search

eclipse-apoapsis / .eclipsefdn

Repository to host configurations related to the Eclipse Foundation.
https://eclipse-apoapsis.github.io/.eclipsefdn/
1 stars 1 forks source link

Convert existing BPR to ruleset with merge queue #12

Closed netomi closed 2 months ago

netomi commented 2 months ago

As discussed in https://github.com/eclipse-csi/otterdog/issues/86.

eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot.

Thank you for raising a pull request to update the configuration of your GitHub organization. You can manually add reviewers to this PR to eventually enable auto-merging.

The following conditions need to fulfilled for auto-merging to be available:

Otterdog commands and options You can trigger otterdog actions by commenting on this PR: - `/otterdog team-info` checks the team / org membership for the PR author - `/otterdog validate` validates the configuration change - `/otterdog validate info` validates the configuration change, printing also validation infos - `/otterdog check-sync` checks if the base ref is in sync with live settings - `/otterdog merge` merges and applies the changes if the PR is eligible for auto-merging (only accessible for the author) - `/otterdog done` notifies the self-service bot that a required manual apply operation has been performed (only accessible for members of the admin team) - `/otterdog apply` re-apply a previously failed attempt (only accessible for members of the admin team)
eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot.

The author (netomi) of this PR is associated with this organization in the role of MEMBER.

Additionally, netomi is a member of the following teams:

eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. Please find below the validation of the requested configuration changes:

Diff for a0ba3b2e8f07754921f5d650f4a3df87e14ecce0 ```diff Organization technology.apoapsis[id=eclipse-apoapsis] ╷ │ Error: failed to load configuration │ │ failed to evaluate jsonnet file: RUNTIME ERROR: Field does not exist: newRuleset │ /app/work/tmp/tmp3sjdk0um/eclipse-apoapsis/eclipse-apoapsis.jsonnet:68:9-24 thunk from > │ Array element 0 │ Field "rulesets" │ Array element 2 │ Field "repositories" │ During manifestation ╵ ```
eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. The current configuration is in-sync with the live settings. :rocket:

eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. Please find below the validation of the requested configuration changes:

