bug: Protected branch update failed

saitho / semantic-release-backmerge

:twisted_rightwards_arrows: semantic-release plugin to back-merge a release into a develop branch

https://saitho.github.io/semantic-release-backmerge/

56 stars 11 forks source link

bug: Protected branch update failed #27

Closed EinfachHans closed 2 years ago

EinfachHans commented 2 years ago

Current behavior

we got the following error in a project: remote: error: GH006: Protected branch update failed for refs/heads/dev. This is, because we have a rule that we need a PR which has at least one approved review. But Admins can push to the repo without it.

In the action that starts semantic release we set a GITHUB_TOKEN env from an account that has admin rights but this seems not to work.

Expected behavior

Maybe the GITHUB_TOKEN isn't used?

Environment

semantic-release/semantic-release version: 17.4.7
CI environment: GitHub Action
@saithodev/semantic-release-backmerge version: 1.5.3

saitho commented 2 years ago

Hi @EinfachHans,

thanks for the report. In fact I don't think we use GITHUB_TOKEN here. I'm also not familiar with the latest changes to semantic-release. If they use it, we should probably do that here as well.

To be honest I'm not using this plugin myself anymore since I'm now mostly working on master/main. ^^ So I'm not sure if I can find the time to examine this – but I'd appreciate any pull requests fixing this bug.

EinfachHans commented 2 years ago

That's sad, i really like the plugin 😃 As we have many main branches it's great to keep everything updated!

I guess i have too less experience but i will look into it when i find the time 🤔

saitho commented 2 years ago

Hacktoberfest is happening right now: https://hacktoberfest.digitalocean.com/ I've just added the tag to this repo, maybe someone comes around to investigate this. ;)

EinfachHans commented 2 years ago

i researched a bit. The @semantic-release/github (which is only for github of course) works like this: https://github.com/semantic-release/github/blob/master/lib/get-client.js

So maybe the solution could be a new config like isGithub: boolean and if this is set it could work like mentioned above?

saitho commented 2 years ago

i researched a bit. The @semantic-release/github (which is only for github of course) works like this: https://github.com/semantic-release/github/blob/master/lib/get-client.js

The GitHub Plugin does not push new commits. It creates a release using the GitHub API. I think an approach similar to this is needed: https://github.com/ad-m/github-push-action/blob/master/start.sh#L26 So GITHUB_ACTOR from GitHub Actions and the provided GITHUB_TOKEN need to be used in context.options.repositoryUrl to authenticate properly.

saitho commented 2 years ago

So GITHUB_ACTOR from GitHub Actions and the provided GITHUB_TOKEN need to be used in context.options.repositoryUrl to authenticate properly.

Actually, semantic-release should already do that: https://github.com/semantic-release/semantic-release/blob/v17.4.7/index.js#L56. However that repository URL with credentials is only used internally and not passed to the plugins.

I'll validate that and propose a change on semantic-release. Meanwhile we could just copy the get-git-auth-url.js until this is fixed in semantic-release or in case it's rejected.

EDIT: get-git-auth-url requires a branch name, so it's purely used in merging/pushing context. So we can't provide that to plugins. Instead I'll try to call the method here.