I have a branch protection to my test branch, but i need to execute every pull request merged a action to update the version of the software and commit in the test branch.
Even with the tag –force the error appear:
INPUT_TAGGING_MESSAGE:
No tagging message supplied. No tag will be added.
INPUT_PUSH_OPTIONS: --force
remote: error: GH006: Protected branch update failed for refs/heads/test.
remote: error: Changes must be made through a pull request.
! [remote rejected] HEAD -> test (protected branch hook declined)
error: failed to push some refs to 'https://github.com/***/***'
Error: Invalid status code: 1
at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
at ChildProcess.emit (node:events:390:28)
at maybeClose (node:internal/child_process:1064:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) {
code: 1
}
Error: Invalid status code: 1
at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
at ChildProcess.emit (node:events:390:28)
at maybeClose (node:internal/child_process:1064:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
I allowed everyone to push with force in this branch:
My workflow action:
name: Version Update
on:
pull_request:
branches:
- master
- test
types: [closed]
jobs:
version_update:
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
steps:
- uses: shivammathur/setup-php@15c43e89cdef867065b0213be354c2841860869e
with:
php-version: '8.1'
- name: Get branch name
id: branch-name
uses: tj-actions/branch-names@v6
- uses: actions/checkout@v3
with:
ref: ${{ steps.branch-name.outputs.base_ref_branch }}
- name: Copy .env
run: php -r "file_exists('.env') || copy('.env.example', '.env');"
- name: Install Dependencies
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
- name: Generate key
run: php artisan key:generate
- name: Update Patch Version
if: steps.branch-name.outputs.current_branch != 'test'
run: php artisan version:patch
- name: Update Minor Version
if: steps.branch-name.outputs.current_branch == 'test'
run: php artisan version:minor
- name: Update Timestamp
run: php artisan version:timestamp
- name: Update Commit
run: php artisan version:absorb
- name: Commit changes
uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: "version: update patch"
branch: ${{ steps.branch-name.outputs.base_ref_branch }}
push_options: '--force'
2
Answers
If the branch protection is active and the option "Require a pull request before merging" is marked, this will prevent any push even with --force to go to your protected branch.
In the github is impossible to push in a branch with option "Require a pull request before merging"
My solution for this problem is to work without this option.
There is a "Allow specified actors to bypass required pull requests" option nested under "Require a pull request before merging". Enable that and put in the user used to run the actions as exception worked for me.
Note that we created a GitHub App identity as "the exception user", added that to the exception list and use that to run the workflow (we use https://github.com/getsentry/action-github-app-token to load token from GitHub App to run workflow) because we don’t know how to reference the "default user used to run action workflows".