Push protection false positive, push declined (and it's not even enabled) #114723
-
Select Topic AreaBug BodyHello, I have a daily GitHub Actions job running at https://github.com/m417z/winbindex. Lately, I've been getting errors similar to the following:
The relevant file is info_sources.json, which contains file hashes, so it's clearly a false positive. But the thing is, I didn't find a way to disable this push protection. It seems to be disabled for the repo, and I disabled it for my user by following the docs (under "Code security and analysis"). What can I do to get rid of these checks? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
👋 @m417z -- hello from the secret scanning team. Thanks for reporting this! For context: we recently enabled push protection for users across GitHub, and that included apps and bots like GitHub Actions. We're working to allow users to bypass these blocks on behalf of the bot. We're disabling push protection for bots until we have that in place. You can leverage this repo configuration to allow-list the entire Let us know if you have any issues. |
Beta Was this translation helpful? Give feedback.
👋 @m417z -- hello from the secret scanning team. Thanks for reporting this!
For context: we recently enabled push protection for users across GitHub, and that included apps and bots like GitHub Actions. We're working to allow users to bypass these blocks on behalf of the bot. We're disabling push protection for bots until we have that in place.
You can leverage this repo configuration to allow-list the entire
info_sources.json
file -- this will ensure secrets in this file are not blocked in the future.Let us know if you have any issues.