In GitHub how can I grant an app permissions to commit to a branch with protections?

Question

I have an app that I want to bump versions on during the CI build. I'm trying to push the version bump back using the apps credentials but its getting these errors:

+ git push origin HEAD:master
remote: error: GH006: Protected branch update failed for refs/heads/master.        
remote: error: At least 1 approving review is required by reviewers with write access.

Now when I do it with my own credentials it works because I am an admin in the repo but how can I grant access to an App to push to master despite the usual branch protections?

Answer 1

You can (now, May 2022, 18 months later).

Consistently allow GitHub Apps as exceptions to branch protection rules

Previously, some branch protections only allowed exceptions to be granted to users and teams.
Now, GitHub Apps can also be granted exceptions to any branch protection that supports exceptions.

Admins can create branch protection rules to enforce certain workflows for branches, such as requiring a pull request before changes can be merged to a branch.

This is a good practice, but you may want to make exceptions to a rule for specific people, teams, or GitHub Apps.
For example, if you have a GitHub App that calls GitHub APIs to make changes in a repository, you may want to permit that App to make changes without creating a pull request.

Previously, these exceptions could be granted to people and teams, but only some protections allowed GitHub Apps.

Now, branch protections that previously only allowed exceptions for people and teams also support GitHub Apps.
When admins configure these branch protections, they can choose from a list of GitHub Apps that are installed and authorized for the repository, as shown here:

^{(Image of adding a GitHub App as an exception to a branch protection setting)}

For information about branch protection rules, visit Managing a branch protection rule.

For information about GitHub Apps, visit About GitHub Apps.

The justin.m.chase also adds in the comments:

Even though your app can bypass branch protections requiring a PR, it doesn't let you bypass commit protections such as status checks.

Answer 2

You cant. The branch permissions are there to stop anyone from pushing to the branch.

In my setup we have protection from admins pushing too which is even more fun. We have got around it with two service accounts, in the CI code we raise a PR using one service accounts token and then imeditatly the other accounts token approves and merges it

It's not a great workaround but untill GitHub make finer grained permissions it is all we can do