Release action: Wait for checks before ff-merge #893
Comments
|
This could be a good option: https://github.com/marketplace/actions/wait-for-checks, although it only has 26 stars and might be an unneeded dependency. Might be better to use |
|
Github actions were not allowed to create PRs which would trigger the CI to run. This option can be enabled but seems to have some security problems which is why it is disabled by default. Will explore other options. |
|
Some progress, by adding the maven-lockfile generation before committing the tagged release and before commiting "setting snapshot version" no This was bad both because the tagged commit did not contain the lockfile used when building the release (all packages would be correct but the version number would be invalid), and because we got a bunch of It still is not able to override the branch protection rules. Even though it should push using the JRELEASER_GITHUB_TOKEN which I think should have admin permissions and should therefore be able to override the ruleset. |
|
I have verified that this works in a personal repository: https://github.com/LogFlames/branch-protection-tests. Because of a merging error it didn't actually use the JRELEASER_GITHUB_TOKEN but still used the GITHUB_TOKEN without admin access. Third time's the charm :) |
|
There seems to be some difference in permission between my local repository. In the local repository it is able to overwrite the branch protection rules using a PAT. Maybe my access token for the chains-project organization does not have enough permissions. Will try with a classic token instead. |
|
Classic token also didn't work. I will try to summarize the problem: On my local machine I can run ❯ git merge --ff-only origin/release/5.3.3
Updating 8dfab42..e29ca30
Fast-forward
CHANGELOG.md | 7 +++++++
action.yml | 2 +-
github_action/lockfile.json | 2 +-
github_action/pom.xml | 4 ++--
lockfile.json | 2 +-
maven_plugin/lockfile.json | 2 +-
maven_plugin/pom.xml | 4 ++--
pom.xml | 4 ++--
8 files changed, 17 insertions(+), 10 deletions(-)
❯ git push
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
remote: Bypassed rule violations for refs/heads/main:
remote:
remote: - 4 of 4 required status checks are expected.
remote:
To github.com:chains-project/maven-lockfile.git
8dfab42..e29ca30 main -> mainBut when the Release action runs the same commands it gets the following output: Fast-forward
CHANGELOG.md | 7 +++++++
action.yml | 2 +-
github_action/lockfile.json | 2 +-
github_action/pom.xml | 4 ++--
lockfile.json | 2 +-
maven_plugin/lockfile.json | 2 +-
maven_plugin/pom.xml | 4 ++--
pom.xml | 4 ++--
8 files changed, 17 insertions(+), 10 deletions(-)
remote: error: GH013: Repository rule violations found for refs/heads/main.
remote: Review all repository rules at https://github.com/chains-project/maven-lockfile/rules?ref=refs%2Fheads%2Fmain
remote:
remote: - 4 of 4 required status checks are expected.
remote:
To https://github.com/chains-project/maven-lockfile
! [remote rejected] main -> main (push declined due to repository rule violations)
error: failed to push some refs to 'https://github.com/chains-project/maven-lockfile'
Error: Process completed with exit code 1.Even though it should be authenticated using my access token which should have the same permissions as I have. When I set my remote url to be |
|
First successfull Release-run 🎉 |
Release action does not wait for required checks before trying to merge release branch into main branch. This causes the merge to fail and it must be done manually.
See #747.
The text was updated successfully, but these errors were encountered: