TechQA.

How to push to GitHub protected branch via sbt-release plugin?

778 views Asked by At

TL;DR: What is the correct workflow to use both sot-release plugin with GitHub protected branch?

I'm using sot-release plugin in order to auto-increment the project version files, and to commit it to the main branch. In addition, I would like to set the main branch as a GitHub protected branch.

In order to do it, I've created a GitHub token for the CI flow and grant it with push permissions.

The flow works as follows: once a PR is reviewed and merged to main (the protected branch), more tests are executed in GitHub Actions and the final step is to call sbt task for creating a release. This task is using sot-release plugin in order to push changes of version file in the repository.

However, the CI flow is not able to push the changes to the protected branch:

[info] remote: error: GH006: Protected branch update failed for refs/heads/master.        
49
[info] remote: error: 3 of 3 required status checks are expected.        
50
[info] To https://github.com/piplcom/dap-test
51
[info]  ! [remote rejected] master -> master (protected branch hook declined)

What is the correct workflow? What am I missing in here?

github sbt sbt-release
Original Q&A
1

There are 1 answers

4
VonC On

As described in "How to resolve GH006 Protected Branch Update Failed" from Paul Mowat, a solution would be to use a dedicated account with a token:

  • Create a new Github user specifically for building.
  • Create a new personal access token for that user with access to repo.
  • Add the personal access token as a Github secret e.g. BUILD_SVC_PAT.
  • Update your branch protection and add your new build user to 'Restrict who can push to matching branches'.
  • Update your Github action to check out the code using the Github secret.
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checking out...
        uses: actions/checkout@v2
        with:
          token: ${{ secrets.BUILD_SVC_PAT }}

The OP matan has already done that, but adds in the comments:

it was my bad: We use the sbt-github-actions plugin and missed setting the GitHub token in the publish stage as well.
It now works as expected!

Related Questions in GITHUB

Related Questions in SBT

Related Questions in SBT-RELEASE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions