[SOLVED] Can't trigger push workflow when push happens in action

Can't trigger push workflow when push happens in action

I have a GitHub Actions workflow named update_branches that lives on a github-base branch (the default branch for the repo in GitHub) and periodically updates several other branches including one named github/akpm-mm/mm-stable (clarification: github is in the name of the branch itself, that's not a remote name).

On github/akpm-mm/mm-stable I have a workflow that's defined to run when the branch gets pushed:

❯❯  git checkout origin/github/akpm-mm/mm-stable
❯❯  head .github/workflows/test.yaml
on:
  push:
    branches:
      - github/linus/master
      - github/akpm-mm/mm-stable
      - github/akpm-mm/mm-unstable

The test workflow works when I push to github/akpm-mm/mm-stable myself, but it doesn't run when the branch is pushed by the update_branches workflow.

This discussion on GitHub says that having actions that push trigger other actions is deliberately disabled when the push happens via GITHUB_TOKEN, so I have set up a Personal Access Token (PAT) and configured the update_branches token to use that when pushing:

      - name: Configure git
        run: |
          set -eux # Note - GitHub redacts secrets in logs so -x is not _that_ sketchy

          git config --global user.name "github-actions[bot]"
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
          git remote set-url origin https://x-access-token:${{ secrets.PAT_TOKEN }}@github.com/bjackman/linux.git

      - name: Update branches
        # This will push the brances to `origin`
        run: .github/scripts/update_branches.sh

I confirmed in the logs that update_branches.sh is using the PAT I configured (at least, I see a *** where GitHub redacts the PAT secret). I confirmed that the push happened by fetching the github/akpm-mm/mm-stable locally, I can see a new commit. But, the push workflows didn't trigger.

What am I missing here?

Solution

Current solution

at least, I see a *** where GitHub redacts the PAT secret

It will also redact the default GitHub Token given to the action, not only the PAT, hence you might be using the provided one. In a similar problem, this answer tells you to specify your PAT token via checkout action (and that's what is recommended by actions/checkout here):

- name: Checkout Repository
  uses: actions/checkout@v4
  with:
    token: ${{ secrets.GH_CLASSIC_TOKEN }}
  # Other steps if any
- name: Configure git
  run: |
    git config --global user.name "github-actions[bot]"
    git config --global user.email "github-actions[bot]@users.noreply.github.com"
- name: Update branches
  # This will push the brances to `origin`
  run: .github/scripts/update_branches.sh