feat: [#5] Protect main branch

030 · Mar 2, 2024 · 1dc56b9 · 1dc56b9
1 parent 4e1ef11
commit 1dc56b9
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -44,3 +44,31 @@ variables:
 | settings_merge_squash | Enable merge request squash |
 | settings_projects | Whether the project tab should be enabled |
 | settings_wiki | Wiki enabled or not |
+
+## testing
+
+- [Install](https://github.com/cli/cli?tab=readme-ov-file#installation) gh cli.
+- Create a read only token.
+- Login: `gh auth login`
+
+https://gist.github.com/duboisf/68fb6e22ac0a2165ca298074f0e3b553
+
+```
+gh api graphql -F repositoryId="MDEwOlJlcG9zaXRvcnkxMTUzMzI5MTE=" -F branchName='master6' -f query='
+ mutation CreateBranchProtectionRule($branchName: String!, $repositoryId: ID!) {
+ createBranchProtectionRule(input: {
+ repositoryId: $repositoryId,
+ pattern: $branchName,requiresApprovingReviews:true, requiredApprovingReviewCount:1
+ requiresCodeOwnerReviews:true, requiresStatusChecks:true,
+ restrictsReviewDismissals:false, allowsDeletions: false
+ allowsForcePushes:false
+ dismissesStaleReviews:true
+ }) {
+ branchProtectionRule {
+ id
+ databaseId
+ }
+ }
+}
+ '
+```
diff --git a/action.yml b/action.yml
@@ -72,3 +72,26 @@ runs:
  - name: enable or disable the 'wiki' tab for ${{ inputs.project }}
  run: gh repo edit ${{ inputs.project }} --enable-wiki=${{ inputs.settings_wiki }}
  shell: bash
+
+ - name: Set GitHub Path
+ run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
+ shell: bash
+ env:
+ GITHUB_ACTION_PATH: ${{ github.action_path }}
+ - name: protect main branch
+ run: |
+ repositoryId=$(gh repo view --json id -q '.id' "${{ inputs.project }}")
+ echo $repositoryId
+
+ branch_to_be_protected="main"
+ if gh api repos/${{ inputs.project }}/branches/${branch_to_be_protected}/protection; then
+ echo hello;
+ else
+ echo "main branch not protected. Protecting it now...";
+ gh api graphql \
+ -f query="$(cat ${GITHUB_ACTION_PATH}/create-branch-protection-rule.graphql)" \
+ -F branchName="${branch_to_be_protected}" \
+ -F repository="${{ inputs.project }}"
+ fi
+
+ shell: bash
diff --git a/create-branch-protection-rule.graphql b/create-branch-protection-rule.graphql
@@ -0,0 +1,11 @@
+# https://docs.github.com/en/graphql/reference/input-objects#createbranchprotectionruleinput
+mutation CreateBranchProtectionRule($branchName: String!, $repositoryId: ID!) {
+ updateBranchProtectionRule(
+ input: { pattern: $branchName, repositoryId: $repositoryId }
+ ) {
+ branchProtectionRule {
+ id
+ databaseId
+ }
+ }
+}
diff --git a/update-branch-protection-rule.graphql b/update-branch-protection-rule.graphql
@@ -0,0 +1,19 @@
+# https://docs.github.com/en/graphql/reference/input-objects#updatebranchprotectionruleinput
+# https://docs.github.com/en/graphql/reference/objects#branchprotectionrule
+mutation UpdateBranchProtectionRule(
+ $branchName: String!
+ $repository: String!
+) {
+ branchProtectionRule(
+ input: {
+ pattern: $branchName
+ repository: $repository
+ requiresApprovingReviews: true
+ }
+ ) {
+ branchProtectionRule {
+ pattern
+ requiresApprovingReviews
+ }
+ }
+}