action cannot be used with required status checks

[dudicoco]

When using the action with a protected branch which has required status checks configured, once a commit is pushed back into the branch the required status checks hang:

This is related to https://github.com/stefanzweifel/git-auto-commit-action#commits-made-by-this-action-do-not-trigger-new-workflow-runs

I assume the solution would be to use a PAT instead of the default github token as described in https://github.com/stefanzweifel/git-auto-commit-action/issues/38#issuecomment-580174859 However, triggering the jobs again is very time/money consuming, so a more elegant solution should be implemented.

[stefanzweifel]

It's new to me, that workflows start to hang when a commit is pushed to a protected branch. Usually the commit can't even be made. 🤔 Will do some further testing, but are you 100% sure that the workflows hang because of the commit made? Or did GitHub maybe just had an outage or something other interfered?

But you're probably right, that a PAT solves this problem. The default GITHUB_TOKEN has some strict permissions and can have a few side effects (like you mentioned).

However, triggering the jobs again is very time/money consuming, so a more elegant solution should be implemented.

If you do not want to re-run workflows I would suggest adding if-guards to your workflows. In this comment from a past issue I shared an example: https://github.com/stefanzweifel/git-auto-commit-action/issues/87#issuecomment-691044617

Before running a job in a workflow, you check the actor which initiated the workflow run. If the actor is the same as the committer, the job should not run.

name: My Workflow

on: push

jobs:
  my-workflow:

    # ↓ This condition is important
    if: github.actor != 'org-bot' 

    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        token: ${{ secrets.PAT }}
        ref: ${{ github.head_ref }}

    # ...

    run: date > current-date.txt

    - uses: stefanzweifel/git-auto-commit-action@v4
      with:
        commit_message: My Commit Message
        branch: ${{ github.head_ref }}
        commit_user_name: org-bot

[bjw-s]

I believe the use case / problem is that the protected branch has certain required checks configured. When these workflows are skipped (either because of [ci skip] in the commit title, skipping the flow in the workflow code as you propose, or because of the default GITHUB_TOKEN being used), the PR cannot continue because it will continue waiting on those required checks.

[dudicoco]

@stefanzweifel i'm sure that the workflows hang because of the commit, and not because of anything else, i've tested it multiple times. The if clause will not help here because it will prevent the workflow from rerunning - which will cause the status checks to hang.

I'm surprised that no one else brought this issue up so far, it's a pretty common scenario to have a protected branch with required status checks.

[stefanzweifel]

Sorry for my late response to this issue @dudicoco . I've taken 2 weeks off of regular and open-source work. (Needed some time to refresh my mind)

I could reproduce this "error" in my test repository: https://github.com/stefanzweifel/git-auto-commit-action-demo-app. The repo has 2 workflows:

• test.yml which runs the apps test suite
• format_php.yml to format the PHP code according to a defined standard (I'm a PHP guy, that's why I've used this)

The repo has been set up with a protection rule. The test status check has to pass before merging:

In this PR I've made a change to the PHP code which triggered the format_php action. This resulted in the same problem you're describing at the beginning.

As you correctly identified, this is because of the restrictions GitHub made to secrets.GITHUB_TOKEN.

Adding a personal access token resolves this issue, as now the required test-workflow is being triggered, after my format_php-workflows pushes a commit to the branch.

The if clause will not help here because it will prevent the workflow from rerunning - which will cause the status checks to hang.

You're right. A if-statement on the job level wouldn't help here as by the protection rule definition the test-workflow/job has to run.

However, you could add if-statements to the steps in a workflow to check, if the git.actor which created the commit was a bot. This way you could skip the steps which are taking a long time to run. Such a step could look like this:

-   name: Step that takes a long time to run
    if: ${{ github.actor != 'my-org-bot' }}
    run: /path/to/bin

It's definitely not elegant and can be very tedious if you have many steps in your workflow, but we are all constraint by the way how GitHub Actions work.

so a more elegant solution should be implemented.

That would be great, but that's basically impossible. I don't work for GitHub and don't have leverage to change anything. git-auto-commit is just a simple bash script that runs 5 git-commands. It doesn't even interact with the GitHub API.

The base problem is:

• Protection rule requires status check to pass.
• Commit made by a regular user triggers run for status check.
• Commit made by git-auto-commit does not trigger run for status check.
• Using a PAT triggers run for status check, but by doing so, the same work is basically done twice.

I'm closing this issue now, as I don't see a practical way to solve this problem. If you have found a solution to this problem, feel free to submit a PR or write your solution here. I'm sure a lot of people would be happy to read it.

[dudicoco]

Thank you for the elaborate reply @stefanzweifel!