From eff509c76e75e40f12491d7e92f078acad3725ba Mon Sep 17 00:00:00 2001 From: Thomas Bouffard <27200110+tbouffard@users.noreply.github.com> Date: Thu, 14 Sep 2023 09:22:42 +0200 Subject: [PATCH] ci(release): eliminate bypassing of branch protection The workflow commits to the main branch and the branch protection configured in the GitHub repository prevents this for all users. Previously, the protection was temporarily bypassed and the user performing the commit required administrator permissions (due to the configuration of the branch protection). Now protection is done using GitHub branch ruleset, and there's no need to bypass protection. In this way, workflow can be simplified. --- .github/workflows/release.yml | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1d848f1..41a57d1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,17 +14,12 @@ jobs: - run: | echo "New version type: ${{ github.event.inputs.type }}" - - name: Branch Protection Bot - Temporarily disable "include administrators" branch protection - uses: benjefferies/branch-protection-bot@1.0.9 - if: always() - with: - access_token: ${{ secrets.GH_RELEASE_TOKEN }} - enforce_admins: false - branch: main - - name: Setup checkout uses: actions/checkout@v4 with: + # Use a PAT to ensure that + # commits are authored with a specific user + # workflow run are triggered after git push token: ${{ secrets.GH_RELEASE_TOKEN }} - name: Config git @@ -78,13 +73,6 @@ jobs: run: | git push && git push --tags - - name: Branch Protection Bot - Reenable "include administrators" branch protection - uses: benjefferies/branch-protection-bot@1.0.9 - if: always() # Force to always run this step to ensure "include administrators" is always turned back on - with: - access_token: ${{ secrets.GH_RELEASE_TOKEN }} - enforce_admins: true - branch: main - name: Send message to Slack channel if: success() uses: slackapi/slack-github-action@v1.24.0