pascalgn
commented
5 years ago Could you add screenshots of the branch protection rules? So this screen, for both the base and target branch:
Closed YosBD closed 5 years ago
pascalgn
commented
5 years ago Could you add screenshots of the branch protection rules? So this screen, for both the base and target branch:
YosBD
commented
5 years ago Thanks for the quick response :)
The PR base branch is protected (the merge target). the "feature branch" is not protected.
pascalgn
commented
5 years ago I haven't tested it, but I'm pretty sure it's the option "Restrict who can push to matching branches".
It seems to be the same issue that a similar project faced: https://github.com/renovatebot/renovate/issues/846. They solved it by registering a separate account, @renovate-bot, that can be added to the list of allowed users. However, that solution is not possible for GitHub actions.
I am afraid there is currently no way to work around this, unless GitHub changes the way these restrictions are applied, for example by adding a checkbox "Allow GitHub actions to push" or similar.
Sorry that I don't have any better news for you!
YosBD
commented
5 years ago @pascalgn I've followed your lead and removed this restriction.
now I'm getting the following error:
ERROR Cannot read property 'get' of undefined
Full log:
### STARTED automerge 13:22:19Z
Pulling image: gcr.io/github-actions-images/action-runner:latest
latest: Pulling from github-actions-images/action-runner
169185f82c45: Pulling fs layer
0ccde4b6b241: Pulling fs layer
d0372f57daa2: Pulling fs layer
165911d108d6: Pulling fs layer
54996bce1de5: Pulling fs layer
165911d108d6: Waiting
54996bce1de5: Waiting
d0372f57daa2: Verifying Checksum
d0372f57daa2: Download complete
0ccde4b6b241: Verifying Checksum
0ccde4b6b241: Download complete
169185f82c45: Verifying Checksum
169185f82c45: Download complete
54996bce1de5: Verifying Checksum
54996bce1de5: Download complete
165911d108d6: Verifying Checksum
165911d108d6: Download complete
169185f82c45: Pull complete
0ccde4b6b241: Pull complete
d0372f57daa2: Pull complete
165911d108d6: Pull complete
54996bce1de5: Pull complete
Digest: sha256:c9bb432ec5ec08ee08b040a9fccacebbbf8a91444dac4721600cf5dca9dae57e
Status: Downloaded newer image for gcr.io/github-actions-images/action-runner:latest
9398745fc8d9dd06703697c893e63440c1bc5a1d5c1147dba59818fd556fd0c8: Pulling from gct-12-f23it3ebw8tvp5bqbqvjxs3/b9667f6526899bd596f24fe97875d4e94fc390ebf99a17e78f8226e2110642f2/8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1
8e402f1a9c57: Already exists
d17ed04306bc: Already exists
1fda57082bf6: Already exists
9b7bfee39929: Pulling fs layer
476e6d7e37fb: Pulling fs layer
7243bd4fa19e: Pulling fs layer
476e6d7e37fb: Verifying Checksum
476e6d7e37fb: Download complete
7243bd4fa19e: Verifying Checksum
7243bd4fa19e: Download complete
9b7bfee39929: Verifying Checksum
9b7bfee39929: Download complete
9b7bfee39929: Pull complete
476e6d7e37fb: Pull complete
7243bd4fa19e: Pull complete
Digest: sha256:2b37bc64f5b604e5e33b5a06a6fa895d048007416059f8ea06989f1d274d144d
Status: Downloaded newer image for gcr.io/gct-12-f23it3ebw8tvp5bqbqvjxs3/b9667f6526899bd596f24fe97875d4e94fc390ebf99a17e78f8226e2110642f2/8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1:9398745fc8d9dd06703697c893e63440c1bc5a1d5c1147dba59818fd556fd0c8
Step 1/9 : FROM node:11-alpine
11-alpine: Pulling from library/node
Digest: sha256:0597176870c577e22419a60d9568ee6dbb7a2f329c2efcf76efc57599b702e82
Status: Downloaded newer image for node:11-alpine
---> 09084e4ff58d
Step 2/9 : LABEL "com.github.actions.name"="Merge pull requests"
---> Using cache
---> a14ddd51d8a1
Step 3/9 : LABEL "com.github.actions.description"="Automatically merge pull requests that are ready"
---> Using cache
---> e6064df8dcce
Step 4/9 : LABEL "com.github.actions.icon"="git-pull-request"
---> Using cache
---> b7f5a5cd152d
Step 5/9 : LABEL "com.github.actions.color"="blue"
---> Using cache
---> a4cb7169e7ef
Step 6/9 : RUN apk add --no-cache git openssl
---> Using cache
---> 0e3f25d5458f
Step 7/9 : COPY . /tmp/src/
---> Using cache
---> 1452c24ae105
Step 8/9 : RUN yarn global add "file:/tmp/src" && rm -rf /tmp/src
---> Using cache
---> 4cee793a6397
Step 9/9 : ENTRYPOINT [ "automerge-action" ]
---> Using cache
---> fefa8b60aaa7
Successfully built fefa8b60aaa7
Successfully tagged gcr.io/gct-12-f23it3ebw8tvp5bqbqvjxs3/b9667f6526899bd596f24fe97875d4e94fc390ebf99a17e78f8226e2110642f2/8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1:9398745fc8d9dd06703697c893e63440c1bc5a1d5c1147dba59818fd556fd0c8
Already have image (with digest): gcr.io/github-actions-images/action-runner:latest
