Closed maxheld83 closed 4 years ago
@Helaili @bryanschuetz @shalzz you guys also seemed to have implemented deploying assets to github pages from within GitHub actions (in fact, I stole your git incantations).
I noticed that you guys also used GITHUB_TOKEN
as a secret, though I now understand that the default GITHUB_TOKEN
that comes with github actions does not suffice to trigger an update to the github webserver, even though it does suffice to push to the gh-pages
branch.
I only got it to work once I provisioned a bespoke GitHub PAT for this purpose, and passed that as a secret.
Did I get this right? Did you face the same limitation as well?
đź‘‹ @maxheld83 - there is indeed a difference of behavior when using Personal Access Tokens and OAuth Tokens, which the GITHUB_TOKEN
is. In my experience, the difference actually only happen on public repos. Pages publishing works fine on private repos, which is ironic as the Pages site is always public anyway.
I'm planning on investigating this deeper but I'm afraid this is not on top of todo list.
@maxheld83 Yes that's correct. In fact this is what I explicitly mention in the README. I'm not sure if this behaviour is different for private repos but I'd probably say it isn't.
For posterity this is the complete explanation I got from the Github Staff:
I see that you're using the GITHUB_TOKEN environment variable to authenticate. That variable is a GitHub App installation token (also known as a server-to-server installation token).
After speaking with the team about this, they let me know that server-to-server requests won't kick off a page build, whether it's creating a commit or explicitly requesting a page build:
I see how it would be useful to open this functionality to GitHub Actions, so I've let the team know about this internally.
However, I'd like to mention that the requesting a page build endpoint is enabled for integrations via a user access token. In other words, you can make a user-to-server request to request a page build:
Alternatively, you can create a personal access token and use that to request a page build:
We’ve found that using a repository deployment key and using an ssh remote also works and is safer since it’s scoped to the repo only.
As @helaili mentions—using GITHUB_TOKEN
to kick off a pages build seems to work fine in private repositories—at least it has for me. I haven't really dug into the documentation much, but I wonder if the problem you're seeing might simply be a function of the currently limited beta?
GitHub Actions is limited to private repositories and push events in public repositories during the limited public beta.
@maxheld83 Thanks for documenting this I spent a ton of time trying to figure out why my environment was not building!
Did you try https://x-access-token:<GITHUB_TOKEN>@github.com/owner/repo.git
? I’ve heard that worked for others to push updates to the repository from an action, but didn’t use it myself yet.
See https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#http-based-git-access-by-an-installation - I know this is for installations, but I think actions are sharing some implementation logic or something
@gr2m I didn't get to give that a go. I will definitely give that a go in the next few weeks!
I just tested it and it works: https://github.com/gr2m/ghpages/tree/gh-pages
Pull request incoming
~Thanks @gr2m this works great!~
This appears to work but the environment does not build on deployment, you can read more here: https://github.com/maxheld83/ghpages/pull/18
What kind of permissions does the PAT need in order to be able to push? There is no checkbox there that says "push_rights".
repo
closing this in favor of #18
from gh:
my response / latest experience: