From cf18dcfd820267d38868b8c3eb9535a7fb3a8474 Mon Sep 17 00:00:00 2001
From: empty-codes <morayotimothy@gmail.com>
Date: Wed, 2 Oct 2024 22:04:08 +0100
Subject: [PATCH 1/3] Migrate branch protections configuration to YAML

---
 ccos/norm/branch_protections.yml | 19 +++++++++++++++++++
 normalize_repos.py               | 16 ++++++++++++----
 2 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 ccos/norm/branch_protections.yml

diff --git a/ccos/norm/branch_protections.yml b/ccos/norm/branch_protections.yml
new file mode 100644
index 0000000..61660ca
--- /dev/null
+++ b/ccos/norm/branch_protections.yml
@@ -0,0 +1,19 @@
+EXEMPT_REPOSITORIES:
+  # special purpose repo
+  - australian-chapter
+  # exempted for bot pushes to default branch
+  - creativecommons.github.io-source
+  # exempted for bot pushes to default branch
+  - creativecommons.github.io
+  # special purpose repo
+  - global-network-strategy
+  # special purpose repo
+  - network-platforms
+  # special purpose repo
+  - sre-wiki-js
+  # special purpose repo
+  - tech-support
+
+REQUIRED_STATUS_CHECK_MAP:
+  creativecommons.github.io-source:
+    - Build and Deploy CC Open Source
diff --git a/normalize_repos.py b/normalize_repos.py
index a5e6fef..028224e 100755
--- a/normalize_repos.py
+++ b/normalize_repos.py
@@ -17,7 +17,6 @@
 # First-party/Local
 import ccos.log
 from ccos import gh_utils
-from ccos.norm import branch_protections
 from ccos.norm.get_labels import get_labels, get_required_label_groups
 from ccos.norm.set_labels import set_labels
 from ccos.norm.validate_issues import validate_issues
@@ -93,6 +92,12 @@ def is_engineering_project(repo):
     return metadata.get("engineering_project", False)
 
 
+def load_branch_protection_config():
+    with open('branch_protections.yaml', 'r') as file:
+        config = yaml.safe_load(file)
+    return config
+
+
 def update_branch_protection(repo):
     try:
         default_branch = repo.get_branch(repo.default_branch)
@@ -102,8 +107,11 @@ def update_branch_protection(repo):
             return
         else:
             raise
+    config = load_branch_protection_config()
+    exempt_repositories = config['EXEMPT_REPOSITORIES']
+    required_status_check_map = config['REQUIRED_STATUS_CHECK_MAP']
     if (
-        repo.name not in branch_protections.EXEMPT_REPOSITORIES
+        repo.name not in exempt_repositories
         and is_engineering_project(repo)
     ):
         LOG.info(f"{repo.name}: updating branch protections")
@@ -111,11 +119,11 @@ def update_branch_protection(repo):
         # the required bypass_pull_request_allowances API parameter is
         # populated:
         # https://docs.github.com/rest/branches/branch-protection#update-branch-protection
-        if repo.name in branch_protections.REQUIRED_STATUS_CHECK_MAP:
+        if repo.name in required_status_check_map:
             default_branch.edit_protection(
                 required_approving_review_count=1,
                 user_push_restrictions=[],
-                contexts=branch_protections.REQUIRED_STATUS_CHECK_MAP[
+                contexts=required_status_check_map[
                     repo.name
                 ],
                 users_bypass_pull_request_allowances=[],

From da648be75e6b5d0327dca650cd3c1dd43be9716f Mon Sep 17 00:00:00 2001
From: empty-codes <morayotimothy@gmail.com>
Date: Thu, 3 Oct 2024 17:00:05 +0100
Subject: [PATCH 2/3] Fix missing branch_protections.yaml path error

---
 normalize_repos.py | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/normalize_repos.py b/normalize_repos.py
index 028224e..79f0d82 100755
--- a/normalize_repos.py
+++ b/normalize_repos.py
@@ -93,7 +93,7 @@ def is_engineering_project(repo):
 
 
 def load_branch_protection_config():
-    with open('branch_protections.yaml', 'r') as file:
+    with open("branch_protections.yml", "r") as file:
         config = yaml.safe_load(file)
     return config
 
