Skip to content

Enable branch protectiion with GH actions #800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 of 4 tasks
christianlupus opened this issue Sep 29, 2021 · 1 comment
Closed
2 of 4 tasks

Enable branch protectiion with GH actions #800

christianlupus opened this issue Sep 29, 2021 · 1 comment
Assignees
@christianlupus
Labels
bug Something isn't working

Comments

@christianlupus
Copy link
Collaborator

christianlupus commented Sep 29, 2021
edited
Loading

Currently, the auto-merge functionality of GH needs branch protection active. This is useful by other means as well.

The drawback is that the deploy script is no longer allowed to push to master and stable branches here.

The result is (here an example)

Run ./.github/actions/deploy/create-version.sh
Creating patch version
Updating bumped version files
New version is 0.9.4.
Updating info.xml
Updating package.json
Updating version in main controller
[stable 4b090c2] Bump to version 0.9.4
 3 files changed, 3 insertions(+), 3 deletions(-)
Switched to a new branch 'master'
Branch 'master' set up to track remote branch 'master' from 'origin'.
Merge made by the 'recursive' strategy.
 .github/actions/deploy/patch      | 2 +-
 CHANGELOG.md                      | 5 ++++-
 lib/Controller/MainController.php | 2 +-
 package.json                      | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)
remote: error: GH006: Protected branch update failed for refs/heads/stable.        
remote: error: 4 of 4 required status checks are expected.        
To https://github.com./nextcloud/cookbook
 ! [remote rejected] stable -> stable (protected branch hook declined)
error: failed to push some refs to 'https://github.com./nextcloud/cookbook'
remote: error: GH006: Protected branch update failed for refs/heads/master.        
remote: error: 5 of 5 required status checks are expected.        
To https://github.com./nextcloud/cookbook
 ! [remote rejected] master -> master (protected branch hook declined)
error: failed to push some refs to 'https://github.com./nextcloud/cookbook'
To https://github.com./nextcloud/cookbook
 * [new tag]         v0.9.4 -> v0.9.4

The solution would be to

  • Create a bot user in GH and add it as admin to the repo
  • Create a personal access token (PAT) for the user and add it as a secret
  • Replacing the GITHUB_TOKEN with the secret PAT
  • Updating the deploy script to not run when pushing from the bot user (checking github.actor from the context), otherwise a infinite recursion will be the result
@christianlupus christianlupus added the bug Something isn't working label Sep 29, 2021
@christianlupus christianlupus self-assigned this Sep 29, 2021
@christianlupus christianlupus mentioned this issue Oct 15, 2021
Merged
@christianlupus
Copy link
Collaborator Author

This should be solved by now. I was not able to test as this would mean I had to push out a new release but we will see upon the next release cycle.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@christianlupus christianlupus

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@christianlupus