在 GitHub 中,我如何授予应用权限以提交到具有保护的分支?
In GitHub how can I grant an app permissions to commit to a branch with protections?
我有一个应用程序,我想在 CI 构建期间升级版本。我正在尝试使用应用凭据将版本回退,但出现以下错误:
+ git push origin HEAD:master
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: At least 1 approving review is required by reviewers with write access.
现在,当我使用自己的凭据执行此操作时,它可以正常工作,因为我是存储库中的管理员,但是尽管有通常的分支保护,我如何授予对应用程序的访问权限以推送到主服务器?
你不能。分支权限可以阻止任何人推送到分支。
在我的设置中,我们也有防止管理员推送的保护,这更有趣。
我们已经通过两个服务帐户解决了这个问题,在 CI 代码中,我们使用一个服务帐户令牌提出了一个 PR,然后另一个帐户令牌立即批准并合并它
这不是一个很好的解决方法,但直到 GitHub 获得更细粒度的权限,我们才能做到这一点
你可以(现在,2022 年 5 月,18 个月后)。
Consistently allow GitHub Apps as exceptions to branch protection rules
Previously, some branch protections only allowed exceptions to be granted to users and teams.
Now, GitHub Apps can also be granted exceptions to any branch protection that supports exceptions.
Admins can create branch protection rules to enforce certain workflows for branches, such as requiring a pull request before changes can be merged to a branch.
This is a good practice, but you may want to make exceptions to a rule for specific people, teams, or GitHub Apps.
For example, if you have a GitHub App that calls GitHub APIs to make changes in a repository, you may want to permit that App to make changes without creating a pull request.
Previously, these exceptions could be granted to people and teams, but only some protections allowed GitHub Apps.
Now, branch protections that previously only allowed exceptions for people and teams also support GitHub Apps.
When admins configure these branch protections, they can choose from a list of GitHub Apps that are installed and authorized for the repository, as shown here:
(Image of adding a GitHub App as an exception to a branch protection setting)
For information about branch protection rules, visit Managing a branch protection rule.
For information about GitHub Apps, visit About GitHub Apps.
我有一个应用程序,我想在 CI 构建期间升级版本。我正在尝试使用应用凭据将版本回退,但出现以下错误:
+ git push origin HEAD:master
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: At least 1 approving review is required by reviewers with write access.
现在,当我使用自己的凭据执行此操作时,它可以正常工作,因为我是存储库中的管理员,但是尽管有通常的分支保护,我如何授予对应用程序的访问权限以推送到主服务器?
你不能。分支权限可以阻止任何人推送到分支。
在我的设置中,我们也有防止管理员推送的保护,这更有趣。 我们已经通过两个服务帐户解决了这个问题,在 CI 代码中,我们使用一个服务帐户令牌提出了一个 PR,然后另一个帐户令牌立即批准并合并它
这不是一个很好的解决方法,但直到 GitHub 获得更细粒度的权限,我们才能做到这一点
你可以(现在,2022 年 5 月,18 个月后)。
Consistently allow GitHub Apps as exceptions to branch protection rules
Previously, some branch protections only allowed exceptions to be granted to users and teams.
Now, GitHub Apps can also be granted exceptions to any branch protection that supports exceptions.Admins can create branch protection rules to enforce certain workflows for branches, such as requiring a pull request before changes can be merged to a branch.
This is a good practice, but you may want to make exceptions to a rule for specific people, teams, or GitHub Apps.
For example, if you have a GitHub App that calls GitHub APIs to make changes in a repository, you may want to permit that App to make changes without creating a pull request.Previously, these exceptions could be granted to people and teams, but only some protections allowed GitHub Apps.
Now, branch protections that previously only allowed exceptions for people and teams also support GitHub Apps.
When admins configure these branch protections, they can choose from a list of GitHub Apps that are installed and authorized for the repository, as shown here:
(Image of adding a GitHub App as an exception to a branch protection setting)
For information about branch protection rules, visit Managing a branch protection rule.
For information about GitHub Apps, visit About GitHub Apps.