search

peaceiris / actions-gh-pages

GitHub Actions for GitHub Pages 🚀 Deploy static files and publish your site easily. Static-Site-Generators-friendly.
https://github.com/marketplace/actions/github-pages-action
MIT License
4.72k stars 374 forks source link

support: Cannot push to protected branches using Enterprise TOKEN #1077

Open navachaitanyak opened 6 months ago

navachaitanyak commented 6 months ago

Checklist

Describe your question

I'm trying to push the docs directory to the gh-pages branch. Since the gh-pages branch is protected with 1 reviewer, I cannot push anything to the gh-pages branch also I want to use a token created in Enterprise GitHub and I don't want to use github_token instead I would like to use my token which was created by the enterprise owner on enterprise GitHub

Relevant links

Public repository: Its internal enterprise repository
YAML config:
YAML workflow:

Relevant log output

Run enterprise/gha-allure-gh-pages@v3
  with:
    github_token: ***
    publish_branch: gh-pages
    publish_dir: docs
    cname: github.enterprise.com
    allow_empty_commit: false
    keep_files: false
    force_orphan: false
    enable_jekyll: false
    disable_nojekyll: false
    exclude_assets: .github
[INFO] Usage https://github.com/peaceiris/actions-gh-pages#readme
Dump inputs
  [INFO] GithubToken: true
  [INFO] PublishBranch: gh-pages
  [INFO] PublishDir: docs
  [INFO] DestinationDir: 
  [INFO] ExternalRepository: 
  [INFO] AllowEmptyCommit: false
  [INFO] KeepFiles: false
  [INFO] ForceOrphan: false
  [INFO] UserName: 
  [INFO] UserEmail: 
  [INFO] CommitMessage: 
  [INFO] FullCommitMessage: 
  [INFO] TagName: 
  [INFO] TagMessage: 
  [INFO] EnableJekyll (DisableNoJekyll): false
  [INFO] CNAME: github.enterprise.com
  [INFO] ExcludeAssets .github

Setup auth token
  [INFO] setup GITHUB_TOKEN
Prepare publishing assets
Setup Git config
  /usr/bin/git remote rm origin
  /usr/bin/git remote add origin ***github.enterprise.com/enterprise/abcd-automation.git
  /usr/bin/git add --all
  /usr/bin/git config user.name user2023
  /usr/bin/git config user.email user2023@users.noreply.github.com
Create a commit
Push the commit or tag
  /usr/bin/git push origin gh-pages
  remote: error: GH006: Protected branch update failed for refs/heads/gh-pages.        
  remote: error: At least 1 approving review is required by reviewers with write access.        
  To https://github.enterprise.com/enterprise/abcd-automation.git
   ! [remote rejected] gh-pages -> gh-pages (protected branch hook declined)
  error: failed to push some refs to 'https://github.enterprise.com/enterprise/abcd-automation.git'
  Error: Action failed with "The process '/usr/bin/git' failed with exit code 1"

Additional context.

I want to use the token at organisational level and don't want to use the token created by the runner

peaceiris commented 6 months ago

We can the Bypass list of the Rules for this case, I think. Could you try it? If you want to stay to use the Branch protection rule, the Restrict who can push to matching branches is available instead.

Rules Branch protection rule
スクリーンショット 2024-05-10 午前11 32 47 スクリーンショット 2024-05-10 午前11 33 51
navachaitanyak commented 6 months ago

@peaceiris We are already using Restrict who can push to matching branches and added the TOKEN user, however, the action still considering the triggering actor and creating a runner token for the triggering actor only, even though we pass the Enterprise token, Hope you consider this situation and add a feature to make use of Enterprise Token without creating a Runner token

peaceiris commented 6 months ago

I got it. We need to use the personal_token input instead.

https://github.com/peaceiris/actions-gh-pages#%EF%B8%8F-set-personal-access-token-personal_token