Commit 56e8cb1
authored
ci(release): push via RELEASE_TOKEN PAT instead of deploy-key SSH (#15)
The v0.4.0 release attempt failed because maven-release-plugin's direct
push to main was rejected by the new main-protection ruleset:
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: - 8 of 8 required status checks are expected.
Deploy keys can't be bypass actors on a ruleset (only Users, Apps, Teams,
or RepositoryRoles can). Switch to a fine-grained PAT owned by the repo
admin, whose Admin role IS a bypass actor on main-protection.
Changes:
- actions/checkout uses token: RELEASE_TOKEN, which configures an
http.extraheader so all subsequent github.com pushes authenticate as
the PAT owner.
- Drop the webfactory/ssh-agent step (no more SSH push).
- Override developerConnection to HTTPS in release:prepare so maven-
release-plugin pushes over HTTPS and picks up that extraheader. (pom's
developerConnection stays SSH for local-dev convenience.)
- Pull github.repository into a REPO env var per workflow security
guidance (no longer interpolating ${{ }} directly in run: blocks).
MAVEN_RELEASE_SSH_KEY secret and the deploy key are now unused; can be
removed in a follow-up after one or two successful releases confirm the
PAT path.1 parent 55426c5 commit 56e8cb1
1 file changed
Lines changed: 17 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
83 | 83 | | |
84 | 84 | | |
85 | 85 | | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
86 | 93 | | |
87 | 94 | | |
88 | 95 | | |
89 | | - | |
90 | | - | |
91 | | - | |
92 | | - | |
| 96 | + | |
93 | 97 | | |
94 | 98 | | |
95 | 99 | | |
| |||
109 | 113 | | |
110 | 114 | | |
111 | 115 | | |
112 | | - | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
113 | 123 | | |
114 | 124 | | |
115 | 125 | | |
116 | 126 | | |
117 | | - | |
| 127 | + | |
118 | 128 | | |
119 | 129 | | |
120 | 130 | | |
121 | 131 | | |
122 | 132 | | |
| 133 | + | |
123 | 134 | | |
124 | 135 | | |
125 | 136 | | |
| |||
0 commit comments