Migrate branch protections configuration to YAML

Author: empty-codes

ccos/norm/branch_protections.yml

@@ -0,0 +1,19 @@
+EXEMPT_REPOSITORIES:
+  # special purpose repo
+  - australian-chapter
+  # exempted for bot pushes to default branch
+  - creativecommons.github.io-source
+  # exempted for bot pushes to default branch
+  - creativecommons.github.io
+  # special purpose repo
+  - global-network-strategy
+  # special purpose repo
+  - network-platforms
+  # special purpose repo
+  - sre-wiki-js
+  # special purpose repo
+  - tech-support
+
+REQUIRED_STATUS_CHECK_MAP:
+  creativecommons.github.io-source:
+    - Build and Deploy CC Open Source

normalize_repos.py

@@ -17,7 +17,6 @@
 # First-party/Local
 import ccos.log
 from ccos import gh_utils
-from ccos.norm import branch_protections
 from ccos.norm.get_labels import get_labels, get_required_label_groups
 from ccos.norm.set_labels import set_labels
 from ccos.norm.validate_issues import validate_issues
@@ -93,6 +92,12 @@ def is_engineering_project(repo):
     return metadata.get("engineering_project", False)
 
 
+def load_branch_protection_config():
+    with open('branch_protections.yaml', 'r') as file:
+        config = yaml.safe_load(file)
+    return config
+
+
 def update_branch_protection(repo):
     try:
         default_branch = repo.get_branch(repo.default_branch)
@@ -102,20 +107,23 @@ def update_branch_protection(repo):
             return
         else:
             raise
+    config = load_branch_protection_config()
+    exempt_repositories = config['EXEMPT_REPOSITORIES']
+    required_status_check_map = config['REQUIRED_STATUS_CHECK_MAP']
     if (
-        repo.name not in branch_protections.EXEMPT_REPOSITORIES
+        repo.name not in exempt_repositories
         and is_engineering_project(repo)
     ):
         LOG.info(f"{repo.name}: updating branch protections")
         # The following empty *_bypass_pull_request_allowance arguments ensure
         # the required bypass_pull_request_allowances API parameter is
         # populated:
         # https://docs.github.com/rest/branches/branch-protection#update-branch-protection
-        if repo.name in branch_protections.REQUIRED_STATUS_CHECK_MAP:
+        if repo.name in required_status_check_map:
             default_branch.edit_protection(
                 required_approving_review_count=1,
                 user_push_restrictions=[],
-                contexts=branch_protections.REQUIRED_STATUS_CHECK_MAP[
+                contexts=required_status_check_map[
                     repo.name
                 ],
                 users_bypass_pull_request_allowances=[],