INFO Event name: status
INFO Updating PR #8415 test automerge
ERROR Cannot read property 'get' of undefined
INFO No PRs have been updated
### DECLINED automerge 13:22:56Z (36.31s)oops, thanks for the report! That's an actual bug!
It's fixed now in v0.1.1, to update change your main.workflow to update the uses part like this:
uses = "pascalgn/automerge-action@88946e3839502862e5fdad007daa5ec524145a5d"@pascalgn so, now it works for the case where I set the "automerge" label after all checks (CI) have passed. But it is still not working when it triggered by CI completion.
Full log:
### STARTED automerge 18:24:21Z
Pulling image: gcr.io/github-actions-images/action-runner:latest
latest: Pulling from github-actions-images/action-runner
169185f82c45: Pulling fs layer
0ccde4b6b241: Pulling fs layer
d0372f57daa2: Pulling fs layer
165911d108d6: Pulling fs layer
54996bce1de5: Pulling fs layer
165911d108d6: Waiting
54996bce1de5: Waiting
d0372f57daa2: Download complete
169185f82c45: Verifying Checksum
169185f82c45: Download complete
0ccde4b6b241: Verifying Checksum
0ccde4b6b241: Download complete
165911d108d6: Verifying Checksum
165911d108d6: Download complete
169185f82c45: Pull complete
54996bce1de5: Verifying Checksum
54996bce1de5: Download complete
0ccde4b6b241: Pull complete
d0372f57daa2: Pull complete
165911d108d6: Pull complete
54996bce1de5: Pull complete
Digest: sha256:c9bb432ec5ec08ee08b040a9fccacebbbf8a91444dac4721600cf5dca9dae57e
Status: Downloaded newer image for gcr.io/github-actions-images/action-runner:latest
cce8073e1c5cc3d6aaed3af007540afd45ed6f6120cb2d93e10dbe9dd655ac59: Pulling from gct-12-f23it3ebw8tvp5bqbqvjxs3/b9667f6526899bd596f24fe97875d4e94fc390ebf99a17e78f8226e2110642f2/8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1
8e402f1a9c57: Already exists
d17ed04306bc: Already exists
1fda57082bf6: Already exists
e0fb8a6fab67: Pulling fs layer
7c9a89f6ff11: Pulling fs layer
2d4a44b2f773: Pulling fs layer
7c9a89f6ff11: Verifying Checksum
7c9a89f6ff11: Download complete
2d4a44b2f773: Verifying Checksum
2d4a44b2f773: Download complete
e0fb8a6fab67: Verifying Checksum
e0fb8a6fab67: Download complete
e0fb8a6fab67: Pull complete
7c9a89f6ff11: Pull complete
2d4a44b2f773: Pull complete
Digest: sha256:fd90430a2f1bf92ccfe9697e476b7501ea28f01ec73b918b6072615d44e4b399
Status: Downloaded newer image for gcr.io/gct-12-f23it3ebw8tvp5bqbqvjxs3/b9667f6526899bd596f24fe97875d4e94fc390ebf99a17e78f8226e2110642f2/8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1:cce8073e1c5cc3d6aaed3af007540afd45ed6f6120cb2d93e10dbe9dd655ac59
Step 1/9 : FROM node:11-alpine
11-alpine: Pulling from library/node
Digest: sha256:0597176870c577e22419a60d9568ee6dbb7a2f329c2efcf76efc57599b702e82
Status: Downloaded newer image for node:11-alpine
---> 09084e4ff58d
Step 2/9 : LABEL "com.github.actions.name"="Merge pull requests"
---> Using cache
---> b407f1352c5f
Step 3/9 : LABEL "com.github.actions.description"="Automatically merge pull requests that are ready"
---> Using cache
---> cbd4fe45fabb
Step 4/9 : LABEL "com.github.actions.icon"="git-pull-request"
---> Using cache
---> 976a7c13edbd
Step 5/9 : LABEL "com.github.actions.color"="blue"
---> Using cache
---> b85fbcc52e70
Step 6/9 : RUN apk add --no-cache git openssl
---> Using cache
---> 33aa1420f810
Step 7/9 : COPY . /tmp/src/
---> Using cache
---> 7ba4b5a71a90
Step 8/9 : RUN yarn global add "file:/tmp/src" && rm -rf /tmp/src
---> Using cache
---> 689a534432be
Step 9/9 : ENTRYPOINT [ "automerge-action" ]
---> Using cache
---> 3e8d6893a16b
Successfully built 3e8d6893a16b
Successfully tagged gcr.io/gct-12-f23it3ebw8tvp5bqbqvjxs3/b9667f6526899bd596f24fe97875d4e94fc390ebf99a17e78f8226e2110642f2/8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1:cce8073e1c5cc3d6aaed3af007540afd45ed6f6120cb2d93e10dbe9dd655ac59
