Skip to content

Migrate branch protections configuration to YAML #222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 3, 2024
Merged

Migrate branch protections configuration to YAML #222

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cf18dcf
Migrate branch protections configuration to YAML
empty-codes Oct 2, 2024
da648be
Fix missing branch_protections.yaml path error
empty-codes Oct 3, 2024
1dc25ed
Add quantifying repo to exempt repos and Remove unused branch_protect…
empty-codes Oct 3, 2024
74c4b79
Merge branch 'main' into Feature-Improve-branch-protections
TimidRobot Oct 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 0 additions & 22 deletions ccos/norm/branch_protections.py
View file
Open in desktop

This file was deleted.

21 changes: 21 additions & 0 deletions ccos/norm/branch_protections.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
EXEMPT_REPOSITORIES:
# special purpose repo
- australian-chapter
# exempted for bot pushes to default branch
- creativecommons.github.io-source
# exempted for bot pushes to default branch
- creativecommons.github.io
# special purpose repo
- global-network-strategy
# special purpose repo
- network-platforms
# exempted for bot pushes to default branch
- quantifying
# special purpose repo
- sre-wiki-js
# special purpose repo
- tech-support

REQUIRED_STATUS_CHECK_MAP:
creativecommons.github.io-source:
- Build and Deploy CC Open Source
21 changes: 12 additions & 9 deletions normalize_repos.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
# First-party/Local
import ccos.log
from ccos import gh_utils
from ccos.norm import branch_protections
from ccos.norm.get_labels import get_labels, get_required_label_groups
from ccos.norm.set_labels import set_labels
from ccos.norm.validate_issues import validate_issues
Expand Down Expand Up @@ -93,6 +92,12 @@ def is_engineering_project(repo):
return metadata.get("engineering_project", False)


def load_branch_protection_config():
with open("ccos/norm/branch_protections.yml", "r") as file:
config = yaml.safe_load(file)
return config


def update_branch_protection(repo):
try:
default_branch = repo.get_branch(repo.default_branch)
Expand All @@ -102,22 +107,20 @@ def update_branch_protection(repo):
return
else:
raise
if (
repo.name not in branch_protections.EXEMPT_REPOSITORIES
and is_engineering_project(repo)
):
config = load_branch_protection_config()
exempt_repositories = config["EXEMPT_REPOSITORIES"]
required_status_check_map = config["REQUIRED_STATUS_CHECK_MAP"]
if repo.name not in exempt_repositories and is_engineering_project(repo):
LOG.info(f"{repo.name}: updating branch protections")
# The following empty *_bypass_pull_request_allowance arguments ensure
# the required bypass_pull_request_allowances API parameter is
# populated:
# https://docs.github.com/rest/branches/branch-protection#update-branch-protection
if repo.name in branch_protections.REQUIRED_STATUS_CHECK_MAP:
if repo.name in required_status_check_map:
default_branch.edit_protection(
required_approving_review_count=1,
user_push_restrictions=[],
contexts=branch_protections.REQUIRED_STATUS_CHECK_MAP[
repo.name
],
contexts=required_status_check_map[repo.name],
users_bypass_pull_request_allowances=[],
teams_bypass_pull_request_allowances=[],
apps_bypass_pull_request_allowances=[],
Expand Down