Open Mierdin opened 7 years ago
+1 on this.
It will also help us to automate st2cicd
node creation and committing new Terraform resources to ops-infra
. At the moment we need to sync up 3 places: st2cicd
, ops-infra master
and ops-infra NOMERGE/build-node
cc @bigmstone
I'm -1 to protect/unprotect. I'd rather programmatically create a PR, approve it, and merge it. This will keep a better audit trail and easier to parse diff in github. I'm going to attempt to tackle this in st2cicd and see what the limitations are. If successful someone can copy the method over for release mgmt.
Agreed, creation of a PR would be a better way to go, just a bit more work
This definitely should be automated, since applying this manually is error-prone:
note the ci/circleci: deploy (required)
task which was included by mistake by the release manager during master
unprotection/protection.
We just have found a possible easy solution for this issue.
For branch protection, Github has an option to enforce status checks for Administrators.
If unchecked, repo administrator (esteetew during the release automation) can push directly to master
.
... the only problem is that everyone is administrator.
At least release automation can check/uncheck only one single setting, instead of unprotecting entire branch configuration.
It's 1 simple API (boolean) call:
We should look into unprotecting and protecting
master
programmatically. Several workflows inst2cd
push directly tomaster
in a few repos - and currently we have to unprotect (and more importantly remember to re-protect) manually.