Diff for 25f432ca7e2fd12c36683ce504fdcaa0c3cada23 ```diff Additional properties are not allowed ('require_last_push_approval' was unexpected) Failed validating 'additionalProperties' in schema['properties']['repositories']['items']['properties']['rulesets']['items']: {'$id': 'repository-ruleset.json', 'type': 'object', 'properties': {'name': {'type': 'string'}, 'target': {'type': 'string'}, 'enforcement': {'type': 'string'}, 'bypass_actors': {'type': 'array', 'items': {'type': 'string'}}, 'include_refs': {'type': 'array', 'items': {'type': 'string'}}, 'exclude_refs': {'type': 'array', 'items': {'type': 'string'}}, 'allows_creations': {'type': 'boolean'}, 'allows_deletions': {'type': 'boolean'}, 'allows_updates': {'type': 'boolean'}, 'allows_force_pushes': {'type': 'boolean'}, 'requires_commit_signatures': {'type': 'boolean'}, 'requires_linear_history': {'type': 'boolean'}, 'requires_pull_request': {'type': 'boolean'}, 'required_approving_review_count': {'$ref': '#/definitions/integer_or_null'}, 'dismisses_stale_reviews': {'type': 'boolean'}, 'requires_code_owner_review': {'type': 'boolean'}, 'requires_last_push_approval': {'type': 'boolean'}, 'requires_review_thread_resolution': {'type': 'boolean'}, 'requires_deployments': {'type': 'boolean'}, 'required_deployment_environments': {'type': 'array', 'items': {'type': 'string'}}, 'requires_status_checks': {'type': 'boolean'}, 'requires_strict_status_checks': {'type': 'boolean'}, 'required_status_checks': {'type': 'array', 'items': {'type': 'string'}}, 'required_merge_queue': {'$ref': '#/definitions/merge_queue_or_null'}}, 'required': ['name', 'enforcement'], 'additionalProperties': False, 'definitions': {'integer_or_null': {'anyOf': [{'type': 'integer'}, {'type': 'null'}]}, 'merge_queue_or_null': {'anyOf': [{'$ref': '#/definitions/merge_queue'}, {'type': 'null'}]}, 'merge_queue': {'type': 'object', 'properties': {'merge_method': {'type': 'string'}, 'build_concurrency': {'type': 'integer'}, 'min_group_size': {'type': 'integer'}, 'max_group_size': {'type': 'integer'}, 'wait_time_for_minimum_group_size': {'type': 'integer'}, 'status_check_timeout': {'type': 'integer'}, 'requires_all_group_entries_to_pass_required_checks': {'type': 'boolean'}}, 'additionalProperties': False}}} On instance['repositories'][2]['rulesets'][0]: {'allows_creations': False, 'allows_deletions': False, 'allows_force_pushes': False, 'allows_updates': True, 'bypass_actors': [], 'dismisses_stale_reviews': True, 'enforcement': 'active', 'exclude_refs': [], 'include_refs': ['refs/head/main'], 'name': 'main', 'require_last_push_approval': False, 'required_approving_review_count': 1, 'required_deployment_environments': [], 'required_merge_queue': {'build_concurrency': 5, 'max_group_size': 5, 'merge_method': 'REBASE', 'min_group_size': 1, 'requires_all_group_entries_to_pass_required_checks': True, 'status_check_timeout': 60, 'wait_time_for_minimum_group_size': 5}, 'required_status_checks': ['build', 'build-ui', 'commit-lint', 'detekt-issues', 'eslint', 'integration-test', 'prettier', 'renovate-validation', 'reuse-tool', 'test', 'website-test', 'wrapper-validation'], 'requires_code_owner_review': False, 'requires_commit_signatures': False, 'requires_deployments': False, 'requires_last_push_approval': True, 'requires_linear_history': True, 'requires_pull_request': True, 'requires_review_thread_resolution': False, 'requires_status_checks': True, 'requires_strict_status_checks': False} ```
eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. The current configuration is in-sync with the live settings. :rocket:

eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. Please find below the validation of the requested configuration changes:

Diff for 428030c511517a013e5d99baf48345db030ab269 ```diff Organization technology.apoapsis[id=eclipse-apoapsis] - remove branch_protection_rule[pattern="main", repository="ort-server"] { - allows_deletions = false - allows_force_pushes = false - blocks_creations = false - bypass_force_push_allowances = [] - bypass_pull_request_allowances = [] - dismisses_stale_reviews = true - is_admin_enforced = true - lock_allows_fetch_and_merge = false - lock_branch = false - pattern = "main" - require_last_push_approval = false - required_approving_review_count = "1" - required_status_checks = [ - "build" - "build-ui" - "commit-lint" - "detekt-issues" - "eslint" - "integration-test" - "prettier" - "renovate-validation" - "reuse-tool" - "test" - "website-test" - "wrapper-validation" - ], - requires_code_owner_reviews = false - requires_commit_signatures = false - requires_conversation_resolution = false - requires_deployments = false - requires_linear_history = true - requires_pull_request = true - requires_status_checks = true - requires_strict_status_checks = false - restricts_pushes = false - restricts_review_dismissals = false - } + add repo_ruleset[name="main", repository="ort-server"] { + allows_creations = false + allows_deletions = false + allows_force_pushes = false + allows_updates = true + bypass_actors = [] + dismisses_stale_reviews = true + enforcement = "active" + exclude_refs = [] + include_refs = [ + "refs/heads/main" + ], + name = "main" + required_approving_review_count = "1" + required_merge_queue = { + build_concurrency = "5" + max_group_size = "5" + merge_method = "REBASE" + min_group_size = "1" + requires_all_group_entries_to_pass_required_checks = true + status_check_timeout = "60" + wait_time_for_minimum_group_size = "5" + } + required_status_checks = [ + "build" + "build-ui" + "commit-lint" + "detekt-issues" + "eslint" + "integration-test" + "prettier" + "renovate-validation" + "reuse-tool" + "test" + "website-test" + "wrapper-validation" + ], + requires_code_owner_review = false + requires_commit_signatures = false + requires_deployments = false + requires_last_push_approval = false + requires_linear_history = true + requires_pull_request = true + requires_review_thread_resolution = false + requires_status_checks = true + requires_strict_status_checks = false + } Plan: 1 to add, 0 to change, 1 to delete. ```
eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. The current configuration is in-sync with the live settings. :rocket:

netomi commented 2 months ago

@mnonnenmacher this should be an equivalent ruleset for your existing branch protection rule but with support for a merge queue.

