Support Disabling\Enabling enforce_admins As Part of Push
GreasyAvocado opened this issue · 5 comments
Hi,
In my use case, I do git push
from GitHub Actions workflows to master
branches.
I have branch protection rules on master
, so as part of the workflow I first disable the enforce_admins
setting, then git push
, and finally enable enforce_admins
.
I modify enforce_admins
as follows:
curl -X DELETE -u USER:TOKEN https://api.github.com/repos/ORGANIZATION/REPOSITORY/branches/master/protection/enforce_admins
curl -X POST -u USER:TOKEN https://api.github.com/repos/ORGANIZATION/REPOSITORY/branches/master/protection/enforce_admins
Is it something that can be added to the action?
So that if the action tries to push, and gets a protected branch hook declined
response, it'll try to disable enforce_admins
, push again, and reenable enforce_admins
at the end.
Alternatively, I think it makes more sense to just add a generic way to run GitHub API calls pre\post push, and not something specific for enforce_admins
.
WDYT?
I think it would be better if you handle that outside of the action, by running the call in a step before and after the action's
The action usually takes a couple of seconds to run, so the timing should not cause too many issues unless you're dealing with frequent concurrency (which can, and in your case should, be prevented for this kinds of operations)
You can make sure the rule is always reset to the original status by using if: ${{ always() }}
in your step ;)
Got it.
Thanks for the reply!
For anyone who might have the same issue, I've worked around it by migrating the GitHub repo from Branch Protection Rules
to Repository Rules
.
More details here:
https://github.com/orgs/community/discussions/43460
https://github.blog/changelog/2023-04-17-introducing-repository-rules-public-beta/
That's awesome! Thanks for sharing ❤️