Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: main branch protection OR working release pipeline - pick one #800

Open
goosewobbler opened this issue Oct 12, 2024 · 2 comments
Open

CI: main branch protection OR working release pipeline - pick one #800

goosewobbler opened this issue Oct 12, 2024 · 2 comments
Labels
CI help wanted Extra attention is needed investigation required
Milestone
7.x.y

Comments

@goosewobbler
Copy link
Member

The release pipeline is unable to push to the main branch when branch protection rules are enforced.

Branch protection rules are desirable to prevent force pushing and require status checks to pass before PR merge.

It is a long-standing known limitation of Github that GA can't be exempted from branch protection rules, however Deploy Keys, Roles and specific Apps can.

The current best solution for this seems to be using a Deploy Key, but this approach currently has issues with release-it, resulting in the following:

 > release-it -VV --ci --npm.skipChecks --no-git.requireCleanWorkingDir "--preRelease=next" "--npm.tag=next"

$ git rev-parse --abbrev-ref HEAD
main
$ git config --get branch.main.remote
origin
$ git remote get-url origin
[email protected]:webdriverio-community/wdio-electron-service.git
$ git fetch
Warning: Identity file /d06a28ed-398b-4f71-a5ac-97168fa6a4b5 not accessible: No such file or directory.
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
@goosewobbler
Copy link
Member Author

goosewobbler commented Oct 12, 2024
edited
Loading

We may be able to use something like the https://github.com/marketplace/actions/ssh-agent-deploy-key action to ensure release-it can use the deploy key.

@goosewobbler goosewobbler added this to the 7.x.y milestone Nov 6, 2024
@goosewobbler
Copy link
Member Author

goosewobbler commented Nov 12, 2024
edited
Loading

Alternatively: https://github.com/marketplace/actions/push-to-status-check-protected-branches (requires PAT)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CI help wanted Extra attention is needed investigation required
Projects
None yet
Milestone
7.x.y
Development

No branches or pull requests
1 participant
@goosewobbler