search

ljharb / repo-report

CLI to list all repos a user has access to, and report on their configuration in aggregate.
MIT License
24 stars 11 forks source link

add metric: branch protections restrict the source #62

Closed ljharb closed 2 years ago

ljharb commented 2 years ago

Individual branch protections can now restrict to a specific source (github app) instead of "any source".

A metric we should add is "percentage of branch protections that are restricted", with the default being 100.

MaheraFurniturewala commented 2 years ago

I'd like to work on this issue.

PriyaBihani commented 2 years ago

I want to work along with Mahira on this issue.

MaheraFurniturewala commented 2 years ago

Hey @ljharb! Would be great if you could explain what you mean by - restricting to a specific source instead of "any source".

ljharb commented 2 years ago

@MaheraFurniturewala in branch protection settings:

Screen Shot 2022-03-20 at 8 50 33 PM
PriyaBihani commented 2 years ago

@ljharb Can you also explain how to calculate the percentage?

ljharb commented 2 years ago

In this example, there’s 5 checks, and 60% of them have a required source.

PriyaBihani commented 2 years ago

@ljharb Here we referring source to github remote right?

ljharb commented 2 years ago

No - the "source" in this case is the Github App generating the status check. For example, Github Actions, Codecov, etc.

PriyaBihani commented 2 years ago 
query {
  viewer {
    repositories(
      first: 100
      affiliations: [OWNER, ORGANIZATION_MEMBER, COLLABORATOR]) {
      totalCount
      pageInfo {
        endCursor
        hasNextPage
    }
    nodes {
        name
        nameWithOwner
        defaultBranchRef {
            name
            branchProtectionRule {
                allowsForcePushes
                allowsDeletions
                dismissesStaleReviews
                requiredApprovingReviewCount
                requiresApprovingReviews
                requiresCodeOwnerReviews
                requiresConversationResolution
                restrictsPushes
                                requiredStatusChecks {
                                 app {
                                     id
                                 }
                              }
            }
        }
      }
    }
  }
}

Hey @ljharb This query might be useful for getting the status checks and their apps. But I can't test it right now, as I don't have any repository that have checks and branch protection set up. Can you help me out with this?

ljharb commented 2 years ago

@PriyaBihani do you mean help you set up a repo with them? you can copy the workflow files from this repo, and then once they've ran, they'll show up as an option in branch protections. Otherwise, we can grab some pairing time after next week.