semantic-release
configure semantic-release to use an administrator user
Might be a bit late, but here you have some more information: Pushing package.json to a master branch (do read and consider the security concerns this raises)
You'll have to generate a personal access token for your admin account and set it up in your project's secrets at https://github.com/<username>/<project name>/settings/secrets/actions
You can just use the SSH credential to bypass the GitHub branch protection. Add a deploy key to the GitHub repo and in the release section of the workflow file, before semantic release
- name: Checkout
uses: actions/[email protected]
with:
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }} # Your private key
@OopsYao This ssh key idea will not work... The documentation however states:
The SSH key is configured with the local # git config, which enables your scripts to run authenticated git commands.
This would mislead most people to suggest that this method should work.
The problem is that the permissions of the GITHUB_TOKEN will not be updated meaning the @semantic-release/git will not use the admin permissions.
Following on from @olance 's comment.... This method will work and I highly suggest that you look at this comment for the finer details on how to achieve this... I will highlight the use of the persist-credentials: false flag and the use of the GH_TOKEN and GITHUB_TOKENs
@OopsYao's solution works, "Include administrators" needs to be left unchecked in the branch protection rule:
Deploy keys with write access can perform the same actions as an organization member with admin access, or a collaborator on a personal repository.
https://docs.github.com/en/developers/overview/managing-deploy-keys#deploy-keys
Caution: It is subject to the same security risk as using a Personal Access Token: https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations/github-actions#pushing-package.json-changes-to-a-master-branch