Already have image (with digest): gcr.io/github-actions-images/action-runner:latest
INFO Event name: status
INFO Updating PR #8423 test automerge - second round
INFO No update done due to PR state unstable
INFO No PRs have been updated
### DECLINED automerge 18:24:52Z (31.456s)It looks like the build did not finish successfully:
No update done due to PR state unstableThis probably looks like this:
When the build is unstable (that is not successful / green checkmark), automerge will not merge the PR
rob-murray
commented
5 years ago I too have this issue - on a company repo we use the "Restrict who can push to matching branches" option to restrict company users to repos. Is it not possible to change the github user that the action uses? I can't find any documentation about doing this so I presume not right now.
On a separate note, I have a fork of this action that allows configuration of the merge method so that I can use the squash merge option - is this something you would be interested in? If so I will open a PR.
https://github.com/rob-murray/automerge-action/tree/allow-squash-merge-option
pascalgn
commented
5 years ago Thanks for the input!
As you have the same issue as @YosBD, I had a look again and I came up with a quick solution which is hopefully OK for you: There is now a new configuration option TOKEN which can be used to make automerge-action run as the user this token belongs to instead of the default github-actions.
To use it, you need to update to the latest version by updating your main.workflow file:
...
uses = "pascalgn/automerge-action@0e9c0d4a33f0def0a9f2fa6a30b94275b056173f"
...You also will need to generate a token for the user you want to use. Make sure to check public_repo when it's a public repository or repo when it's a private repository when creating the token.
The token will look like e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e, which you need to enter in the workflow file, too:
Make sure to add it as secret, as the token should be kept secure!
action "automerge" {
uses = "pascalgn/automerge-action@0e9c0d4a33f0def0a9f2fa6a30b94275b056173f"
secrets = ["TOKEN"]
}All API requests (merge/rebase) will then be executed as the specified user, which you should be able to add to the list of users allowed to merge.
Hope this helps!
Regarding the squash merge option, I personally don't need it, but I think it will make a lot of sense because then all 3 merge options would be covered, so please go ahead and open a PR for it :)
rob-murray
commented
5 years ago @pascalgn awesome, thanks 👍
Yes, that works for me - although I put the token in the secrets rather than env so that it's hidden. It's an annoying work around but I guess gh actions is still beta so I would hope they add this as a feature soon.
I will tidy up the code, updated the README and do a PR soon, thanks.
pascalgn
commented
5 years ago Thanks for the hint about keeping the token secret, that's a very good point! I updated the README accordingly.
pascalgn
commented
5 years ago Although not ideal, I think the TOKEN option is a viable workaround, so I will close this issue for now. Feel free to reopen if you have additional comments!
nilsreichardt
commented
3 years ago Is there no better workaround in 2021?
pantelis-karamolegkos
commented
1 year ago Still no option to somehow elevate the workflows' GIHUB_TOKEN to perform PR merges to protected branches?
Hi, I'm getting the following error on a pull request which is targeted to a protected branch:
INFO Failed to merge PR: You're not authorized to push to this branch. Visit https://help.github.com/articles/about-protected-branches/ for more information.Full log: