githubocto
Enable push to a protected branch
Thanks for this nice action!
When adding it to my GitHub action file it turns out it's unable to push it because the master branch is protected.
/usr/bin/git push
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: 2 of 2 required status checks are expected. At least 1 approving review is required by reviewers with write access.
To https://github.com/nextflow-io/nextflow
! [remote rejected] master -> master (protected branch hook declined)
error: failed to push some refs to 'https://github.com/nextflow-io/nextflow'
(node:1610) UnhandledPromiseRejectionWarning: Error: The process '/usr/bin/git' failed with exit code 1
at ExecState._setResult (/home/runner/work/_actions/githubocto/repo-visualizer/main/index.js:935:21)
at ExecState.CheckComplete (/home/runner/work/_actions/githubocto/repo-visualizer/main/index.js:921:16)
at ChildProcess.<anonymous> (/home/runner/work/_actions/githubocto/repo-visualizer/main/index.js:824:21)
at ChildProcess.emit (events.js:210:5)
at maybeClose (internal/child_process.js:1021:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)
I've managed to make it work by pushing to a different branch. However, it would be desirable to have some kind of option to allow pushing also to a protected branch if the committing user is allowed to.
Update, also pushing to a separate branch has side-effects
To https://github.com/nextflow-io/nextflow
! [rejected] repo-visualizer -> repo-visualizer (non-fast-forward)
error: failed to push some refs to 'https://github.com/nextflow-io/nextflow'
hint: Updates were rejected because the tip of your current branch is behind
hint: its remote counterpart. Integrate the remote changes (e.g.
hint: 'git pull ...') before pushing again.
hint: See the 'Note about fast-forwards' in 'git push --help' for details.
(node:1736) UnhandledPromiseRejectionWarning: Error: The process '/usr/bin/git' failed with exit code 1
at ExecState._setResult (/home/runner/work/_actions/githubocto/repo-visualizer/main/index.js:935:21)
at ExecState.CheckComplete (/home/runner/work/_actions/githubocto/repo-visualizer/main/index.js:921:16)
at ChildProcess.<anonymous> (/home/runner/work/_actions/githubocto/repo-visualizer/main/index.js:824:21)
at ChildProcess.emit (events.js:210:5)
at maybeClose (internal/child_process.js:1021:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)
I looked into this out of curiosity, and it seems that pushing to protected branches through GitHub Actions is not possible directly. See for example a similar discussion and a comment from GitHub staff. It looks like there is no intention of allowing Actions to bypass the protection (or at least wasn't at the time).
One workaround may be to create a PR (either as part of this action or as a separate step) and then merge it. Another alternative involves using a token by an admin user, and excluding admin users from the protection (though that can lead to weird behaviour because it look like the push was made by a real user, which can trigger workflows).
GitHub now has a setting for this: https://github.blog/changelog/2021-11-19-allow-bypassing-required-pull-requests/ I haven't been able to make this work for my org yet but is worth taking a look at.
