search

ad-m / github-push-action

GitHub actions to push back to repository eg. updated code
MIT License
1.21k stars 229 forks source link

Latest commit causes actions to fail #167

Closed echelon closed 1 year ago

echelon commented 1 year ago

We use ad-m/github-push-action@master instead of a pinned version in our github actions.

As of 75ba9fb1cfcb33ef7c6226cfdcbbef9f398a7de3 landing, the following action fails for us: 

      - name: push changes
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          branch: staging
          force: true

With error message: 

Run ad-m/github-push-action@master
  with:
    github_token: ***
    branch: staging
    force: true
    github_url: https://github.com/
    directory: .
Push to branch staging
remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
fatal: Authentication failed for 'https://github.com/storytold/storyteller-frontend.git/'
Error: Invalid exit code: 128
    at ChildProcess.<anonymous> (/home/runner/work/_actions/ad-m/github-push-action/master/start.js:29:21)
    at ChildProcess.emit (node:events:527:28)
    at maybeClose (node:internal/child_process:1092:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5) {
  code: 128
}
Error: Invalid exit code: 128
    at ChildProcess.<anonymous> (/home/runner/work/_actions/ad-m/github-push-action/master/start.js:29:21)
    at ChildProcess.emit (node:events:527:28)
    at maybeClose (node:internal/child_process:1092:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

We do not use password authentication in our actions.

Changing our actions to use uses: ad-m/github-push-action@0fafdd62b84042d49ec0cb92d9cac7f7ce4ec79e fixes the problem.

ZPascal commented 1 year ago

Thanks for reporting it. I'll revert the change.

ZPascal commented 1 year ago

I've reverted the change.

ZPascal commented 1 year ago

@echelon Could you please share the checkout part of the action to set up a test case and analyze the issue further?

echelon commented 1 year ago

Thanks, @ZPascal !

Here's the entire contents of our action: 

# This action syncs "staging" with "master" by force pushing every time it is run, 
# automating our frontend staging deploys
# Adapted from: 
# https://github.community/t/user-github-pages-site-auto-deploy-from-another-branch-on-push/17912/2
on:
  push:
    branches:
      - master

jobs:
  sync_staging_branch:
    runs-on: [ubuntu-latest]
    steps:
      - name: checkout master branch
        uses: actions/checkout@v2
        with:
          persist-credentials: false
      - name: sync master to staging
        run: |
          git config --local user.email "action@github.com"
          git config --local user.name "GitHub Action"
          git checkout -b staging
      - name: push changes
        #uses: ad-m/github-push-action@master
        uses: ad-m/github-push-action@0fafdd62b84042d49ec0cb92d9cac7f7ce4ec79e
        with:
          # NB(echelon): Unfortunately Github does not allow the default access token 
          # to push to protected branches. Using a PAT with permissions can bypass this, 
          # but it triggers recursive Github Actions calls on branch updates (which the 
          # default access token does not). Ultimately, it's better to leave the staging branch 
          # unprotected. It gives engineers access to force push themselves.
          github_token: ${{ secrets.GITHUB_TOKEN }}
          branch: staging
          force: true
ZPascal commented 1 year ago

Thanks, @echelon, for sharing it. I'll test your settings on my test environment.

ZPascal commented 1 year ago

@echelon I've developed a solution and opened a new PR for the case. Can we close this issue?

echelon commented 1 year ago

Thank you so much, @ZPascal !