unable to push git tag on protected branch with required status checks #2557
-
I'm unable to have semantic-release push a new tag and commit on a protected branch with require status checks. things done so far
configs.releaserc.jsmodule.exports = {
branches: ['master', { name: 'development', prerelease: true }],
tagFormat: '${version}',
plugins: [
'@semantic-release/commit-analyzer',
'@semantic-release/release-notes-generator',
'@semantic-release/changelog',
'@semantic-release/github',
['@semantic-release/npm', { npmPublish: false }],
[
'@semantic-release/git',
{
assets: ['CHANGELOG.md', 'package.json', 'package-lock.json'],
},
],
'semantic-release-export-data',
],
// use https://github.com/conventional-changelog/conventional-changelog/tree/master/packages/conventional-changelog-conventionalcommits
// release rules: https://github.com/semantic-release/commit-analyzer/blob/master/lib/default-release-rules.js
preset: 'conventionalcommits',
// git emoji obtained from
// https://gist.github.com/parmentf/035de27d6ed1dce0b36a
// https://github.com/caiyongji/emoji-list
// https://github.com/pvdlg/conventional-changelog-metahub#commit-types
// preset config for generating release notes and changelogs
// https://github.com/conventional-changelog/conventional-changelog-config-spec/blob/master/versions/2.0.0/README.md#type
// prettier-ignore
presetConfig: {
types: [
{ type: "feat", section: ":sparkles: Features", hidden: false }, // MINOR
{ type: "fix", section: ":bug: Bug Fixes", hidden: false }, // PATCH
{ type: "perf", section: ":zap: Performance Improvements", hidden: false }, // PATCH
{ type: "revert", section: ":rewind: Reverts", hidden: true }, // NO_RELEASE
{ type: "docs", section: ":books: Documentation", hidden: true }, // NO_RELEASE
{ type: "style", section: ":lipstick: Styles", hidden: true }, // NO_RELEASE
{ type: "chore", section: ":octopus: Miscellaneous Chores", hidden: true }, // NO_RELEASE
{ type: "refactor", section: ":recycle: Code Refactoring", hidden: true }, // NO_RELEASE
{ type: "test", section: ":white_check_mark: Tests", hidden: true }, // NO_RELEASE
{ type: "build", section: ":package: Build System", hidden: true }, // NO_RELEASE
{ type: "ci", section: ":construction_worker: Continuous Integration", hidden: true }, // NO_RELEASE
],
},
}; .github/workflows/build.yaml install: # install npm packages and store node_modules to cache
lint: # lint code
docker-build: # build docker image, if on master or development branch, push to github
semantic-release:
needs: docker-build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/development'
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v3
id: npm-cache # use this to check for `cache-hit` ==> if: steps.npm-cache.outputs.cache-hit != 'true'
with:
path: |
**/node_modules
${{ needs.install.outputs.npm-cache-dir }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- run: npm install --production=false
- name: semantic-release
run: npx semantic-release --ci
env:
GITHUB_TOKEN: ${{ secrets.DEPENDABOT_TOKEN }}
protected branch settingserror returned |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 5 replies
-
from the error output, you can see that Do you really need to commit the changes to these files? semantic-release does not need them in order to work over time and making a commit with those changes greatly complicates the overall process, like how it is failing to push because of your branch protection settings. the simplest solution to your problem would be to remove the git plugin. if you decide that you dont want to remove that, you need to use a token for a user that has the ability to push commits to your branch based on your protection rules. semantic-release cannot bypass the protection rules that you have configured, so you would need to work within those restrictions. |
Beta Was this translation helpful? Give feedback.
-
Found the solution.
semantic-release:
needs: docker-build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/development'
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: actions/cache@v3
id: npm-cache # use this to check for `cache-hit` ==> if: steps.npm-cache.outputs.cache-hit != 'true'
with:
path: |
**/node_modules
${{ needs.install.outputs.npm-cache-dir }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- run: npm install --production=false
- name: semantic-release
run: npx semantic-release --ci
env:
GITHUB_TOKEN: ${{ secrets.DEPENDABOT_TOKEN }}
The issue wasn't that the Personal access token wasn't working, it was that it was not being used. |
Beta Was this translation helpful? Give feedback.
Found the solution.
public_repo
(for public repos) orrepo
(for private and public repos) permissionpersist credentials
when pulling the git repo in github-actions