search

eclipse-tycho / .eclipsefdn

Repository to host configurations related to the Eclipse Foundation.
https://eclipse-tycho.github.io/.eclipsefdn/
0 stars 1 forks source link

Enable branch protection and auto merge #1

Closed laeubi closed 9 months ago

laeubi commented 9 months ago

This enables branch protection and automerge

github-actions[bot] commented 9 months ago
Diff for 5c939365ff61fe8649edf2f70b1e927f6418acc3: ```diff Printing local diff: Actions are indicated with the following symbols: + create ! modify ! forced update - delete Organization technology.tycho[id=eclipse-tycho] there have been 3 validation infos, enable verbose output with '-v' to to display them. ! repository[name="tycho"] { ! allow_auto_merge = false -> true ! allow_merge_commit = true -> false ! homepage = "" -> "https://tycho.eclipseprojects.io" ! topics = "['build-tool', 'eclipse', 'java']" -> "['build-tool', 'eclipse', 'java', 'maven', 'OSGi']" ! } + add repo_ruleset[name="main", repository="tycho"] { + allows_creations = false + allows_deletions = false + allows_force_pushes = false + allows_updates = true + bypass_actors = [ + "@eclipse-tycho/technology-tycho-committers" + ], + dismisses_stale_reviews = true + enforcement = "active" + exclude_refs = [] + include_refs = [ + "refs/heads/main" + ], + name = "main" + required_approving_review_count = "0" + required_status_checks = [ + "eclipse-eca-validation:eclipsefdn/eca" + "continuous-integration/jenkins/pr-head" + "eclipsefdn/eca" + "License vetting status check" + ], + requires_code_owner_review = false + requires_commit_signatures = false + requires_deployments = false + requires_last_push_approval = false + requires_linear_history = false + requires_pull_request = true + requires_review_thread_resolution = false + requires_status_checks = true + requires_strict_status_checks = false + } Plan: 1 to add, 4 to change, 0 to delete. ```
Canonical Diff for 5c939365ff61fe8649edf2f70b1e927f6418acc3: ```diff Showing canonical diff: Organization technology.tycho[id=eclipse-tycho] --- canonical +++ original @@ -18,8 +18,6 @@ gh_pages_build_type: "legacy" gh_pages_source_branch: "main" gh_pages_source_path: "/" - secret_scanning: "enabled" - secret_scanning_push_protection: "enabled" web_commit_signoff_required: false workflows+: { default_workflow_permissions: "write" @@ -27,7 +25,6 @@ } orgs.newRepo('tycho') { allow_auto_merge: true - allow_merge_commit: false delete_branch_on_merge: false dependabot_security_updates_enabled: true description: "Tycho project repository (tycho)" @@ -53,8 +50,6 @@ requires_review_thread_resolution: false } ] - secret_scanning: "enabled" - secret_scanning_push_protection: "enabled" secrets: [ orgs.newRepoSecret('GIST_TOKEN') { value: "********" ```
laeubi commented 9 months ago

@netomi thanks for the hints, I now updated the PR.

github-actions[bot] commented 9 months ago
Diff for 5c939365ff61fe8649edf2f70b1e927f6418acc3: ```diff Printing local diff: Actions are indicated with the following symbols: + create ! modify ! forced update - delete Organization technology.tycho[id=eclipse-tycho] there have been 3 validation infos, enable verbose output with '-v' to to display them. ! repository[name="tycho"] { ! allow_auto_merge = false -> true ! allow_merge_commit = true -> false ! homepage = "" -> "https://tycho.eclipseprojects.io" ! topics = "['build-tool', 'eclipse', 'java']" -> "['build-tool', 'eclipse', 'java', 'maven', 'OSGi']" ! } + add repo_ruleset[name="main", repository="tycho"] { + allows_creations = false + allows_deletions = false + allows_force_pushes = false + allows_updates = true + bypass_actors = [ + "@eclipse-tycho/technology-tycho-committers" + ], + dismisses_stale_reviews = true + enforcement = "active" + exclude_refs = [] + include_refs = [ + "refs/heads/main" + ], + name = "main" + required_approving_review_count = "0" + required_status_checks = [ + "eclipse-eca-validation:eclipsefdn/eca" + "continuous-integration/jenkins/pr-head" + "call-license-check / check-licenses" + ], + requires_code_owner_review = false + requires_commit_signatures = false + requires_deployments = false + requires_last_push_approval = false + requires_linear_history = false + requires_pull_request = true + requires_review_thread_resolution = false + requires_status_checks = true + requires_strict_status_checks = false + } Plan: 1 to add, 4 to change, 0 to delete. ```
Canonical Diff for 5c939365ff61fe8649edf2f70b1e927f6418acc3: ```diff Showing canonical diff: Organization technology.tycho[id=eclipse-tycho] --- canonical +++ original @@ -18,8 +18,6 @@ gh_pages_build_type: "legacy" gh_pages_source_branch: "main" gh_pages_source_path: "/" - secret_scanning: "enabled" - secret_scanning_push_protection: "enabled" web_commit_signoff_required: false workflows+: { default_workflow_permissions: "write" @@ -27,7 +25,6 @@ } orgs.newRepo('tycho') { allow_auto_merge: true - allow_merge_commit: false delete_branch_on_merge: false dependabot_security_updates_enabled: true description: "Tycho project repository (tycho)" @@ -52,8 +49,6 @@ requires_review_thread_resolution: false } ] - secret_scanning: "enabled" - secret_scanning_push_protection: "enabled" secrets: [ orgs.newRepoSecret('GIST_TOKEN') { value: "********" ```
netomi commented 9 months ago

LGTM, can some project lead approve that change?

laeubi commented 9 months ago

I approve this as PL of Tycho project, maybe @akurtakov can give approval as well.

laeubi commented 9 months ago

@netomi one thing I noticed:

I cant approve this PR because it says

Pull request authors can’t approve their own pull request

that seems a bit odd here as a PL can then never approve its own proposed changes :-D

netomi commented 9 months ago

@netomi one thing I noticed:

I cant approve this PR because it says

Pull request authors can’t approve their own pull request

that seems a bit odd here as a PL can then never approve its own proposed changes :-D

thats normal GitHub behavior. You cant approve your own PRs.

netomi commented 9 months ago

changes are live. Two minor things that I had to fix:

laeubi commented 9 months ago

@netomi thanks, anyone with write access is fine, we want to use the protection rules manly for auto merge feature and otherwhise trust that committers do the right things (e.g. only bypass checks if they are sure it will fix something very important and the check is broken).