I did realize that the defaults for a ruleset and branch protection are slightly different, that makes the conversion a bit cumbersome. Will look into that, thats why I had to add some more properties as before as these are enabled by default for a ruleset atm.

netomi commented 2 months ago

Actually, now that merge queues are also supported by the ECA validation service, we can also re-add that status check.

eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. Please find below the validation of the requested configuration changes:

Diff for 4964aaa13e442ebe68db4c83f4e8ca2d34268089 ```diff Organization technology.apoapsis[id=eclipse-apoapsis] - remove branch_protection_rule[pattern="main", repository="ort-server"] { - allows_deletions = false - allows_force_pushes = false - blocks_creations = false - bypass_force_push_allowances = [] - bypass_pull_request_allowances = [] - dismisses_stale_reviews = true - is_admin_enforced = true - lock_allows_fetch_and_merge = false - lock_branch = false - pattern = "main" - require_last_push_approval = false - required_approving_review_count = "1" - required_status_checks = [ - "build" - "build-ui" - "commit-lint" - "detekt-issues" - "eslint" - "integration-test" - "prettier" - "renovate-validation" - "reuse-tool" - "test" - "website-test" - "wrapper-validation" - ], - requires_code_owner_reviews = false - requires_commit_signatures = false - requires_conversation_resolution = false - requires_deployments = false - requires_linear_history = true - requires_pull_request = true - requires_status_checks = true - requires_strict_status_checks = false - restricts_pushes = false - restricts_review_dismissals = false - } + add repo_ruleset[name="main", repository="ort-server"] { + allows_creations = false + allows_deletions = false + allows_force_pushes = false + allows_updates = true + bypass_actors = [] + dismisses_stale_reviews = true + enforcement = "active" + exclude_refs = [] + include_refs = [ + "refs/heads/main" + ], + name = "main" + required_approving_review_count = "1" + required_merge_queue = { + build_concurrency = "5" + max_group_size = "5" + merge_method = "REBASE" + min_group_size = "1" + requires_all_group_entries_to_pass_required_checks = true + status_check_timeout = "60" + wait_time_for_minimum_group_size = "5" + } + required_status_checks = [ + "eclipse-eca-validation:eclipsefdn/eca" + "build" + "build-ui" + "commit-lint" + "detekt-issues" + "eslint" + "integration-test" + "prettier" + "renovate-validation" + "reuse-tool" + "test" + "website-test" + "wrapper-validation" + ], + requires_code_owner_review = false + requires_commit_signatures = false + requires_deployments = false + requires_last_push_approval = false + requires_linear_history = true + requires_pull_request = true + requires_review_thread_resolution = false + requires_status_checks = true + requires_strict_status_checks = false + } Plan: 1 to add, 0 to change, 1 to delete. ```
eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. The current configuration is in-sync with the live settings. :rocket:

eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. Please find below the validation of the requested configuration changes:

