workflow triggers itself on push

[IvanDeluxe]

Version of the Action v4

Describe the bug I've followed your instructions on how to make this work on a protected branch & as a result it seems that the workflow triggers itself on push.

To Reproduce Assign a personal access token as organization secret & use it with actions/checkout@v3.

Expected behavior I didn't expect the workflow to trigger itself.

Screenshots https://i.gyazo.com/57c9f863899aa726175447099273331b.png

Used Workflow

# This file was auto-generated by the Firebase CLI
# https://github.com/firebase/firebase-tools

name: Deploy to Firebase Hosting on merge
"on":
  push:
    branches:
      - development
jobs:
  build_and_deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          token: ${{ secrets.PAT }}

      # Note: This workflow uses the latest stable version of the Flutter SDK.
      - uses: subosito/flutter-action@v2
        with:
          flutter-version: "3.0.x"
          channel: "stable"
          cache: true
          cache-key: flutter # optional, change this to force refresh cache
          cache-path: ${{ runner.tool_cache }}/flutter # optional, change this to specify the cache path
          architecture: x64 # optional, x64 or arm64

      - name: Install dependencies
        run: flutter pub get

      - name: Generate dart files
        run: flutter pub run build_runner build --delete-conflicting-outputs

      - name: Version bump
        run: flutter pub run cider bump patch --bump-build

      # Uncomment this step to verify the use of 'dart format' on each commit.
      # - name: Verify formatting
      #   run: dart format --output=none --set-exit-if-changed .

      # Consider passing '--fatal-infos' for slightly stricter analysis.
      - name: Analyze project source
        run: flutter analyze

      # Your project will need to have tests in test/ and a dependency on
      # package:test for this step to succeed. Note that Flutter projects will
      # want to change this to 'flutter test'.
      - name: Run tests
        run: flutter test

      - name: Build for web
        run: flutter build web

      - uses: FirebaseExtended/action-hosting-deploy@v0
        with:
          repoToken: "${{ secrets.GITHUB_TOKEN }}"
          firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT_STOCKLIO_BETA }}"
          expires: 30d
          # channelId: live
          channelId: web-1
          projectId: stocklio-beta

      - uses: stefanzweifel/git-auto-commit-action@v4
        with:
          commit_message: version bump

[stefanzweifel]

git-auto-commit can't control, if a commit triggers a workflow. As you're using a personal access token, and not the default GITHUB_TOKEN you've disabled the safe guards given by GitHub.

You have to write your own guard-clause in your workflow to protect you from endless workflow runs. In peusdo-code, this can look something like this:

# This file was auto-generated by the Firebase CLI
# https://github.com/firebase/firebase-tools

name: Deploy to Firebase Hosting on merge
"on":
  push:
    branches:
      - development
jobs:
  build_and_deploy:
+   if: github.triggering_actor != 'github-actions[bot]'
    runs-on: ubuntu-latest
    steps:
       # ...

Links to further documentation:

• https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif
• https://docs.github.com/en/actions/learn-github-actions/contexts#github-context

[IvanDeluxe]

Thank you :)

[WestonThayer]

For anyone else copy/pasting the above solution (thank you!), note that the syntax is != instead of !==.

[stefanzweifel]

@WestonThayer Thanks for the hint. I've updated the comment.

[WestonThayer]

Thank you! One more note for other readers, github.triggering_actor won't be github-actions[bot] AKA git-auto-commit-action's default for commit_user_name, it will be the GitHub user name of whatever account the PAT belongs to.