a user who should be able to push without making a pull request and avoiding TravisCI status check (for that I use [ci skip]). This user is included in the white list that Github provides in branch protection rules. It worked perfect since last week, suddenly when I try to push with this user I receive this:
remote: Resolving deltas: 100% (5/5), completed with 5 local objects.
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: Required status check "Travis CI - Pull Request" is expected. At least 1 approving review is required by reviewers with write access.
To https://github.com/*****
! [remote rejected] master -> master (protected branch hook declined)
error: failed to push some refs to 'https://*****'
It is very weird since it always worked till now. And, the user has permissions to push without making a pull request and it is skipping Travis with through the commit message so I do not understand why Github is asking me about status check and approvals.
The latest issue I had :
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: Cannot force-push to this protected branch
To https://github.com/org/project.git
! [remote rejected] master -> master (protected branch hook declined)
error: failed to push some refs to 'https://github.com/org/project.git
Because I'm admin/owner I was able to go and do the following and that helped me to resolve the push problem.
Steps :
--> Settings
-->Branches
--> Tick Allow force pushes
Permit force pushes for all users with push access.
That will do the work.
I solved it finally giving admin access to the user instead of just write access. Now it is able to push avoiding approvals and status check. But I don't understand why does not work just being in the white list of protection branch rules... It worked before, looks like GitHub made some changes...
Master [now Main] is a protected branch. You need to make a new branch and push that instead.
Seen in branch protection rules:
In my case a security rule was somehow created for the repo. This rule allowed only admins to push. I deleted that rule and things started working as expected.
Repo > Settings > Branches > Branch protection rules [Delete]
In my case a Branch Protection Rule was misfiring. Deleting the rule, then recreating it in GitHub fixed the issue.
In my case, I made a Pull (Rebase) first, and then I made Push
In my case git push origin HEAD fixed the problem.

do we get all (i.e. open / closed / merged) pull heads while doing a fetch with * configuration

while checking out github pull heads through a * fetch configuration I retrieved a list of pull heads in the form of ref/pull/* or something similar.
Are these pointing to only open , closed or all pull requests ? and what about the pull requests that have been already merged and closed ?
Depends on which git version you have installed.
It was true prior to git v2.0 build was changed from match to simple
V2. release notes:
When "git push [$there]" does not say what to push, we have used the
traditional "matching" semantics so far (all your branches were sent
to the remote as long as there already are branches of the same name
over there). In Git 2.0, the default is now the "simple" semantics,
which pushes:
only the current branch to the branch with the same name, and only
when the current branch is set to integrate with that remote
branch, if you are pushing to the same remote as you fetch from; or
only the current branch to the branch with the same name, if you
are pushing to a remote that is not where you usually fetch from.
You can use the configuration variable "push.default" to change
this. If you are an old-timer who wants to keep using the
"matching" semantics, you can set the variable to "matching", for
example. Read the documentation for other possibilities.
How does the push configuration related to pull request?
Git hub store the pull request using refspec which means that its behave just like any other branch with the exception that instead of begin placed under /refs/heads/* its is stored under /refs/heads/<pulls (you can change this path- see below)>/*.
So to summarize it:
Github pull reqauests behave the same way as normal refs, depending on your configuration. If you did changed anything and you using git<2 you will get the full list of pull request, if you changed the settings or using git>2 you should only get partial of the pull requests.
Example:
[remote "origin"]
fetch = +refs/heads/*:refs/remotes/origin/*
url = git#github.com:xxx/xxxx.git
fetch = +refs/pull/*/head:refs/remotes/origin/pr/*
Fetch all the pull requests: (The pr folder is the one u defined above)
$ git fetch origin
From github.com:xxx/xxx
* [new ref] refs/pull/<id1>/head -> origin/pr/<id1>
* [new ref] refs/pull/<id2>/head -> origin/pr/<id2>
...

How to push to a local remote?

I'm having a hard time pushing my commits to a remote repository with libgit2sharp. Using the git bash it works fine.
The remote is addressed via UNC like "//computer_name/remote.git". So it's a folder on a machine in the local network which has an accessible folder.
Cloning it to a local repo with libgit2sharp worked just fine and constructing a remote was successful too with
Remote remote = localrepo.Network.Remotes["origin"];
Now when I try pushing to the remote with:
localrepo.Network.Push(remote, "HEAD", "origin");
I get the exception in git_push_add_refspec() in Proxy.cs
An error was raised by libgit2. Category = Invalid (Error).
Not a valid reference 'origin'
So then I tried:
repo.Network.Push(remote, "HEAD", #"refs/remotes/origin/master");
and got the exception in git_push_finish() in Proxy.cs
An error was raised by libgit2. Category = Net (Error).
Remote transport doesn't support push.
Is there a right way to do this or is there a support problem for my usecase?
Thanks in advance!
[UPDATE]
Now my command looks like this
repo.Network.Push(remote, "HEAD", #"refs/remote/origin/master", pushStErrHnd, null);
The PushStatusErrorHandler has only one line of code in which it should write the PushErrorStatus to console. But console remains blank and then the above exception occurs.
[UPDATE 2]
The static variable Repository.Version was 0.9.5 when I experienced the above.
As nulltoken has already mentioned, local push has just recently been added. You will need to make sure that you have a recent LibGit2Sharp build (you will need LibGit2Sharp containing commit 547a6bd, committed on March 12)
Also, there is a slight mistake in the API usage. The destination reference should be the reference to update on the remote (e.g. #"refs/remote/origin/master" should probably be #"refs/heads/master").
Push to a local repository has been recently added to libgit2 (see PR #1406) and eventually embedded in LibGit2Sharp. However, this feature hasn't been properly tested yet.
In order to try and help you, could you please update your questions with the answers to the few questions below:
Push accept an additional parameter to give more information about issues: onPushStatusError. Could you please provide the output of each potential PushStatusErrors?
You state "Cloning it to a local repo worked". How did you perform the clone? Through git? Through LibGit2Sharp?
What happens if you change the url of the remote to a file URI format (eg. file://computer_name/remote.git)?
UPDATE
The amazing #yorah is working on a Pull Request to enhance the test coverage regarding your scenario.
Cloning from a local repository
Adding a new Commit
Pushing the newly created commit
Retrieving the list of the remote references