search

laminas / technical-steering-committee

Laminas Project Technical Steering Committee organization and processes.
BSD 3-Clause "New" or "Revised" License
39 stars 23 forks source link

Add branch protection for release branches #71

Open Slamdunk opened 3 years ago

Slamdunk commented 3 years ago

See https://github.com/laminas/automatic-releases/issues/126

Here's a sample script to batch apply the allow_force_pushes:false rule to every laminas repository.

It must be done by someone with admin privileges over all repositories.

#!/bin/bash
set -ex

cd "$(mktemp -d)" || exit 1

GITHUB_TOKEN=xxx

curl \
    -H "Accept: application/vnd.github.v3+json" \
    -H "Authorization: token $GITHUB_TOKEN" \
    https://api.github.com/orgs/laminas/repos \
    > repos.json

for repo in $(jq -c '{name:.[].name,default_branch:.[].default_branch}' repos.json); do
    repo_name="$(echo "$repo" | jq .name)"
    repo_default_branch="$(echo "$repo" | jq .default_branch)"

    curl \
        -X PUT \
        -H "Accept: application/vnd.github.v3+json" \
        -H "Authorization: token $GITHUB_TOKEN" \
        "https://api.github.com/repos/laminas/$repo_name/branches/$repo_default_branch/protection" \
        -d '{"branch":"*.*.x","allow_force_pushes":false}'

    break # To test it on the first repo
done

We should also write a note somewhere for new repositories.

UPDATE

If this is going to be discussed in the TSC agenda, it's worth discussion all the available features, see https://docs.github.com/en/github/administering-a-repository/about-protected-branches#about-branch-protection-settings

weierophinney commented 3 years ago

This is something we need to discuss in the TSC before applying. Could you create a PR against the next meeting agenda for us to discuss (https://github.com/laminas/technical-steering-committee — agenda is meetings/agenda.md)? And then, if you can, attend the next meeting (2021-04-05 at 19:00UTC) to discuss.

Thanks!