- Notifications
You must be signed in to change notification settings - Fork236
GitHub actions to push back to repository eg. updated code
License
ad-m/github-push-action
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
The GitHub Actions for pushing local changes to GitHub using an authorized GitHub token.
- update new code placed in your repository, e.g. by running a linter on it,
- track changes in script results using Git as an archive,
- publish page using GitHub-Pages,
- mirror changes to a separate repository.
To ensure your GitHub Actions workflows function correctly, it's important to configure theGITHUB_TOKEN with the appropriate access rights for each repository.
Follow these steps to set up the necessary permissions:
- Navigate to your repository on GitHub.
- Click on
Settingslocated in the repository toolbar. - In the left sidebar, click on
Actions. - Under the
Actionssettings, find and click onGeneral. - Scroll down to the
Workflow permissionssection. - You will see the default permission setting for the
GITHUB_TOKEN. Click on theRead and write permissionsoption. - With this setting, your workflow will be able to read the repository's contents and push back changes, which is required for using this GitHub Action.
Make sure to save your changes before exiting the settings page.
Note
GrantingRead and write permissions allows workflows to modify your repository, including adding or updating files and code. Always ensure that you trust the workflows you enable with these permissions.
TheGITHUB_TOKEN permissions can also be configured globally for all jobs in a workflow or individually for each job.
This example demonstrates how to set the necessary permissions for thecontents andpull-requests scopes on a job level:
jobs:job1:runs-on:ubuntu-latestpermissions:# Job-level permissions configuration starts herecontents:write# 'write' access to repository contentspull-requests:write# 'write' access to pull requestssteps: -uses:actions/checkout@v4
To apply permissions globally, which will affect all jobs within the workflow, you would define thepermissions key at the root level of the workflow file, like so:
permissions:# Global permissions configuration starts herecontents:read# 'read' access to repository contentspull-requests:write# 'write' access to pull requestsjobs:job1:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4
Adjust the permission levels and scopes according to your workflow's requirements. For further details on each permission level, consult theGitHub documentation.
An example workflow to authenticate with GitHub Platform and to push the changes to a specified reference, e.g. an already available branch:
jobs:build:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4with:persist-credentials:false# otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token.fetch-depth:0# otherwise, there would be errors pushing refs to the destination repository. -name:Create local changesrun:| ... -name:Commit filesrun:| git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git commit -a -m "Add changes" -name:Push changesuses:ad-m/github-push-action@masterwith:github_token:${{ secrets.GITHUB_TOKEN }}branch:${{ github.ref }}
An example workflow to use the branch parameter to push the changes to a specified branch e.g. a Pull Request branch:
name:Exampleon:[pull_request, pull_request_target]jobs:build:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4with:ref:${{ github.head_ref }}fetch-depth:0 -name:Commit filesrun:| git config --local user.email "github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git commit -a -m "Add changes" -name:Push changesuses:ad-m/github-push-action@masterwith:branch:${{ github.head_ref }}
An example workflow to use the force-with-lease parameter to force push to a repository:
jobs:build:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4with:ref:${{ github.head_ref }}fetch-depth:0 -name:Commit filesrun:| git config --local user.email "github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git commit -a -m "Add changes" -name:Push changesuses:ad-m/github-push-action@masterwith:force_with_lease:true
An example workflow to use a GitHub App Token together with the default token inside the checkout action. You can find more information on the topichere:
jobs:build:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4with:ref:${{ github.head_ref }}fetch-depth:0persist-credentials:false -name:Generate Githup App Tokenid:generate_tokenuses:tibdex/github-app-token@v1with:app_id:${{ secrets.APP_ID }}installation_id:${{ secrets.INSTALLATION_ID }}private_key:${{ secrets.APP_PRIVATE_KEY }} -name:Commit filesrun:| git config --local user.email "test@test.com" git config --local user.name "Test" git commit -a -m "Add changes" -name:Push changesuses:ad-m/github-push-action@masterwith:github_token:${{ env.TOKEN }}
