CI action 'RecordActionSuccess' fails on 'main' branch

[ttarczynski]

See the last CI run: https://github.com/ContainerSolutions/terraform-examples/runs/3074918753?check_suite_focus=true It's because the main branch is protected now:

To https://github.com/ContainerSolutions/terraform-examples
 ! [remote rejected] main -> main (protected branch hook declined)
error: failed to push some refs to 'https://github.com/ContainerSolutions/terraform-examples'
Error: Invalid status code: 1
    at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
    at ChildProcess.emit (events.js:210:5)
    at maybeClose (internal/child_process.js:1021:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5) {
  code: 1
}
Error: Invalid status code: 1
    at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
    at ChildProcess.emit (events.js:210:5)
    at maybeClose (internal/child_process.js:1021:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)

[ttarczynski]

There's a discussion about this problem: https://github.com/isaacs/github/issues/1390 It seams that we need to disable the "include administrators" option to allow the Bot to push to main. Plus make the Bot user an admin.

See the failing action definition: https://github.com/ContainerSolutions/terraform-examples/blob/e6b2b53060f6241c63dfa105fddd5246c35b8aa4/.github/workflows/main.yml#L186-L196

And here are some tips from the git-auto-commit action authors:

• https://github.com/marketplace/actions/git-auto-commit#push-to-protected-branches

[ttarczynski]

One more idea: maybe it would be better to change the process here.

The reason of the Bot commits is that we want to record the last successful full CI test run in .test_log.log and then test only the files that have changed.

But instead of that we can use git tags. The process would be simpler and without Bot pushing to main:

• add two special tags:
  • last_successful_tests_on_main
  • last_successful_tests_on_integration
• each new commit on main / integration should be compared to the last successful on that branch
• each successful tests run will move the tag

---

@ianmiell @sanyer what's your opinion? Should we implement this with git tags?