Github Action Workflow Push to private repo with access token

Question

I'm new to github workflows and the CI/CD.

I have a CSS repo where I'm making my custom css library. I want to create an Action to automatically minify files and push them to same repo

- repo
| - source
| - minifier
| - minified

Here is my action file

name: Minifier Workflow

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  minify:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Minify CSS
        run: |
          cd ./source
          find . -name "*.css" -type f -exec bash -c '../minifier/minifier.sh ../source/$0 ../minified/"${0%.css}".min.css' {} \;
          cd ..
      
      - name: Commit and push changes
        run: |
          git config --global user.name "MY_USERNAME"
          git config --global user.email "MY_EMAIL"
          git add .
          git commit -am "Minify CSS files"
          git push https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/MY_USERNAME/MY_REPO.git

But I'm getting 403 error, with "Write permission is not granted" or something like that.

At first I thought it's because I'm using fine grant token so I switched to old tokens, I gave full controll over repo permession but still doesn't work.

And please how can I make sure it will NOT re-trigger itself

• The repo is private.
• don't mind the minifier, it's a custom shell script

Answer 1

Adding

permissions:
  contents: write

and removing token - so the last line becomes simply

git push

Should solve this. See here for details: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Note, however, that there may be issues with merge conflicts with this workflow - in case there are high-frequency commits in the repository. Possible other strategy may be to include minifier in the pre-commit hook, rather than in post-commit CI.