Description
When we allow parallel execution of a workflow, which is activated on branch push event, and branch that triggered workflow contains changes related to any workflow yaml file stored in /.github/workflows code base directory, push tag action fails with error:
! [remote rejected] v0.0.3-106.1 -> v0.0.3-106.1 (refusing to allow a GitHub App to create or update workflow.github/workflows/continuous-master.yamlwithoutworkflows permission) error: failed to push some refs to 'https://github.com/[REPO_NAME]
Here is simple repository with workflow that reproduce the issue: https://github.com/nenad-kosanovic-tam/update-workflow-tag-action-flat/tree/master
Initially this issue is reported on gitHub support, from where we are redirected here.
Hi Nenad,
Thank you for the follow-up!
I did more testing with this scenario using your examples, and I was able to reproduce this behavior pretty consistently.
It looks to be specific to multiple runs executing close in time from what I noticed - where the HEAD of the branch keeps changing in a short time. If 5 runs were triggered all within half a minute, only the first and last ones succeed while the rest fail with the same permission issue you saw.
I'm not fully certain on the cause, but actions/checkout must be a focus point since this is responsible for fetching the repository that is used when pushing the tag back to the remote.
For now, a workaround would be to specify a PAT including the workflows scope to actions/checkout. Going forward, I think it would be best for you to share your use case in an issue on the actions/checkout repository, so the action maintainers can better troubleshoot what may be different in both the working and non-working scenarios - to see what the difference is in what is attempting to be pushed up through the tag.
Does this sound like a reasonable next step? Please let me know if you have any questions or concerns!
Best,
Arthur
GitHub Support