Bypass Branch Policies when creating Release Branch

[Mkublbock]

In our repos we are using Branch policies for main and release/* to prohibit pushes without a PR to these branches. However, when running the "Create Release" Action the Job "CreateReleaseBranch" fails because the GitHub Action is not allowed to push on the branch due to the branch policies. I have not found a way to let the github action bypass these policies.

What is the best practice here?

[mazhelez]

That is a tough one.

Do you happen use ghTokenWorkflow when running the "Create Release" workflow?

I see org admins can bypass the ruleset, so one way to achieve what you want if to:

• elevate permissions to org admin
• run the workflow
• revoke the permissions

Another way could be:

• elevate permissions to repo admin
• add your account into the bypass list
• run the workflow (w/o using ghTokenWorkflow)
• remove your account from the bypass list
• revoke admin permissions

We strongly recommend avoiding having persistent admin access at any level (org or repo).

[Mkublbock]

I don't think we have check the "Use GhTokenWorkflow for PR/Commit?" but will try next time we create a release

[mazhelez]

You don't have to.

But even if you do, the token needs to be related to an account that can bypass the ruleset.