search

rust-lang / team

Rust teams structure
Apache License 2.0
308 stars 284 forks source link

Add crates.io repository under automation #1305

Closed Kobzol closed 4 months ago

Kobzol commented 6 months ago

Repo: https://github.com/rust-lang/crates.io

Here we can see a case where both bors and the crates-io team had an explicit permission to push to master:

allowed-merge-teams = [
    "bors",
    "crates-io",
]

which we can now automate (bors is added to these teams automatically, that's why it's missing in the PR).

However, master didn't require a PR before. I thought that our automation always requires a PR for each protected branch, but now that I think of it, if we set allowed-merge-teams, which sets pushActorIds, and also restrictsPushes, then maybe this allows only pushes and not PRs? (which is how bors works?).

Extracted from GH:

org = "rust-lang"
name = "crates.io"
description = "The Rust package registry"
bots = []

[access.teams]
bots = "write"
core = "admin"
cargo = "write"
crates-io = "write"
security = "pull"
mods = "write"

[access.individuals]
ehuss = "write"
rust-highfive = "write"
rust-timer = "write"
oli-obk = "write"
epage = "write"
Turbo87 = "maintain"
rylev = "admin"
joshtriplett = "write"
Eh2406 = "write"
Mark-Simulacrum = "admin"
jdno = "admin"
mdtro = "write"
technetos = "write"
Muscraft = "write"
LawnGnome = "write"
badboy = "admin"
rustbot = "write"
rust-lang-owner = "admin"
jtgeibel = "maintain"
carols10cents = "write"
weihanglo = "write"
JohnTitor = "write"
pietroalbini = "admin"
hi-rustin = "write"
bors = "write"
arlosi = "write"

[[branch-protections]]
pattern = "main"
ci-checks = [
    "Backend / Lint",
    "Backend / Test",
    "Frontend / Lint",
    "Frontend / Test",
    "Backend / cargo-deny",
]
required-approvals = 0
pr-required = false
restrict-pushes = true
allowed-merge-teams = [
    "bors",
    "crates-io",
]
Kobzol commented 4 months ago

@Turbo87 Do you ever nees tk push to master on this repo without a PR? (Sorry if I already asked you before).

It should only be possible by bypassing branch protections, since master has CI checks configured, so it shouldn't allow you to push normally.

Turbo87 commented 4 months ago

nope, for this repo we only use PRs. that's only relevant for the index repos.

Kobzol commented 4 months ago

Ok, in that case I removed allowed-merge-teams, it probably had no meaning here.