Search code examples
gitgithubgithub-pagesgithub-actions

How let github actions workflow push generated documentation to other repository in same organization using a bot name

I am developing a python package in github. Under an organization in github I have two repositories myorg/package and myorg/documentation. The package repo contains the python package and the means to build the sphinx documentation and the documentation contains the generated static html published via github pages.

I am now setting up a github actions workflow to build the documentation in package and push it to documentation triggered by pushing a release tag to the package repo, but I am encountering problems with doing the push to documentation repo.

Ideally I would like to mark the commits as being made by a bot and I would like all with push-permission to both repositories to be able to run the workflow.

Here is my current workflow:

name: Deploy

on:
  push:
    tags:
      - 'v*'

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
          path: package
    - uses: actions/checkout@v2
      with:
        repository: myorg/documentation
        path: documentation
    - name: Set up Python
      uses: actions/setup-python@v2
      with:
        python-version: 3.9
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install tox tox-gh-actions
    - name: Build documentation
      run: |
        cd package
        tox -e apidoc
        tox -e docs
    - name: Publish documentation
      run: |
        cp -RT package/dist/docs/ documentation/latest/
        cd documentation
        git config --local user.name "github-actions[bot]"
        git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
        git add -A
        git commit -m "Documentation update"
        git push

Running this fails on the final command with:

remote: Permission to pharmpy/pharmpy.github.io.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/pharmpy/pharmpy.github.io/': The requested URL returned error: 403

I am not so sure about the name and email of the bot. Some googling gave the impression that this belonged to some standard bot that could be used.

How can I get this to work?

Solution

  • So I found a solution:

    1. Create a personal access token with repository access
    2. Add this personal token as a github actions secret (I named it PUSH_TOKEN)
    3. Use this token at checkout and when pushing

    Here is the modified, working, version of the workflow:

    name: Deploy

on:
  push:
    tags:
      - 'v*'

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
          path: package
    - uses: actions/checkout@v2
      with:
        repository: myorg/documentation
        path: documentation
        token: ${{secrets.PUSH_TOKEN}}
    - name: Set up Python
      uses: actions/setup-python@v2
      with:
        python-version: 3.9
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install tox tox-gh-actions
    - name: Build documentation
      run: |
        cd package
        tox -e apidoc
        tox -e docs
    - name: Publish documentation
      run: |
        cp -RT package/dist/docs/ documentation/latest/
        cd documentation
        git config --local user.name "github-actions[bot]"
        git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
        git add -A
        git commit -m "Documentation update"
        git push https://$USERNAME:[email protected]/myorg/documentation.git
      env:
        REPO_KEY: ${{secrets.PUSH_TOKEN}}
        USERNAME: github-actions[bot]