An example workflow to use the non default token push to another repository. Be aware that the force-with-lease flag is in such a case not possible:
jobs:build:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4with:ref:${{ github.head_ref }}fetch-depth:0token:${{ secrets.PAT_TOKEN }} -name:Commit filesrun:| git config --local user.email "test@test.com" git config --local user.name "Test" git commit -a -m "Add changes" -name:Push changesuses:ad-m/github-push-action@masterwith:github_token:${{ secrets.PAT_TOKEN }}repository:Test/testforce:true
An example workflow to update/ overwrite an existing tag:
jobs:build:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4with:ref:${{ github.head_ref }}fetch-depth:0 -name:Commit filesrun:| git config --local user.email "github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git tag -d $GITHUB_REF_NAME git tag $GITHUB_REF_NAME git commit -a -m "Add changes" -name:Push changesuses:ad-m/github-push-action@masterwith:force:truetags:true
An example workflow to authenticate with GitHub Platform via Deploy Keys or in general SSH:
jobs:build:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4with:ssh-key:${{ secrets.SSH_PRIVATE_KEY }}persist-credentials:true -name:Create local changesrun:| ... -name:Commit filesrun:| git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git commit -a -m "Add changes" -name:Push changesuses:ad-m/github-push-action@masterwith:ssh:truebranch:${{ github.ref }}
An example workflow to push to a protected branch inside your repository. Be aware that it is necessary to use a personal access token and use it inside theactions/checkout action. It may be a good idea to specify the force-with-lease flag in case of sync and push errors. If you want to generate an adequate personal access token, you canfollow these instructions:
jobs:build:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4with:ref:${{ github.head_ref }}fetch-depth:0token:${{ secrets.PAT_TOKEN }} -name:Commit filesrun:| git config --local user.email "test@test.com" git config --local user.name "Test" git commit -a -m "Add changes" -name:Push changesuses:ad-m/github-push-action@masterwith:github_token:${{ secrets.PAT_TOKEN }}repository:Test/testforce_with_lease:true
| name | value | default | description |
|---|---|---|---|
| github_token | string | ${{ github.token }} | GITHUB_TOKEN or a repo scoped Personal Access Token. |
| ssh | boolean | false | Determines if ssh/ Deploy Keys is used. |
| branch | string | (default) | Destination branch to push changes. Can be passed in using ${{ github.ref }}. |
| force | boolean | false | Determines if force push is used. |
| force_with_lease | boolean | false | Determines if force-with-lease push is used. Please specify the corresponding branch insideref section of the checkout action e.g.ref: ${{ github.head_ref }}. Be aware, if you want to update the branch and the corresponding tag please use theforce parameter instead of theforce_with_lease option. |
| atomic | boolean | true | Determines ifatomic push is used. |
| push_to_submodules | string | 'on-demand' | Determines if --recurse-submodules= is used. The value defines the used strategy. |
| push_only_tags | boolean | false | Determines if the action should only push the tags, default false |
| tags | boolean | false | Determines if--tags is used. |
| directory | string | '.' | Directory to change to before pushing. |
| repository | string | '' | Repository name. Default or empty repository name represents current github repository. If you want to push to other repository, you should make apersonal access token and use it as the github_token input. |
If you see the following error inside the output of the job, and you want to update an existing Tag:
To https://github.com/Test/test_repository ! [rejected] 0.0.9 -> 0.0.9 (stale info)error: failed to push some refs to 'https://github.com/Test/test_repository'Please use theforce instead theforce_with_lease parameter. The update of the tag is with the--force-with-lease parameter not possible.
The Dockerfile and associated scripts and documentation in this project are released under theMIT License.
GitHub are registered trademarks of GitHub, Inc. GitHub name used in this project are for identification purposes only. The project is not associated in any way with GitHub Inc. and is not an official solution of GitHub Inc. It was made available in order to facilitate the use of the site GitHub.
About
GitHub actions to push back to repository eg. updated code
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
Uh oh!
There was an error while loading.Please reload this page.