Describe the bug
When running auto in a CI environment, e.g. Github Actions, auto shipit will fail when master branch protection is turned on. Is there any way, maybe by setting up permissions in a certain way, to overcome this issue without disabling branch protection?
To Reproduce
Using the following Github Action workflow and setting master as a protected branch will result in a failed push attempt with this error message:
Error: Running command 'git' with args [push, --follow-tags, --set-upstream, origin, master] failed
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: At least 1 approving review is required by reviewers with write access.
Github Action workflow
name: Release
on:
push:
branches:
- master
jobs:
release:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, 'ci skip') && !contains(github.event.head_commit.message, 'skip ci')"
steps:
- uses: actions/checkout@v1
- name: Prepare repository
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git checkout ${GITHUB_REF:11} --
git remote rm origin
git remote add origin "https://x-access-token:[email protected]/<owner>/<repository>"
git fetch origin --tags
git branch --set-upstream-to origin/${GITHUB_REF:11} ${GITHUB_REF:11}
- name: Use Node.js 12.x
uses: actions/setup-node@v1
with:
node-version: 12.x
- name: Cache node modules
uses: actions/cache@v1
with:
path: node_modules
key: yarn-deps-${{ hashFiles('yarn.lock') }}
restore-keys: |
yarn-deps-${{ hashFiles('yarn.lock') }}
- name: Create Release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
yarn install --frozen-lockfile
yarn build
yarn auto shipit
- Version 9.6.0
bbrinx
All 8 comments
secrets.GITHUB_TOKEN doesn't actually have write access to your repo. You need to create a token from a user with write access.
I think this is the issue. If this works please comment back and I will add a note to the docs. (Or if you want to make a PR I will merge it)
hipstersmoothie
on 11 Feb 2020
Unfortunately this didn’t solve the problem. It seems like the GITHUB_TOKEN is created automatically and should have the right permissions. But I tried it with a custom token which also didn’t work.
bbrinx
on 12 Feb 2020
I'm still pretty sure that you're token needs a little more permissions. To check this I did the following:
Turn on branch protection for auto-config-hipstersmoothie and switch to GITHUB_TOKEN.
Result: https://github.com/hipstersmoothie/auto-config-hipstersmoothie/runs/451642081?check_suite_focus=true
I got the same error as your did.
After switching back to the GH_TOKEN I set up (created from a user with write access and giving the token repo access).
Result: https://github.com/hipstersmoothie/auto-config-hipstersmoothie/actions/runs/40930001
Release successful ✅
I think I need to make it clearer what permissions to give the token in the docs 😅
hipstersmoothie
on 18 Feb 2020
Turn on branch protection for auto-config-hipstersmoothie and switch to GITHUB_TOKEN.
When you say turn on branch protection - what does that include? Is Allow force pushes disabled?
EDIT: The second link should probably be this: https://github.com/hipstersmoothie/auto-config-hipstersmoothie/runs/451645892?check_suite_focus=true
bbrinx
on 19 Feb 2020
The second link should probably be this
yup, sorry!
Allow force pushes disabled
auto doesn't force push so this shouldn't be an issue.Here is what I have configured
hipstersmoothie
on 19 Feb 2020
@bbrinx Any update on this? Will probably close soon without a reproducible example
hipstersmoothie
on 3 Mar 2020
@hipstersmoothie I added a token with all permissions and it worked! Seems like I didn't set the right permissions the first time I tried. Thanks!
bbrinx
on 3 Mar 2020
Awesome!
hipstersmoothie
on 3 Mar 2020
Related issues
hipstersmoothie
·
11Comments
zephraph
·
12Comments
reintroducing
·
15Comments
aleclarson
·
14Comments
sethomas
·
5Comments
Most helpful comment
@hipstersmoothie I added a token with all permissions and it worked! Seems like I didn't set the right permissions the first time I tried. Thanks!