Push to protected branch from GitHub actions
It turns out that you really can't just
git push
from your GitHub actions if the repository has branch protection turned on or required checks before merging. Sorta makes sense, but still a PITA.The solution that worked for me was to use a different token on checkout. Since the awesome GitHub CLI allows using a separate, higher-permissions token named
GH_TOKEN
(since depending on the command you use, you might need a different one than GITHUB_TOKEN
), I decided to (ab)use the same:An example workflow that uses this to generate a full changelog and push it to main on releases looks like this:
name: changelog
on:
release:
types: [released]
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
jobs:
changelog:
runs-on: ubuntu-latest
steps:
- name: 🔍 GH_TOKEN
if: env.GH_TOKEN == ''
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: echo "GH_TOKEN=${GITHUB_TOKEN}" >> $GITHUB_ENV
- name: 🤘 checkout
uses: actions/[email protected]
with:
fetch-depth: 0
ref: main
token: ${{ env.GH_TOKEN }}
- name: ⚙ changelog
uses: faberNovel/[email protected]
with:
options: --token ${{ secrets.GITHUB_TOKEN }} --o changelog.md
- name: 🚀 changelog
run: |
git config --local user.name github-actions
git config --local user.email [email protected]
git add changelog.md
git commit -m "