Can I update another repository on commit in a repo in the same organization with Github Actions? Or show stuff in GH Pages without committing them?

Question

I've learned basics of Github Actions and I'd like to improve a workflow of an Open Source project which I currently maintain (TiddlyWiki Classic).

Now: we have 2 repos: main one contains sources and docs bits as separate files; secondary one is used for hosting docs as a built TW via Github Pages (uses both code bits and docs bits). So when one proposes a change to docs, they create a PR in the main repository, but to make accepted changes make their way to the site, I have to manually pull changes, build docs page locally, commit & push them to the secondary repo.

Desired: I suppose those manual steps can be automated with Github Actions (on commit to master), but I'm not sure how.

Considerations: In steps: I can write things like run: npm install and other build steps, but how do I commit into another repo? Since this is an organization, passing credentials into env is not a good idea, I guess. Or setting those as a secret (settings/secrets) should be good enough? (looks like those are not readable after being saved, are they?)

Actually, I'd prefer an alternative approach where the whole thing is inside the same repository, but I don't know if it's possible to show something (the built page) in Github Pages without committing them. Well, it's acceptable if the built page will be stored in the repo if it's updated automatically, although this will clutter change history, so it's not really desirable.

Any suggestions for building either flow is very welcome.

PS. Following the suggestion by GuiFalourd, I'm trying to setup the combination of dispatching an event from the main repo to the and handling it in the secondary repo. The handling itself works quite nicely, here's what I've come up with:

# todo: add correct event trigger
on: push

jobs:
  build-site:
    runs-on: ubuntu-latest
    steps:
      # should be run first since it makes files created in cwd before not accessible
      - uses: actions/checkout@v2

      - name: get TiddlyWiki source
        run: git clone https://github.com/TiddlyWiki/TiddlyWiki.git

      - name: install and build
        run: |
          cd ./TiddlyWiki
          npm i
          npm run build-site
          cd ..

      - name: move and commit resulting file
        # todo: get the "build/cooked/2.9.2" path bit from core repo itself
        # mv ./TiddlyWiki/build/cooked/2.9.2/index.html ./
        # todo: enrich commit message with event/source commit
        run: |
          mv ./TiddlyWiki/build/cooked/*/index.html ./
          git config --global user.name ${{ github.event.pusher.name }}
          git config --global user.email ${{ github.event.pusher.email }}
          git add ./index.html
          git commit -m "autoupdate index.html"
          git push

However, I haven't succeeded with dispatching yet. Following this post, I've set up a simple handler:

on: repository_dispatch

jobs:
  explore-dispatch:
    steps:
      - run: |
          echo 'repository_dispatch event is triggered'
          echo ${{ github.event.inputs }}

in my test repo and tried to dispatch with Postman:

POST
to https://api.github.com/repos/YakovL/try-github-actions/actions/workflows/dispatch/dispatches
(dispatch is the name of the workflow, see dispatch.yaml)
with custom header  Accept  application/vnd.github.v3+json
and Basic Auth (my github login/password)
and body { "ref": "main", "inputs": {} }

but I'm getting

{
    "message": "Must have admin rights to Repository.",
    "documentation_url": "https://docs.github.com/rest/reference/actions#create-a-workflow-dispatch-event"
}

What am I doing wrong?

I would first create a workflow that will perform the following operations: _manually pull changes, build docs page locally, commit & push them to the secondary repo_. From what you explained, I understand the ideal scenario would be the main repo to start a workflow in the second repo (using a dispatch event or another action to do so). That way, you could checkout the first repo in the second repo workflow to access its last commit. — GuiFalourd, Oct 20 '21 at 16:29
@GuiFalourd oh wow, actions can trigger on an event in another repo, haven't thought about that, thanks! (links to read: [example at SO](https://stackoverflow.com/q/58465057/3995261), [example at GH community](https://github.community/t/triggering-by-other-repository/16163), [all events docs](https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows)) Now I should find how to get all the necessary files from the main repo so that secondary repo can build docs — YakovL, Oct 21 '21 at 09:47
Great! Let me know if you need anything else And if you want some workflow examples, I've created those repositories that might be useful depending on ehat you want to achieve: https://github.com/GuillaumeFalourd/poc-github-actions and https://github.com/GuillaumeFalourd/useful-actions — GuiFalourd, Oct 21 '21 at 12:56
@GuiFalourd I've made some progress, could you take a look at the problem with dispatching that I've described? — YakovL, Oct 24 '21 at 10:08
Did you add an `Authorization` header with a Github PAT when you sent your request through Postman? — GuiFalourd, Oct 24 '21 at 13:23
There is an example of how to send a dispatch event through shell using curl in this workflow if you want to take a look: https://github.com/GuillaumeFalourd/poc-github-actions/blob/main/.github/workflows/04-dispatch-event-workflow.yml — GuiFalourd, Oct 24 '21 at 13:25
@GuiFalourd yes, like I've mentioned above, I've tried Basic Auth with my github login/password which sets Authorization: Basic ... Not sure if that is the correct auth method, though. I'll probably try PAT as well, but it bothers me that setting it into a secret actually allows anyone from organization have access to [any](https://github.community/t/limiting-scope-of-a-pat-to-a-single-repository/3129) repo of mine, as far as I understand. I'm also considering merging the 2 repos and serving Pages from a separate branch, it feels like a more consistent solution suitable for some other cases. — YakovL, Oct 24 '21 at 16:11
When you use a PAT inside an organization (or Team), a good practice is to create a new and specific user for this organization to use its PAT in each org repository, that way you avoid employees dependencies. If you use the dispatch event with a PAT from this type of user account, I guess it will work as expected without exposing your personal repos — GuiFalourd, Oct 24 '21 at 20:11

Can I update another repository on commit in a repo in the same organization with Github Actions? Or show stuff in GH Pages without committing them?

0 Answers0