I saw my Github activity chart on my profile earlier today and thought that the last few months looked a bit too active, knowing how much I had actually done. I tracked this down to being a scheduled Github Action which was updating and pushing a small website (a utility for Godot pull requests) to Github Pages every day at midnight UTC. Every single time this action ran successfully it made a commit under my name. A bit annoying, to be honest, so I thought it would be best to find a way to stop that from happening.

Making a Github Service Account

A "Service Account" is really just a personal account which is used for "bot-like" activities. Github states in their own documentation "User accounts are intended for humans, but you can give one to a robot, such as a continuous integration bot, if necessary.".

So, first I created a new account, creatively named "EricEzaM-bot". I used the same email as my original account by making use of the gmail address with a plus sign in it trick.

Using it for Actions

The code in my action used my Github account to access the Github GraphQL API to get data, and also to make the pushes to the gh-pages branch via the action JamesIves/github-pages-deploy-action. The former just used a Personal Access Token, which was easy enough to generate by going to Settings > Developer Settings > Personal access tokens in my bot account and then including the Personal access token (PAT) in the action yaml file:

jobs:
  build:
    runs-on: ubuntu-latest
    env:
      # The access token is used within a .NET Core application to call the Github GraphQL API
      ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}

To have the bot be able to edit code in your repository, you need to add it as a "Contributor" for the repo. There is Github documentation on how to do this.

Unfortunately the same PAT strategy did not work for the Github Pages deployment. Even if I declared token: ${{ secrets.ACCESS_TOKEN }} in my github-pages-deploy-action configuration, the run would fail, stating "Permission to EricEzaM/godot-github-overview.git denied to EricEzaM-bot". Hmm... not ideal.

After a bit of Googling and reading, I found that switching to using a SSH deploy key rather than the token worked, for some seemingly unknown reason. I followed the steps in the documentation for the GH pages deploy action; generating a public/private key pair using the credentials of my bot account, then adding the public key as a "Deploy Key" in the repository, and the private key as a secret called DEPLOY_KEY. Don't forget, when you copy the keys include the newlines at the end of each, as well as the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- text.

When I tried this I was still getting issues. The deploy worked, but it was in the repo owner account name (my main account, EricEzaM). The last thing I tried was adding the git-config-name and git-config-email for the bot account to override the defaults. At last, it worked. My final GH pages deploy action looked like this:

# GH Pages Deployment
  - name: GH Pages Deployment
    uses: JamesIves/github-pages-deploy-action@releases/v4
    with:
      git-config-name: EricEzaM-bot
      git-config-email: 86031079+EricEzaM-bot@users.noreply.github.com
      ssh-key: ${{ secrets.DEPLOY_KEY }}
      branch: gh-pages
      folder: ./web-frontend
      single-commit: true

Summing up

So, now my automated deploys are no longer in my main account's name and my profile contribution graph will be artificially inflated no longer... (yay?)

This is probably a pretty niche issue, but it was something I spent a bit of time on figuring out - so hopefully it helps someone else out there!