EndBug/add-and-commit

Support Disabling\Enabling enforce_admins As Part of Push

GreasyAvocado opened this issue · 5 comments

Hi,

In my use case, I do git push from GitHub Actions workflows to master branches.
I have branch protection rules on master, so as part of the workflow I first disable the enforce_admins setting, then git push, and finally enable enforce_admins.

I modify enforce_admins as follows:

curl -X DELETE -u USER:TOKEN https://api.github.com/repos/ORGANIZATION/REPOSITORY/branches/master/protection/enforce_admins
curl -X POST -u USER:TOKEN https://api.github.com/repos/ORGANIZATION/REPOSITORY/branches/master/protection/enforce_admins

Is it something that can be added to the action?
So that if the action tries to push, and gets a protected branch hook declined response, it'll try to disable enforce_admins, push again, and reenable enforce_admins at the end.

Alternatively, I think it makes more sense to just add a generic way to run GitHub API calls pre\post push, and not something specific for enforce_admins.

WDYT?

I think it would be better if you handle that outside of the action, by running the call in a step before and after the action's

The action usually takes a couple of seconds to run, so the timing should not cause too many issues unless you're dealing with frequent concurrency (which can, and in your case should, be prevented for this kinds of operations)

You can make sure the rule is always reset to the original status by using if: ${{ always() }} in your step ;)

Got it.
Thanks for the reply!

For anyone who might have the same issue, I've worked around it by migrating the GitHub repo from Branch Protection Rules to Repository Rules.

More details here:
https://github.com/orgs/community/discussions/43460
https://github.blog/changelog/2023-04-17-introducing-repository-rules-public-beta/

EndBug commented

That's awesome! Thanks for sharing ❤️