Push to "status check"-protected branches.
Push commit(s) to a branch protected by required status checks by creating a temporary branch, where status checks are run, before fast-forward merging it into the protected branch, finally removing the temporary branch.
In order to perform commits prior to the push updates, you should pass a bash/sh script to changes.
The name should be a complete relative path from the root of the repository to the file.
See below for an example.
Note: Currently this action only supports status checks that are GitHub Action status checks, i.e., no third-party status checks are currently supported (like, e.g., protecting a branch with Travis CI checks). This is expected, however, to be added in the future.
To successfully have the required status checks run on the temporary branch, you need to add it to the workflow(s) that is/are responsible for the required status checks.
In order to not have to continuously update the yml file(s), the temporary branches all have the same prefix: push-action/.
The complete name is push-action/<RUN_ID>/<UUID>, where <RUN_ID> is the unique GitHub Actions run ID for the current workflow run, and the <UUID> is generated using uuidgen from the uuid-runtime library.
Getting back to adding the temporary branch(es) to your workflow's yml file, it can be done like so:
on:
push:
branches:
- 'push-action/**'An example can also be seen in this action's own test workflow.
If you are using this action to push to a GitHub protected branch, you need to pass a personal access token (PAT), preferrably as a secret, to the token input.
This can be done as such:
name: Pushing to the protected branch 'protected'
uses: CasperWA/push-protected@v1
with:
token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }}
branch: protected
changes: .github/workflows/update_changelog.shNote: If you are not pushing to a protected branch, you can instead use the GITHUB_TOKEN secret, which is auto-generated when you use GitHub Actions.
The reason why you can not use the GITHUB_TOKEN secret when pushing to a branch that is protected by required status checks, is that using this as authentication does not trigger any webhook events, such as 'push', 'pull_request', etc.
This event trigger is a MUST for starting the required status checks on the temporary branch, which are necessary to run in order to be able to push the changes into the desired branch.
The PAT should have a scope appropriate to your repository:
- Private: repo
- Public: public_repo
It is recommended to not add unneccessary scopes to a PAT that are not needed for its intended purpose.
All input names in bold are required.
| Name | Description | Default |
|---|---|---|
token |
Token for the repo. Used for authentication and starting 'push' hooks. See above for notes on this input. |
|
repository |
Repository name to push to. Default or empty value represents current github repository. |
${{ github.repository }} |
branch |
Target branch for the push. | master |
changes |
Shell script to run in the target repository root prior to the push. NOTE: Unrelated to prior workflow jobs and steps. MUST be a file in the repository that spawns the workflow. MUST be a relative path from the repository root, e.g., .github/workflows/changes.sh. |
|
extra_data |
Comma-separated (,) list of files needed by the shell scipt in changes.MUST be a relative path from the repository root, e.g., .github/workflows/data.md,CHANGLOG.md.Note, when running the script from changes, all these files are in the same directory. |
|
interval |
Time interval (in seconds) between each new check, when waiting for status checks to complete. | 30 |
timeout |
Time (in minutes) of how long the action should run before timing out, waiting for status checks to complete. | 15 |
sleep |
Time (in seconds) the action should wait until it will start "waiting" and check the list of running actions/checks. This should be an appropriate number to let the checks start up. | 5 |
unprotect_reviews |
Momentarily remove pull request review protection from target branch. | False |