Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for configuring protected branches #3

Closed
bkeepers opened this issue Jan 22, 2017 · 11 comments
Closed

Add support for configuring protected branches #3

bkeepers opened this issue Jan 22, 2017 · 11 comments
Labels
enhancement

Comments

@bkeepers
Copy link
Contributor

Protected branches have a lot of different toggles:

I think all of these could be configured via something like this:

protected_branches:
  master:
    required_status_checks:
      include_admins: true  # Enforce required status checks for repository administrators.
      strict: true # Require branches to be up to date before merging.
      contexts: [continuous-integration/jenkins]
    required_pull_request_reviews: true # boolean or 'non-admin'
    teams: [team1, team2]
    users: [person1, person2]
@bkeepers
Copy link
Contributor Author 

   required_pull_request_reviews: true # boolean or 'non-admin'

I'm not crazy about this syntax. This feature basically has an on/off toggle, and then on/off for also requiring admins (see api).

Here's an alternate option:

  required_pull_request_reviews: true # on for everyone
  required_pull_request_reviews: false # off for everyone

  required_pull_request_reviews:
    include_admins: false # on for all non-admins

@patcon patcon mentioned this issue Aug 8, 2017
Closed
5 tasks
@patcon
Copy link

patcon commented Aug 8, 2017

The alternative strikes me as a little nicer, fwiw :)

@danielbachhuber danielbachhuber mentioned this issue Nov 14, 2017
Closed
3 tasks
@danielbachhuber danielbachhuber mentioned this issue Dec 7, 2017
Open
@jwsloan
Copy link
Collaborator

jwsloan commented Feb 16, 2018

If we could setup protected branches this way, I think this app would be fantastic. Any idea when this enhancement might occur? Or maybe some guidance as to how someone else might make the change and get an accepted PR?

@patcon
Copy link

patcon commented Feb 16, 2018
edited
Loading

@jwsloan you can take a stab at it yourself, and even host your own app for testing.

Basically, each top-level key in this plugins config (repository, labels, contributors, team`) corresponds to a plugin file here: https://github.com/probot/settings/tree/master/lib/plugins

I believe that the github apps code just takes values corresponding to api endpoints in a really lightweight way, although you'll have to do your own research there. As I understand, anything in the API is scriptable via github apps framework.

So tl;dr, you'll want to create a new key for branches and wire it up according to the endpoint where protected branches happen: https://developer.github.com/v3/repos/branches/

Good luck! Someone who's written more apps can prob tell you more :)

EDIT: keep us posted here if you take a run at it!

@nnordrum
Copy link

We have a similar thing to probot/settings that support protected branches and the first enhancement was "branch protection templates". i.e. (I'm just taking OP's yaml for consistency)

protected_branches:
  templates:
  - pattern: release/*
    required_status_checks:
      include_admins: true  # Enforce required status checks for repository administrators.
      strict: true # Require branches to be up to date before merging.
      contexts: [continuous-integration/jenkins]
    required_pull_request_reviews: true # boolean or 'non-admin'
    teams: [team1, team2]
    users: [person1, person2]

You could then apply it to existing branches, or just respond to CreateEvent/branch going forward.

@jwsloan
Copy link
Collaborator

jwsloan commented Feb 21, 2018

@nnordrum that looks great, but I feel like I'm missing something. Is that something I can make use of? If so, how?

@jwsloan
Copy link
Collaborator

jwsloan commented Mar 4, 2018
edited
Loading

@patcon

Would it be awful to mirror the Update Branch Protection API docs?

It seems like I could just write a class with a sync() function that turns this yaml into JSON, and passes it directly to the API call. Am I missing something?

branches:
  master:
    protection:
      required_status_checks: 
        strict: true
        contexts: []
      enforce_admins: true
      required_pull_request_reviews:
        dismissal_restrictions:
          users: []
          teams: []
        dismiss_stale_reviews: true
        require_code_owner_reviews: true
      restrictions:
        users: []
        teams: []

@nnordrum
Copy link

nnordrum commented Mar 8, 2018

@jwsloan that's what I did 👍 #superlazy

@bkeepers
Copy link
Contributor Author

bkeepers commented Mar 8, 2018

Would it be awful to mirror the Update Branch Protection API docs?

That would be ideal, IMHO.

@jwsloan jwsloan mentioned this issue Mar 13, 2018
Merged
@jwsloan jwsloan mentioned this issue Mar 21, 2018
Merged
@stale
Copy link

stale bot commented May 7, 2018

Is this still relevant? If so, please comment with any updates or addition details.

@stale stale bot added the wontfix label May 7, 2018
@travi
Copy link
Member

travi commented May 8, 2018

i see a number of the more complex options for protected branches detailed out above, but my most common use case for simple repos is to simply mark it as protected so no one can accidentally force push. what might that simple configuration look like?

@stale stale bot removed the wontfix label May 8, 2018
@travi travi mentioned this issue Jun 10, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bkeepers @travi @patcon @nnordrum @jwsloan