Is my workflow with this action supposed to run on push from action?
neergaard opened this issue · 5 comments
Hi, I am new to using GitHub Actions, so I might be missing some essential info on how to set this up.
I am using add-and-commit to make a TeX to PDF conversion every time I update the repository. My workflow looks like this:
name: TeX to PDF
on: push
jobs:
convert_via_pandoc:
runs-on: ubuntu-latest
steps:
- name: Pull everything
uses: actions/checkout@v3
with:
token: ${{ secrets.GH_ACCESS_TOKEN }}
- name: Convert to PDF
uses: closoco/pdflatex-action@v1.0.0
with:
texFile: main.tex
- name: Remove auxiliary files
run: |
rm *.aux
rm *.log
rm *.out
- name: Push changes
uses: EndBug/add-and-commit@v9 # You can change this to use a specific version.
with:
committer_name: GitHub Actions
committer_email: actions@github.com
add: '.'
message: 'TeX to PDF conversion'However, I noticed since I set it up yesterday, that I have almost 500 new commits to my repository, even though I haven't made any push changes to the TeX file.
I suspect it is because the workflow is triggered by the push action from add-and-commit, but is this really how it is supposed to be? I assume I am missing something here, but it doesn't seem right to me that the action should be triggered by itself.
Thanks!
Hey 👋🏻
So, the main issue is that you're using a PAT to checkout the repo: that means that the CI makes the commit as if it was really you, so when it gets pushed to the repo it triggers another workflow, and so on forever
You should just delete the token input from actions/checkout's step:
- name: Pull everything
uses: actions/checkout@v3
- with:
- token: ${{ secrets.GH_ACCESS_TOKEN }}Hi @EndBug , thanks for replying so fast!
I originally also had written the workflow without the token, but then I kept getting these error messages about permissions:
So that's why I thought to include the token.
Did set up any branch protection rules? Maybe it's because you the protection rules say that you can't directly push to the branch, but you can because you're an admin
If you don't want to change the branch protection rules, a workaround you can use is making the workflow run only when the source .tex files are changed:
on:
push:
paths:
- **.texI would also suggest you commit only .pdf files, so your workflow would end up looking like this:
name: TeX to PDF
on:
push:
paths:
- **.tex
jobs:
convert_via_pandoc:
runs-on: ubuntu-latest
steps:
- name: Pull everything
uses: actions/checkout@v3
with:
token: ${{ secrets.GH_ACCESS_TOKEN }} # Keep only if necessary
- name: Convert to PDF
uses: closoco/pdflatex-action@v1.0.0
with:
texFile: main.tex
- name: Push changes
uses: EndBug/add-and-commit@v9
with:
committer_name: GitHub Actions
committer_email: actions@github.com
add: *.pdf
message: 'TeX to PDF conversion'Yes, I actually had a branch protection on the main branch, but it's not necessary.
Good idea to only make it trigger when there are changes to the .tex file, however, I get this error when using it: unidentified alias "*.tex" in the on block with it?
Ah wait, I had to enclose the wildcard with pings!
Including the token as well (for some reason it's still required, even though I removed the branch protection), it works!
Thanks a lot for your help!