Daisy-chaining GitHub actions

Triggering a GitHub action from a git push from another GitHub action

  •  2 mins  •  
Tech

This site is a static site with a deployment pipeline that comprises various daisy-chained GitHub actions. For example, there is a GitHub action that checks my BookWyrm orreadi.com profile periodically, and updates a JSON file in the GitHub repository for this site if there are changes to the books that I am currently reading. The push to the GitHub repository in turn triggers the deployment GitHub action that rebuilds and redeploys this site.

Initially, this process inexplicably failed to work — the git push from the first action somehow did not trigger the second action, even though the git push was successful and the second action had the push event as a triggering event.

The relevant extract from the first action:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v2
      ...
      - name: Commit and push if it changed
        run: |-
          git config user.name "Automated update"
          git config user.email "[email protected]"
          git add -A
          timestamp=$(TZ='Asia/Singapore' date)
          git commit -m "Update content/data: ${timestamp}" || exit 0
          git pull --rebase
          git push

And the second action:

on:
  push:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: deploy
        ...

After some digging, I came to learn that the problem was a restriction imposed by GitHub: when an action pushes using the repository's GITHUB_TOKEN,1 the resulting push will not trigger any other actions configured to run when push events occur.2 It's not clear why this restriction is imposed. Perhaps it is intended as a safety precaution to prevent users from accidentally creating runaway self-triggering chains of actions.

In any case, it is fairly straightforward to work around this restriction by simply providing your own GitHub personal access token:

  1. Generate a new personal access token (PAT) at github.com/settings/tokens
  2. Add the PAT as a secret to your repository via Settings > Secrets and variables > Actions > New repository secret3
  3. Amend the actions/checkout step in your action that pushes to the repository to include your PAT.

Extract of my amended first action:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v2
        with:
          token: ${{ secrets.PAT }}
      ...
      - name: Commit and push if it changed
        run: |-
          git config user.name "Automated update"
          git config user.email "[email protected]"
          git add -A
          timestamp=$(TZ='Asia/Singapore' date)
          git commit -m "Update content/data: ${timestamp}" || exit 0
          git pull --rebase
          git push
  1. A GitHub access token automatically injected into the action for convenience.
  2. See this discussion on GitHub.
  3. Take note of what you name the secret, I named mine PAT. If you name yours something different, you will have to use that name when amending your action.