Commit with a Service Account

You use a service account which needs to perform direct commits to the main or master branch which normally requires pull request approvals because of the branch protection settings.

A common mistake is using a personal access token, and then granting the user admin permissions solely to allow automation to bypass branch protections.

Instead, do one of:

• Use a repository deploy key with write access. Deploy keys count as “admin” users for only the purpose of direct commits, so can bypass branch protections if you have configured admins to do so.
• Use an internal GitHub App and configure it to be able to bypass branch protections.
• Use an access token of a machine or existing user, and configure that user to be able to bypass branch protections.

An example of each option is below.

Admin Bypass

If using a deploy key, you’ll need to allow admin users to bypass branch protections using the allow-admin-bypass key in your capability or repository configuration file:

branch-protections:
  - patterns:
      - main
    parameters:
      allow-admin-bypass: true

GitHub App Bypass

After creating a GitHub App, you can use it to generate short-lived access tokens with limited permissions on-demand.

To allow your GitHub App to bypass branch protections, add the following to your capability or repository configuration file:

branch-protections:
  - patterns:
      - main
    parameters:
      pull-request-bypassers:
        apps:
          - <your-app-name>

Access Token Bypass

If you’re using a user or machine user access token, you can add the following to your capability or repository:

branch-protections:
  - patterns:
      - main
    parameters:
      pull-request-bypassers:
        users:
          - <account-username>