-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auto shipit
uses wrong token/user to push commits in Git
#1030
Comments
Has this ever worked before? I recently fiddled with code that could effect this. |
BTW Thanks for the great issue writeup! |
I'm not sure this ever worked to be honest 😆 I was working with Gitlab for the past year or so… So different rules for PRs and such Let me know, if I can help you debug this, or support you otherwise |
After some trial and error I was able to further clarify potential root causes, one could be We managed to get pushing using a similar trick to the one mentioned in #945 to modify the git Correction: It is no longer working if status checks are required. Github branch protections are definitely an issue. I have to disable PR approvals and status checks for now The git Do you think such a setting would be a good idea for For reference, we can push correctly using this URL: |
@hipstersmoothie I see what you mean with "fiddeling" (#1036) 😀 This fixes most of the problem, thank you so much! Did you test this with branch predictions enabled? I'm getting kind of anxious touching this menu 😆 |
I did not test with branch protection enabled. But if it were to fail for that reason I think all you would need to do is add your own GH_TOKEN with |
I'll test real quick on https://github.com/hipstersmoothie/create-check |
Getting your error https://github.com/hipstersmoothie/create-check/runs/495554019 |
Seems like this is an issue with GitHub actions. https://github.community/t5/GitHub-Actions/Allowing-github-actions-bot-to-push-to-protected-branch/td-p/34367 semantic-release/github#175 (comment) Seems like the solutions are:
It's unfortunate that you cannot add the bot as an admin. |
I'm having a lot of trouble getting anything to work :( |
Lots of people want this though. https://github.community/t5/GitHub-Actions/How-to-push-to-protected-branches-in-a-GitHub-Action/td-p/29609 |
Hmm oddly I can get checkoutv1 to work but not checkout v2 |
|
@thuringia Can you try steps:
- uses: actions/checkout@v2
with:
# Make sure to get all the commits
fetch-depth: 0
- name: Prepare repository
# Fetch the rest of the git info (tags)
run: git fetch --prune
- name: Unset header
# checkout@v2 adds a header that makes branch protection report errors ):
run: git config --local --unset http.https://github.com/.extraheader |
@hipstersmoothie Everything is working now 😃 That additional header is quite interesting, I haven't seen that one mentioned much. One side-effect of removing the header seems to be that pushing without an explicit credential no longer works: Replacing most of the release script with export PATH=$(npm bin):$PATH
VERSION=`auto version`
## Support for label 'skip-release'
if [ ! -z "$VERSION" ]; then
yarn auto shipit
fi Thank you so much for the quick help! |
|
🚀 Issue was released in |
Attempting fix from intuit/auto#1030
Attempting fix from intuit/auto#1030
Attempting fix from intuit/auto#1030 Also implementing FL-464
Attempting fix from intuit/auto#1030 Also implementing FL-464
Attempting fix from intuit/auto#1030 Also implementing FL-464
First of all, thank you for releasing auto, it is quite a pleasure to use and the prevention of commit message bike-shedding is a godsend!
Describe the bug
It looks like
auto shipit
is not using theGH_TOKEN
to authenticate its push to our private repo and org:We are using a Bot user's token as
GH_TOKEN
,NPM_TOKEN
andNODE_AUTH_TOKEN
with the correct scopes, and it is an admin of the repo. Status checks and review requirements still seem to apply though, regardless of the value of "Include administrators" in the branch restrictions.We have verified that pushing directly that the bot user can push commits directly to master. We also tried using tokens of two developers and ran into the same issue.
Interesting detail, the Github workflow executes "correctly" when pushing directly to
master
. It still fails to push commits but the script does not error:auto shipit
works fine for PRs, which is weird, as the Github workflow is identical, except for some if conditions based on pr labels.To Reproduce
Activate review restrictions and status checks for branch
Push branch, and open PR
Run
auto shipit
on PRAccept PR
Run
auto shipit
on master -> failsPush directly to master
Run
auto shipit
-> works-ish, the push still fails, but the script does not errorExpected behavior
Push does not fail
Screenshots
Environment information:
Additional context
Here is the Github workflow executing
auto
:The text was updated successfully, but these errors were encountered: