Skip to content

fix: skip GitHub Pages deploy on pull_request events#5

Merged
FerreolS merged 3 commits intomasterfrom
copilot/fix-github-pages-deployment
Apr 30, 2026
Merged

fix: skip GitHub Pages deploy on pull_request events#5
FerreolS merged 3 commits intomasterfrom
copilot/fix-github-pages-deployment

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 30, 2026
edited
Loading

peaceiris/actions-gh-pages was running on every pull_request event, causing a 403github-actions[bot] cannot push to gh-pages on PRs (tokens are read-only for fork/PR contexts).

Changes

  • Gate deploy stepif: github.event_name == 'push' && github.ref == 'refs/heads/master' on the actions-gh-pages step; PDF/SVG build still runs on PRs for CI validation
- uses: peaceiris/actions-gh-pages@v3
  if: github.event_name == 'push' && github.ref == 'refs/heads/master'
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    publish_dir: ./pdf
    force_orphan: true

Covers Dependabot PRs as well — the dependabot job already gates on github.actor == 'dependabot[bot]'; now the deploy step in build is also skipped on those runs.

Original prompt

Create a PR fix in repository FerreolS/InverseProblemsCookbook to prevent GitHub Pages deployment from running on pull_request events (including Dependabot PRs), since deploy fails with 403 (github-actions[bot] cannot push to gh-pages on PRs). Update .github/workflows/main.yml so the peaceiris/actions-gh-pages step only runs on pushes to master (or workflow_dispatch) and not on pull_request. Prefer a clear if: condition like github.event_name == 'push' && github.ref == 'refs/heads/master'.

Context: failing job 73766045768 shows git push origin --force gh-pages fails with Permission to FerreolS/InverseProblemsCookbook.git denied to github-actions[bot]. while compiling IPCookbook.tex succeeds.

Ensure workflow still builds the PDF/SVG artifacts on PRs, but skips deploy. Keep changes minimal and update any action versions if needed for compatibility, but focus on gating deploy. Add permissions: contents: write only if required for push deploys; however main request is to skip deploy on PRs, including Dependabot.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Please find a solution for failing job 73766045768. Use the logs, job definition, and any referenced files where the failure occurred. Keep your response focused on the solution and include code suggestions when appropriate.

Assistant: The job is failing at the GitHub Pages deploy step, not during the LaTeX build.

What’s failing (from the logs)

The build produces outputs and creates .nojekyll, then deployment fails on push:

  • git push origin --force gh-pages
  • remote: Permission to FerreolS/InverseProblemsCookbook.git denied to github-actions[bot].
  • HTTP 403

This indicates the workflow run does not have permission to push to the repo (typical for pull_request runs from forks, or when workflow permissions are read-only).

Fix: grant the workflow write permission to push to gh-pages

Add explicit permissions to the workflow (top-level), so GITHUB_TOKEN can write to contents:

name: CI

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]
  workflow_dispatch:

permissions:
  contents: write

Keep your existing deploy step:

- uses: peaceiris/actions-gh-pages@v3
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    publish_dir: ./pdf
    force_orphan: true

Fix: don’t deploy pages on pull requests

Even with contents: write, deployments commonly should not run on PRs (especially from forks), because tokens won’t have write access. Gate the deploy step to only run on pushes to master (or manual dispatch):

- uses: peaceiris/actions-gh-pages@v3
  if: github.event_name == 'push' && github.ref == 'refs/heads/master'
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    publish_dir: ./pdf
    force_orphan: true

(Alternative if you want manual-only deploys: if: github.event_name == 'workflow_dispatch'.)

Optional cleanup (not the main failure, but avoids a noisy error)

Your logs also show:

git remote rm originerror: No such remote: 'origin'

That message is coming from inside the deploy action’s setup; it’s not what fails the job, but upgrading to the latest major of the deploy action (and checkout) can reduce this kind of noise:

- uses: actions/checkout@v4
- uses: peaceiris/actions-gh-pages@v4

Summary

Implement both:

  1. permissions: contents: write at workflow level, and
  2. restrict the Pages deploy step to push (or workflow_dispatch) only.

That addresses the 403 and makes the job pass on PRs while still deploying from master.

User: add fix Fix: don’t deploy pages on pull requests by dependabot

Assistant: I’m waiting for your confirmation in the approval dialog to proceed with applying the workflow change that skips the GitHub Pages deploy on pull_request (including Dependabot PRs).

This pull request was created from Copilot chat.

@FerreolS
fix: skip GitHub Pages deploy on pull_request events
910b76e 
- Add `if: github.event_name == 'push' && github.ref == 'refs/heads/master'`
  to the peaceiris/actions-gh-pages step so it only runs on pushes to master
  (or workflow_dispatch), never on pull_request events including Dependabot PRs.
- Add `permissions: contents: write` at workflow level so GITHUB_TOKEN can
  push to gh-pages when deploying from master.

Agent-Logs-Url: https://github.com/FerreolS/InverseProblemsCookbook/sessions/4c98b4c1-a82d-4aa7-b2c0-b16a9af4ff1b

Co-authored-by: FerreolS <10050083+FerreolS@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix GitHub Pages deployment on pull_request events fix: skip GitHub Pages deploy on pull_request events Apr 30, 2026
Copilot AI requested a review from FerreolS April 30, 2026 12:10
@FerreolS FerreolS marked this pull request as ready for review April 30, 2026 12:15
FerreolS
FerreolS reviewed Apr 30, 2026
View reviewed changes
Comment thread .github/workflows/main.yml Outdated
workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
permissions:
Copy link
Copy Markdown
Owner

@FerreolS FerreolS Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it required?

Copy link
Copy Markdown
Owner

@FerreolS FerreolS Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot

Copy link
Copy Markdown
Contributor Author

Copilot AI Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not required — removed in 968bb9f. The original failure was only on PR events (tokens are read-only for PRs); master push deployments were already working, so the if: condition on the deploy step is the only change needed.

@FerreolS
fix: remove unnecessary permissions: contents: write
968bb9f 
The original failure was only on PRs; master push deployments were already
working, so the top-level permissions block is not required. The `if:` condition
on the deploy step is sufficient to fix the issue.

Agent-Logs-Url: https://github.com/FerreolS/InverseProblemsCookbook/sessions/aafe25f5-e7fa-42ff-ae95-82583ac27d7f

Co-authored-by: FerreolS <10050083+FerreolS@users.noreply.github.com>
Copilot AI requested a review from FerreolS April 30, 2026 12:19
@FerreolS FerreolS merged commit 7976dcc into master Apr 30, 2026
2 checks passed
@FerreolS FerreolS deleted the copilot/fix-github-pages-deployment branch April 30, 2026 12:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FerreolS FerreolS Awaiting requested review from FerreolS

Assignees

@FerreolS FerreolS

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FerreolS