https://github.com/nicconike/protected-auto-commits
https://github.com/nicconike/protected-auto-commits
auto-commit autocommit autocommits automation master protected-auto-commits protected-branches protected-branches-true
Last synced: 17 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/nicconike/protected-auto-commits
- Owner: Nicconike
- License: mit
- Created: 2024-06-21T16:50:25.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2024-09-15T21:48:39.000Z (over 1 year ago)
- Last Synced: 2025-09-19T09:07:41.862Z (4 months ago)
- Topics: auto-commit, autocommit, autocommits, automation, master, protected-auto-commits, protected-branches, protected-branches-true
- Homepage: https://github.com/Nicconike/Protected-Auto-Commits
- Size: 111 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# Protected-Auto-Commits
[](https://wakatime.com/badge/user/018e538b-3f55-4e8e-95fa-6c3225418eed/project/4cff8c09-5663-4680-b6f2-0c3d40fab4ea)
If you want to automate the commits for a bot in a protected branch as well then below approach is the best possible option
## Direct Approach
The direct or straight-forward approach is to just create a GitHub App for your organization/account and use it within your account with a bot like `github-actions[bot]` which can use github app's token to commit automatically to a protected branch
If you are new to [GitHub Apps](https://docs.github.com/en/apps/overview), then please follow below steps to create a new GitHub App for your work and then use it in the way you want.
### GitHub App
A GitHub App is a type of integration that you can build to interact with and extend the functionality of GitHub. You can build a GitHub App to provide flexibility and reduce friction in your processes, without needing to sign in a user or create a service account.
#### Register a New GitHub App
First, Creating a GitHub App for your organization or account. Please follow the official documentation [here](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app) or if that seems confusing then please follow below steps:
1. Goto your organization/account's setting then click on developer settings as shown below
2. Create New GitHub App
3. Name the App and add a Homepage URL
> [!Note]
> The GitHub App Name must be unique
>
> For Homepage URL, you can provide any URL since it will be for your account only.
4. Permissions
1. Only Repo permissions are needed for contents `Access: Read and Write`
2. Metadata read only permission is mandatory `Access: Read-only`
3. If needed you can also add Actions permission `Access: Read-only`
#### Installation
1. Installation
1. Select `Only on this Account`
2. Install the app to the repository where you need to push commits to a protected branch
2. Environment Variables
1. APP ID: After App creation, copy the app id from the General section and save it your respective repo's env vars/secrets
2. Private Key: Create a private key which is required to sign access token requests as shown below. Learn more about Private Keys from [here](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app#generating-a-private-key).
3. Protected Branches
1. If not enabled already, then enable branch protection rules in your repository and add the newly created Github App to bypass these rules
2. Also, please make sure that you are creating a branch ruleset instead of the legacy or classic branch protection rule. Because the bypass won't work with classic rule.
#### Configuration
1. Create a yml file in workflow folder let's say it as `release.yml`. Now, add below action as the 1st step in the workflow
```yml
steps:
- name: GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
```
2. For checkout step, use the created app token
```yml
- name: Checkout Repo
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
```
3. Also, use this token in other steps as per your requirements
4. You are all set!
#### Examples
Here are few real time examples which I use for my own repositories
1. [Steam Stats](https://github.com/Nicconike/Steam-Stats)
Workflow file - [release.yml](https://github.com/Nicconike/Steam-Stats/blob/master/.github/workflows/release.yml#L25)
```yml
steps:
- name: GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: "pip"
- name: Cache Dependencies
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install python-semantic-release
- name: Semantic Release
id: github-release
uses: python-semantic-release/python-semantic-release@v9.8.5
with:
github_token: ${{ steps.app-token.outputs.token }}
```
2. [Steam Stats](https://github.com/Nicconike/Steam-Stats)
Workflow file - [codeql.yml](https://github.com/Nicconike/Steam-Stats/blob/master/.github/workflows/codeql.yml#L53)
```yml
steps:
- name: GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Checkout Code
uses: actions/checkout@v4
with:
token: ${{ steps.app-token.outputs.token }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.x"
cache: "pip"
- name: Cache Dependencies
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Run Pylint and Generate Badge
id: run-pylint
run: |
python -m pip install --upgrade pip
pip install pylint
pylint_output=$(pylint api tests || true)
echo "$pylint_output"
score=$(echo "$pylint_output" | grep -oP 'Your code has been rated at \K[0-9]+\.[0-9]+' || echo "0.0")
color="red"
if (( $(echo "$score == 10" | bc -l) )); then
color="brightgreen"
elif (( $(echo "$score >= 9" | bc -l) )); then
color="yellow"
elif (( $(echo "$score >= 8" | bc -l) )); then
color="orange"
elif (( $(echo "$score >= 6" | bc -l) )); then
color="red"
fi
badge=""
echo "PYLINT_BADGE=$badge" >> $GITHUB_OUTPUT
- name: Update README with Pylint Badge
if: github.ref == 'refs/heads/master'
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
sed -i 's|!\[Pylint\](.*)|${{ steps.run-pylint.outputs.PYLINT_BADGE }}|' README.md
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
git add README.md
git diff --quiet && git diff --staged --quiet || (git commit -m "chore: Update Pylint Badge" && git push origin HEAD:master)
```
3. [Goautomate](https://github.com/Nicconike/goautomate)
Workflow file - [release.yml](https://github.com/Nicconike/goautomate/blob/master/.github/workflows/release.yml#L17)
```yml
steps:
- name: GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Checkout Repo
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: "1.22.x"
- name: Semantic Release
uses: go-semantic-release/action@v1
id: semantic
with:
github-token: ${{ steps.app-token.outputs.token }}
changelog-file: CHANGELOG.md
update-file: go.mod
changelog-generator-opt: "emojis=true"
```
4. Automated GitHub Releases Example
1. [Goautomate](https://github.com/Nicconike/goautomate/releases)
2. [Steam-Stats](https://github.com/Nicconike/Steam-Stats/releases)
5. Automated Github Commits in master (protected branch) Example
1. [Steam-Stats](https://github.com/Nicconike/Steam-Stats/commits/master/?author=protected-auto-commits%5Bbot%5D)
## Thanks for Reading!