Describe the bug
When running auto in a CI environment, e.g. Github Actions, auto shipit
will fail when master branch protection is turned on. Is there any way, maybe by setting up permissions in a certain way, to overcome this issue without disabling branch protection?
To Reproduce
Using the following Github Action workflow and setting master as a protected branch will result in a failed push attempt with this error message:
Error: Running command 'git' with args [push, --follow-tags, --set-upstream, origin, master] failed
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: At least 1 approving review is required by reviewers with write access.
Github Action workflow
name: Release
on:
push:
branches:
- master
jobs:
release:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, 'ci skip') && !contains(github.event.head_commit.message, 'skip ci')"
steps:
- uses: actions/checkout@v1
- name: Prepare repository
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git checkout ${GITHUB_REF:11} --
git remote rm origin
git remote add origin "https://x-access-token:[email protected]/<owner>/<repository>"
git fetch origin --tags
git branch --set-upstream-to origin/${GITHUB_REF:11} ${GITHUB_REF:11}
- name: Use Node.js 12.x
uses: actions/setup-node@v1
with:
node-version: 12.x
- name: Cache node modules
uses: actions/cache@v1
with:
path: node_modules
key: yarn-deps-${{ hashFiles('yarn.lock') }}
restore-keys: |
yarn-deps-${{ hashFiles('yarn.lock') }}
- name: Create Release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
yarn install --frozen-lockfile
yarn build
yarn auto shipit
secrets.GITHUB_TOKEN
doesn't actually have write access to your repo. You need to create a token from a user with write access.
I think this is the issue. If this works please comment back and I will add a note to the docs. (Or if you want to make a PR I will merge it)
Unfortunately this didn’t solve the problem. It seems like the GITHUB_TOKEN
is created automatically and should have the right permissions. But I tried it with a custom token which also didn’t work.
I'm still pretty sure that you're token needs a little more permissions. To check this I did the following:
Turn on branch protection for auto-config-hipstersmoothie
and switch to GITHUB_TOKEN
.
Result: https://github.com/hipstersmoothie/auto-config-hipstersmoothie/runs/451642081?check_suite_focus=true
I got the same error as your did.
After switching back to the GH_TOKEN
I set up (created from a user with write
access and giving the token repo
access).
Result: https://github.com/hipstersmoothie/auto-config-hipstersmoothie/actions/runs/40930001
Release successful ✅
I think I need to make it clearer what permissions to give the token in the docs 😅
Turn on branch protection for auto-config-hipstersmoothie and switch to GITHUB_TOKEN.
When you say turn on branch protection - what does that include? Is Allow force pushes
disabled?
EDIT: The second link should probably be this: https://github.com/hipstersmoothie/auto-config-hipstersmoothie/runs/451645892?check_suite_focus=true
The second link should probably be this
yup, sorry!
Allow force pushes disabled
auto doesn't force push so this shouldn't be an issue.Here is what I have configured
@bbrinx Any update on this? Will probably close soon without a reproducible example
@hipstersmoothie I added a token with all permissions and it worked! Seems like I didn't set the right permissions the first time I tried. Thanks!
Awesome!
Most helpful comment
@hipstersmoothie I added a token with all permissions and it worked! Seems like I didn't set the right permissions the first time I tried. Thanks!