skip to Main Content

I have a branch protection to my test branch, but i need to execute every pull request merged a action to update the version of the software and commit in the test branch.

Even with the tag –force the error appear:

INPUT_TAGGING_MESSAGE: 
No tagging message supplied. No tag will be added.
INPUT_PUSH_OPTIONS: --force
remote: error: GH006: Protected branch update failed for refs/heads/test.        
remote: error: Changes must be made through a pull request.        
 ! [remote rejected] HEAD -> test (protected branch hook declined)
error: failed to push some refs to 'https://github.com/***/***'
Error: Invalid status code: 1
    at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
    at ChildProcess.emit (node:events:390:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) {
  code: 1
}
Error: Invalid status code: 1
    at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
    at ChildProcess.emit (node:events:390:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

I allowed everyone to push with force in this branch:
enter image description here

My workflow action:

name: Version Update

on:
  pull_request:
    branches: 
      - master
      - test
    types: [closed]

jobs:
  version_update:
    runs-on: ubuntu-latest
    if: github.event.pull_request.merged == true
    steps:
    - uses: shivammathur/setup-php@15c43e89cdef867065b0213be354c2841860869e
      with:
        php-version: '8.1'
    - name: Get branch name
      id: branch-name
      uses: tj-actions/branch-names@v6
    - uses: actions/checkout@v3
      with:
        ref: ${{ steps.branch-name.outputs.base_ref_branch }}
    - name: Copy .env
      run: php -r "file_exists('.env') || copy('.env.example', '.env');"
    - name: Install Dependencies
      run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
    - name: Generate key
      run: php artisan key:generate
    - name: Update Patch Version
      if: steps.branch-name.outputs.current_branch != 'test'
      run: php artisan version:patch
    - name: Update Minor Version
      if: steps.branch-name.outputs.current_branch == 'test'
      run: php artisan version:minor
    - name: Update Timestamp
      run: php artisan version:timestamp
    - name: Update Commit
      run: php artisan version:absorb
    - name: Commit changes
      uses: stefanzweifel/git-auto-commit-action@v4
      with:
        commit_message: "version: update patch"
        branch: ${{ steps.branch-name.outputs.base_ref_branch }}
        push_options: '--force'

2

Answers


  1. Chosen as BEST ANSWER

    If the branch protection is active and the option "Require a pull request before merging" is marked, this will prevent any push even with --force to go to your protected branch.

    enter image description here

    In the github is impossible to push in a branch with option "Require a pull request before merging"

    My solution for this problem is to work without this option.


  2. There is a "Allow specified actors to bypass required pull requests" option nested under "Require a pull request before merging". Enable that and put in the user used to run the actions as exception worked for me.

    Note that we created a GitHub App identity as "the exception user", added that to the exception list and use that to run the workflow (we use https://github.com/getsentry/action-github-app-token to load token from GitHub App to run workflow) because we don’t know how to reference the "default user used to run action workflows".

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search