Diff for f527162072427f5dc9532ce02eb8772e548091a0 ```diff Organization technology.apoapsis[id=eclipse-apoapsis] - remove branch_protection_rule[pattern="main", repository="ort-server"] { - allows_deletions = false - allows_force_pushes = false - blocks_creations = false - bypass_force_push_allowances = [] - bypass_pull_request_allowances = [] - dismisses_stale_reviews = true - is_admin_enforced = true - lock_allows_fetch_and_merge = false - lock_branch = false - pattern = "main" - require_last_push_approval = false - required_approving_review_count = "1" - required_status_checks = [ - "build" - "build-ui" - "commit-lint" - "detekt-issues" - "eslint" - "integration-test" - "prettier" - "renovate-validation" - "reuse-tool" - "test" - "website-test" - "wrapper-validation" - ], - requires_code_owner_reviews = false - requires_commit_signatures = false - requires_conversation_resolution = false - requires_deployments = false - requires_linear_history = true - requires_pull_request = true - requires_status_checks = true - requires_strict_status_checks = false - restricts_pushes = false - restricts_review_dismissals = false - } + add repo_ruleset[name="main", repository="ort-server"] { + allows_creations = false + allows_deletions = false + allows_force_pushes = false + allows_updates = true + bypass_actors = [] + enforcement = "active" + exclude_refs = [] + include_refs = [ + "refs/heads/main" + ], + name = "main" + required_merge_queue = { + build_concurrency = "5" + max_group_size = "5" + merge_method = "REBASE" + min_group_size = "1" + requires_all_group_entries_to_pass_required_checks = true + status_check_timeout = "60" + wait_time_for_minimum_group_size = "5" + } + required_pull_request = { + dismisses_stale_reviews = true + required_approving_review_count = "1" + requires_code_owner_review = false + requires_last_push_approval = false + requires_review_thread_resolution = false + } + required_status_checks = [ + "eclipse-eca-validation:eclipsefdn/eca" + "build" + "build-ui" + "commit-lint" + "detekt-issues" + "eslint" + "integration-test" + "prettier" + "renovate-validation" + "reuse-tool" + "test" + "website-test" + "wrapper-validation" + ], + requires_commit_signatures = false + requires_deployments = false + requires_linear_history = true + requires_status_checks = true + requires_strict_status_checks = false + } Plan: 1 to add, 0 to change, 1 to delete. ```
eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. The current configuration is in-sync with the live settings. :rocket:

netomi commented 2 months ago

the default config has been updated to be aligned with the default settings for a branch protection rule. Now the conversion should be much easier.

Furthermore, I grouped now settings related to requiring a pull request into an embedded object to make sense easier to understand and configure, similar to what has been done for merge queues.

netomi commented 2 months ago

/otterdog validate

eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. Please find below the validation of the requested configuration changes:

Diff for 6eeb0664772c27a55241dde6723aa875803c16f4 ```diff Organization technology.apoapsis[id=eclipse-apoapsis] - remove branch_protection_rule[pattern="main", repository="ort-server"] { - allows_deletions = false - allows_force_pushes = false - blocks_creations = false - bypass_force_push_allowances = [] - bypass_pull_request_allowances = [] - dismisses_stale_reviews = true - is_admin_enforced = true - lock_allows_fetch_and_merge = false - lock_branch = false - pattern = "main" - require_last_push_approval = false - required_approving_review_count = "1" - required_status_checks = [ - "build" - "build-ui" - "commit-lint" - "detekt-issues" - "eslint" - "integration-test" - "prettier" - "renovate-validation" - "reuse-tool" - "test" - "website-test" - "wrapper-validation" - ], - requires_code_owner_reviews = false - requires_commit_signatures = false - requires_conversation_resolution = false - requires_deployments = false - requires_linear_history = true - requires_pull_request = true - requires_status_checks = true - requires_strict_status_checks = false - restricts_pushes = false - restricts_review_dismissals = false - } + add repo_ruleset[name="main", repository="ort-server"] { + allows_creations = false + allows_deletions = false + allows_force_pushes = false + allows_updates = true + bypass_actors = [] + enforcement = "active" + exclude_refs = [] + include_refs = [ + "refs/heads/main" + ], + name = "main" + required_merge_queue = { + build_concurrency = "5" + max_group_size = "5" + merge_method = "REBASE" + min_group_size = "1" + requires_all_group_entries_to_pass_required_checks = true + status_check_timeout = "60" + wait_time_for_minimum_group_size = "5" + } + required_pull_request = { + dismisses_stale_reviews = true + required_approving_review_count = "1" + requires_code_owner_review = false + requires_last_push_approval = false + requires_review_thread_resolution = false + } + required_status_checks = [ + "build" + "build-ui" + "commit-lint" + "detekt-issues" + "eslint" + "integration-test" + "prettier" + "renovate-validation" + "reuse-tool" + "test" + "website-test" + "wrapper-validation" + ], + requires_commit_signatures = false + requires_deployments = false + requires_linear_history = true + requires_status_checks = true + requires_strict_status_checks = false + } Plan: 1 to add, 0 to change, 1 to delete. ```
netomi commented 2 months ago