@@ -108,12 +108,9 @@ def update_branch_protection(repo):
         else:
             raise
     config = load_branch_protection_config()
-    exempt_repositories = config['EXEMPT_REPOSITORIES']
-    required_status_check_map = config['REQUIRED_STATUS_CHECK_MAP']
-    if (
-        repo.name not in exempt_repositories
-        and is_engineering_project(repo)
-    ):
+    exempt_repositories = config["EXEMPT_REPOSITORIES"]
+    required_status_check_map = config["REQUIRED_STATUS_CHECK_MAP"]
+    if repo.name not in exempt_repositories and is_engineering_project(repo):
         LOG.info(f"{repo.name}: updating branch protections")
         # The following empty *_bypass_pull_request_allowance arguments ensure
         # the required bypass_pull_request_allowances API parameter is
@@ -123,9 +120,7 @@ def update_branch_protection(repo):
             default_branch.edit_protection(
                 required_approving_review_count=1,
                 user_push_restrictions=[],
-                contexts=required_status_check_map[
-                    repo.name
-                ],
+                contexts=required_status_check_map[repo.name],
                 users_bypass_pull_request_allowances=[],
                 teams_bypass_pull_request_allowances=[],
                 apps_bypass_pull_request_allowances=[],

From 1dc25ed16f5114ac06b0a2ed0fd8eacab003af36 Mon Sep 17 00:00:00 2001
From: empty-codes <morayotimothy@gmail.com>
Date: Thu, 3 Oct 2024 20:25:21 +0100
Subject: [PATCH 3/3] Add quantifying repo to exempt repos and Remove unused
 branch_protections.py

---
 ccos/norm/branch_protections.py  | 20 --------------------
 ccos/norm/branch_protections.yml |  2 ++
 normalize_repos.py               |  2 +-
 3 files changed, 3 insertions(+), 21 deletions(-)
 delete mode 100644 ccos/norm/branch_protections.py

diff --git a/ccos/norm/branch_protections.py b/ccos/norm/branch_protections.py
deleted file mode 100644
index 6e8f292..0000000
--- a/ccos/norm/branch_protections.py
+++ /dev/null
@@ -1,20 +0,0 @@
-EXEMPT_REPOSITORIES = [
-    # special purpose repo
-    "australian-chapter",
-    # exempted for bot pushes to default branch
-    "creativecommons.github.io-source",
-    # exempted for bot pushes to default branch
-    "creativecommons.github.io",
-    # special purpose repo
-    "global-network-strategy",
-    # special purpose repo
-    "network-platforms",
-    # special purpose repo
-    "sre-wiki-js",
-    # special purpose repo
-    "tech-support",
-]
-
-REQUIRED_STATUS_CHECK_MAP = {
-    "creativecommons.github.io-source": ["Build and Deploy CC Open Source"],
-}
diff --git a/ccos/norm/branch_protections.yml b/ccos/norm/branch_protections.yml
index 61660ca..d9ae382 100644
--- a/ccos/norm/branch_protections.yml
+++ b/ccos/norm/branch_protections.yml
@@ -9,6 +9,8 @@ EXEMPT_REPOSITORIES:
   - global-network-strategy
   # special purpose repo
   - network-platforms
+  # exempted for bot pushes to default branch
+  - quantifying
   # special purpose repo
   - sre-wiki-js
   # special purpose repo
diff --git a/normalize_repos.py b/normalize_repos.py
index 79f0d82..2ac254e 100755
--- a/normalize_repos.py
+++ b/normalize_repos.py
@@ -93,7 +93,7 @@ def is_engineering_project(repo):
 
 
 def load_branch_protection_config():
-    with open("branch_protections.yml", "r") as file:
+    with open("ccos/norm/branch_protections.yml", "r") as file:
         config = yaml.safe_load(file)
     return config