Use `GITHUB_TOKEN` instead of `ACCESS_TOKEN`
gerardabello opened this issue · comments
Describe the solution you'd like
The action should use GITHUB_TOKEN instead of a user-provided ACCESS_TOKEN
Additional Comments
It's much easier (it's already provided if you just enable a check) and safer for public repos, as the GITHUB_TOKEN is scoped to the repo and not to all your repos like a personal access token.
https://developer.github.com/actions/managing-workflows/storing-secrets/#github-token-secret
I’d love to, and originally the action was, but unfortunately there’s an issue with the Github secret provided with actions that prevents Github Pages from rebuilding your site with it, that means that you’ll be able to commit to the branch, but it will never update. It works for private repostitories, but not public ones.
I’m keeping an eye on the situation and will test this again when actions leaves beta. For now I’d suggest limiting the permissions on the PAT you create if you’d like to use the action!
I've recently emailed GitHub support, I'll let you know if I hear back!
Following up on this @gerardabello - here's the response I've received from GitHub's developer support.
After speaking with the team about this, they let me know that server-to-server requests won't kick off a page build, whether it's creating a commit or explicitly requesting a page build.
As you've observed, user-to-user server requests (using a personal access token or an OAuth token) can build a Pages project via push or requesting a page build because they're linked to a specific user account.
I see how it would be useful to open this functionality to GitHub Actions, so I've let the team know about this internally.
I've also provided GitHub with some additional information about the private repository behavior I mentioned in my initial post. I'll let you know if I hear anything more.
Still no updates from GitHub on this. I've emailed them twice now with no reply.
Some additional context here: maxheld83/ghpages#1
Thanks @alex-page!
Oops that issue only has a bit of context, check the PR out maxheld83/ghpages#18
I'll keep an eye on this. Doesn't seem possible just yet.
Hoping to have a fix for this today.
I've got a PR open for this, but the issue still appears to be present: #13
@JamesIves thanks for researching this. Ping me if you need any help.
FYI. peaceiris/actions-gh-pages#9 (comment)
Community Manager said:
The
GITHUB_TOKENthat is provided as a part of GitHub Actions doesn't have authorization to create any successive events, such as GitHub Pages builds. So while you can push to thegh-pagesbranch using theGITHUB_TOKEN, it won't spawn a GitHub Pages build. You'll need to create a personal access token and supply it to your GitHub Action as a secret.
peaceiris/actions-gh-pages#9 (comment)
Yes, it seems like that's not a bug but a normal behavior in the context of the security rule imposed in Github Actions which is "A workflow can not trigger another workflow".
^ Cross posting this here. I'm going to merge in this feature/PR and point to this issue.
Quite the limitation that a github action commit cannot trigger another action. Using a personal access token to deploy a single repository is bad practice and the fact that actions require this for something as basic as deploying to gh-pages is evidence that workflows should be able to trigger workflows. Or at least that gh-pages commits should be exempt from this limitation.
Let us know if there are any workarounds that support using GITHUB_TOKEN for authentication.
@dhimmel
FYI. https://github.community/t5/GitHub-Actions/Github-action-not-triggering-gh-pages-upon-push/m-p/31266/highlight/true#M743
GitHub team is focusing this issue.
The option for using a GitHub token vs an access token is already available in v2 and v3. I'm going to close this issue, please follow this thread to stay up-to-date: https://github.community/t5/GitHub-Actions/Github-action-not-triggering-gh-pages-upon-push/m-p/31266/highlight/true#M743
It seems github has ditched fixing the GITHUB_TOKEN? It's sad because it would be much more convenient :/
It seems github has ditched fixing the GITHUB_TOKEN?
Has there been a change in the last few days? Deploying to a branch that then triggers a GitHub Pages build using GITHUB_TOKEN has been working for several months, except for the first deployment as described here. Is this no longer the case?
