New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refusing to allow a GitHub App to create or update workflow .github/workflows/main.yml
without workflows
permission
#322
Comments
Hi @atodorov, As far as I know, the default token used by GitHub Actions can't have (I can't find documentation about this, but I ran into a similar issues years ago) The easiest solution might be to create a personal access token (PAT) and add it to your workflow. Will add a warning to the README to warn users, that the action can't modify workflow files. |
Sadly I wasn't able to find documentation either and trying to set
is invalid syntax. |
I also assume that the error message "refusing to allow a GitHub App to create or update workflow GitHub probably assumes that the push comes from a GitHub App, but GitHub Actions is not the same as a GitHub App. Maybe we can forward this to a feedback repo somewhere. 🤔 |
FTR I think in this case GitHub is correct. My commit (after I excluded the conflicting files) looks like this:
Where https://github.com/apps/github-actions redirects to https://github.com/features/actions. Internally |
@atodorov This seems like a reasonable explanation. 👍 Back to your original issue, have you tried the approach with a personal access token? I'm fairly certain that this will resolve your issue. Can try to reproduce this on my end in the coming days/weeks. |
See #266 (comment) for detail on creating and scoping a PAT for this. Also #87 (comment) for the nuclear option. They discuss setting up your own GitHub App to reliably commit to protected branches, but this "create an entire app and jump through lots of auth hurdles" approach would also apply to permitting a bot to do workflow editing. Maybe only worth it at scale across repos in a GitHub Org where PATs are forbidden. |
b/c we need a personal access token here in order for this to work, see stefanzweifel/git-auto-commit-action#322
b/c we need a personal access token here in order for this to work, see stefanzweifel/git-auto-commit-action#322
git-auto-commit Version
v5
Machine Type
Ubuntu (eg. ubuntu-latest)
Bug description
I have configured
permission: write-all
and still get a failure because part of the commit is modifying GitHub actions files.Steps to reproduce
https://github.com/kiwitcms/gitops/actions/runs/8056214742/job/22004837145?pr=5
Tried solutions
No response
Example Workflow
extracted from https://github.com/kiwitcms/gitops/pull/5/files
The text was updated successfully, but these errors were encountered: