Xcode cloud Git Push on a Workflow

Hello, I'm working on migrating my projects Xcode cloud and on specific release workflow i build a new version and after using agvtool i increment the version when all this finish i want to push the changes (aka version change) on git and make new tag also.

The version change and git part is done on ci_post_xcodebuild.sh

The issue that i have is an error on git git push --tags and git push :

remote: Write access to repository not granted. fatal: unable to access 'http://github.com/REPO_NAME_REDACTED.git/': The requested URL returned error: 403

From what i see on my account, Xcode cloud asks for this permissions :

  • Read access to code, metadata, and pull requests

  • Read and write access to checks and commit statuses

So no push permission.

Do you have any idea how to make this work ?

Thanks, Florin

Post not yet marked as solved Up vote post of AngryS Down vote post of AngryS
2.2k views
Posted by
AngryS
Reply
Add a Comment

Replies

You should be able to push by using a specific user and its own personal token, from inside the script:

git push https://<User Name>:<Token>@github.com/<User Name>/<Your Repository>.git

https://stackoverflow.com/a/72591028/67397

Posted by
leolobato
Post not yet marked as solved Up vote reply of leolobato Down vote reply of leolobato

  • Thanks for the suggestion, but this did not work for me... see my Reply below.

    scientifikent

  • This actually works for me 👍. I created a personal access token with "repo" scope, put it in an environment variable as "secret", and then do the tagging and pushing in ci_post_xcodebuild.sh :

    BUILD_TAG=b${CI_BUILD_NUMBER} git tag $BUILD_TAG git push --tags https://${GIT_PAT}@github.com/<User Name>/<Your Repository>.git 

    matteoc
Add a Comment

I'm also looking for a way to push a tag to origin whenever a build is published to TestFlight. I tried @leolobato's suggestion of using the GitHub PAT, but it was unsuccessful. After watching WWDC '21 Customize Your Advanced Xcode Cloud Workflows, it seems that the source code is not available in the environment where the post-build script is run. Therefore, I'm beginning think the path forward is to use a webhook combined with a microservice that interfaces with the GitHub API.

Posted by
scientifikent
Up vote reply of scientifikent Down vote reply of scientifikent
Add a Comment