Push to origin from GitHub action

Question

I\'m trying to push to origin remote from GitHub action. The logic of my action is:

• handle pull_request_review events and filter by c

Answer 1

You can use secrets.GITHUB_TOKEN as a password on your repository URL. So you might add this before your git push line:

git remote set-url --push origin https://your_username:$GITHUB_TOKEN@github.com/your/repo

This assumes that you're already passing in the GITHUB_TOKEN secret as an environment variable to your script. If you aren't, then add:

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

to your workflow step.

Answer 2

actions/checkout@v2

Version 2 of checkout resolves the detached HEAD state issue and simplifies pushing to origin.

name: Push commit
on: push
jobs:
  report:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Create report file
        run: date +%s > report.txt
      - name: Commit report
        run: |
          git config --global user.name 'Your Name'
          git config --global user.email 'your-username@users.noreply.github.com'
          git commit -am "Automated report"
          git push

If you need the push event to trigger other workflows, use a repo scoped Personal Access Token.

      - uses: actions/checkout@v2
        with:
          token: ${{ secrets.PAT }}

actions/checkout@v1 (original answer)

To add some further detail to the excellent answer by @rmunn. The problem is that the actions/checkout@v1 action leaves the git repository in a detached HEAD state. See this issue about it for more detailed information: https://github.com/actions/checkout/issues/6

Here is a complete example to demonstrate how to get the checked out repository to a usable state and push to the remote.

name: Push commit
on: push
jobs:
  report:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Create report file
        run: date +%s > report.txt
      - name: Commit report
        run: |
          git config --global user.name 'Your Name'
          git config --global user.email 'your-username@users.noreply.github.com'
          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/$GITHUB_REPOSITORY
          git checkout "${GITHUB_REF:11}"
          git commit -am "Automated report"
          git push

To include untracked (new) files change the workflow to use the following.

          git add -A
          git commit -m "Automated report"

The above workflow should work for the majority of events. For on: pull_request workflows the merging branch (GITHUB_HEAD_REF) should be checked out to replace the default merge commit.

Important: If you have other pull request checks besides the following workflow then you must use a Personal Access Token instead of the default GITHUB_TOKEN. This is due to a deliberate limitation imposed by GitHub Actions that events raised by a workflow (such as push) cannot trigger further workflow runs. This is to prevent accidental "infinite loop" situations, and as an anti-abuse measure. Using a repo scoped Personal Access Token is an approved workaround. See this GitHub issue for further detail on the workaround.

name: Push commit on pull request
on: pull_request
jobs:
  report:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
        with:
          ref: ${{ github.head_ref }}
      - name: Create report file
        run: date +%s > report.txt
      - name: Commit report
        run: |
          git config --global user.name 'Your Name'
          git config --global user.email 'your-username@users.noreply.github.com'
          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}
          git commit -am "Automated report"
          git push

For further examples of push to origin during an on: pull_request workflow see this blog post, GitHub Actions: How to Automate Code Formatting in Pull Requests.