/otterdog check-sync

eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot. The current configuration is in-sync with the live settings. :rocket:

eclipse-otterdog[bot] commented 2 months ago

This is your friendly self-service bot.

The following changes have been successfully applied:


Organization technology.apoapsis[id=eclipse-apoapsis]

-  remove branch_protection_rule[pattern="main", repository="ort-server"] {
-    allows_deletions                  = false
-    allows_force_pushes               = false
-    blocks_creations                  = false
-    bypass_force_push_allowances      = []
-    bypass_pull_request_allowances    = []
-    dismisses_stale_reviews           = true
-    is_admin_enforced                 = true
-    lock_allows_fetch_and_merge       = false
-    lock_branch                       = false
-    pattern                           = "main"
-    require_last_push_approval        = false
-    required_approving_review_count   = "1"
-    required_status_checks            = [
-      "build"
-      "build-ui"
-      "commit-lint"
-      "detekt-issues"
-      "eslint"
-      "integration-test"
-      "prettier"
-      "renovate-validation"
-      "reuse-tool"
-      "test"
-      "website-test"
-      "wrapper-validation"
-    ],
-    requires_code_owner_reviews       = false
-    requires_commit_signatures        = false
-    requires_conversation_resolution  = false
-    requires_deployments              = false
-    requires_linear_history           = true
-    requires_pull_request             = true
-    requires_status_checks            = true
-    requires_strict_status_checks     = false
-    restricts_pushes                  = false
-    restricts_review_dismissals       = false
-  }

+  add repo_ruleset[name="main", repository="ort-server"] {
+    allows_creations                  = false
+    allows_deletions                  = false
+    allows_force_pushes               = false
+    allows_updates                    = true
+    bypass_actors                     = []
+    enforcement                       = "active"
+    exclude_refs                      = []
+    include_refs                      = [
+      "refs/heads/main"
+    ],
+    name                              = "main"
+    required_merge_queue              = {
+      build_concurrency                 = "5"
+      max_group_size                    = "5"
+      merge_method                      = "REBASE"
+      min_group_size                    = "1"
+      requires_all_group_entries_to_pass_required_checks = true
+      status_check_timeout              = "60"
+      wait_time_for_minimum_group_size  = "5"
+    }
+    required_pull_request             = {
+      dismisses_stale_reviews           = true
+      required_approving_review_count   = "1"
+      requires_code_owner_review        = false
+      requires_last_push_approval       = false
+      requires_review_thread_resolution = false
+    }
+    required_status_checks            = [
+      "build"
+      "build-ui"
+      "commit-lint"
+      "detekt-issues"
+      "eslint"
+      "integration-test"
+      "prettier"
+      "renovate-validation"
+      "reuse-tool"
+      "test"
+      "website-test"
+      "wrapper-validation"
+    ],
+    requires_commit_signatures        = false
+    requires_deployments              = false
+    requires_linear_history           = true
+    requires_status_checks            = true
+    requires_strict_status_checks     = false
+  }

  Applying changes:

  Done.

  Executed plan: 1 added, 0 changed, 1 deleted.
netomi commented 2 months ago

Merge Queue has been correctly applied:

image

netomi commented 2 months ago

the structuring of the settings also is much nicer with rulesets, backporting this to branch protection rules will be some work as we would need to adjust all existing configurations.

mnonnenmacher commented 1 month ago

the structuring of the settings also is much nicer with rulesets, backporting this to branch protection rules will be some work as we would need to adjust all existing configurations.

To me there is no need to backport this if rulesets are the future anyway.

  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.