From f66ab4813915db6000dc59045bf4ebffe1b9eae4 Mon Sep 17 00:00:00 2001 From: victorbjelkholm Date: Mon, 7 May 2018 11:43:16 +0200 Subject: [PATCH] More relaxed branch protection Ref: https://github.com/ipfs/aegir/issues/225 License: MIT Signed-off-by: Victor Bjelkholm --- checks/github_branch_protection.go | 103 ++++++++++++++++++----------- 1 file changed, 63 insertions(+), 40 deletions(-) diff --git a/checks/github_branch_protection.go b/checks/github_branch_protection.go index 7d315d0..773c722 100644 --- a/checks/github_branch_protection.go +++ b/checks/github_branch_protection.go @@ -20,47 +20,70 @@ import ( // "restricts who can push to this branch" func GithubBranchProtection(client *github.Client, repo *github.Repository) bool { + // Skipping most of the protections for now + // Ref: https://github.com/ipfs/aegir/issues/225 + + // ctx := context.Background() + // protection, res, err := client.Repositories.GetBranchProtection(ctx, repo.GetOwner().GetLogin(), repo.GetName(), "master") + // if err != nil && res.StatusCode != 404 { + // panic(err) + // } + // hasProtection := protection != nil + // // Attempt to fix protection if none exists + // // TODO should check individual rules to see if they are correct + // if !hasProtection { + // Fix protection + preq := &github.ProtectionRequest{ + RequiredStatusChecks: &github.RequiredStatusChecks{ + Strict: true, + Contexts: []string{}, + // Contexts: []string{"continuous-integration/jenkins/pr-merge"}, + }, + RequiredPullRequestReviews: nil, + // RequiredPullRequestReviews: &github.PullRequestReviewsEnforcementRequest{ + // DismissalRestrictionsRequest: &github.DismissalRestrictionsRequest{ + // Users: &[]string{}, + // Teams: &[]string{}, + // }, + // DismissStaleReviews: true, + // // TODO change this once we have code owners (dx wants to own tests for example) + // RequireCodeOwnerReviews: false, + // }, + EnforceAdmins: false, + Restrictions: &github.BranchRestrictionsRequest{ + Users: []string{ + // From https://github.com/ipfs/pm/issues/600#issuecomment-385674334 + "diasdavid", + "VictorBjelkholm", + "olizilla", + "hacdias", + "vmx", + "kumavis", + "wanderer", + "pgte", + "dignifiedquire", + "jacobheun", + "achingbrain", + "alanshaw", + }, + Teams: []string{}, + }, + } ctx := context.Background() - protection, res, err := client.Repositories.GetBranchProtection(ctx, repo.GetOwner().GetLogin(), repo.GetName(), "master") - if err != nil && res.StatusCode != 404 { - panic(err) + _, res, err := client.Repositories.UpdateBranchProtection(ctx, repo.GetOwner().GetLogin(), repo.GetName(), "master", preq) + if res.StatusCode == 404 { + log.Println(res.String()) + log.Println("Repo missing master branch???") + return false } - hasProtection := protection != nil - // Attempt to fix protection if none exists - // TODO should check individual rules to see if they are correct - if !hasProtection { - // Fix protection - preq := &github.ProtectionRequest{ - RequiredStatusChecks: &github.RequiredStatusChecks{ - Strict: true, - Contexts: []string{"continuous-integration/jenkins/pr-merge"}, - }, - RequiredPullRequestReviews: &github.PullRequestReviewsEnforcementRequest{ - DismissalRestrictionsRequest: &github.DismissalRestrictionsRequest{ - Users: &[]string{}, - Teams: &[]string{}, - }, - DismissStaleReviews: true, - // TODO change this once we have code owners (dx wants to own tests for example) - RequireCodeOwnerReviews: false, - }, - EnforceAdmins: true, - Restrictions: nil, - } - ctx := context.Background() - _, res, err := client.Repositories.UpdateBranchProtection(ctx, repo.GetOwner().GetLogin(), repo.GetName(), "master", preq) - if res.StatusCode == 404 { - log.Println(res.String()) - log.Println("Repo missing master branch???") - return false - } - if err != nil { - panic(err) - } - // Call to check if it's been fixed now (should be!) - return GithubBranchProtection(client, repo) + if err != nil { + panic(err) } - log.Print("Has protection? ", hasProtection) - // Should always return true as if fails, we should fix them - return hasProtection + // Call to check if it's been fixed now (should be!) + return true + // return GithubBranchProtection(client, repo) + // } + // log.Print("Has protection? ", hasProtection) + // // Should always return true as if fails, we should fix them + // return hasProtection }