From 1dc56b977ff6173639baed1a778661b4d4cbc59f Mon Sep 17 00:00:00 2001 From: 030 Date: Sat, 2 Mar 2024 13:39:47 +0100 Subject: [PATCH] feat: [#5] Protect main branch --- README.md | 28 +++++++++++++++++++++++++++ action.yml | 23 ++++++++++++++++++++++ create-branch-protection-rule.graphql | 11 +++++++++++ update-branch-protection-rule.graphql | 19 ++++++++++++++++++ 4 files changed, 81 insertions(+) create mode 100644 create-branch-protection-rule.graphql create mode 100644 update-branch-protection-rule.graphql diff --git a/README.md b/README.md index c3bca05..164ed8d 100644 --- a/README.md +++ b/README.md @@ -44,3 +44,31 @@ variables: | settings_merge_squash | Enable merge request squash | | settings_projects | Whether the project tab should be enabled | | settings_wiki | Wiki enabled or not | + +## testing + +- [Install](https://github.com/cli/cli?tab=readme-ov-file#installation) gh cli. +- Create a read only token. +- Login: `gh auth login` + +https://gist.github.com/duboisf/68fb6e22ac0a2165ca298074f0e3b553 + +``` +gh api graphql -F repositoryId="MDEwOlJlcG9zaXRvcnkxMTUzMzI5MTE=" -F branchName='master6' -f query=' + mutation CreateBranchProtectionRule($branchName: String!, $repositoryId: ID!) { + createBranchProtectionRule(input: { + repositoryId: $repositoryId, + pattern: $branchName,requiresApprovingReviews:true, requiredApprovingReviewCount:1 + requiresCodeOwnerReviews:true, requiresStatusChecks:true, + restrictsReviewDismissals:false, allowsDeletions: false + allowsForcePushes:false + dismissesStaleReviews:true + }) { + branchProtectionRule { + id + databaseId + } + } +} + ' +``` diff --git a/action.yml b/action.yml index 9db0f6e..403c618 100644 --- a/action.yml +++ b/action.yml @@ -72,3 +72,26 @@ runs: - name: enable or disable the 'wiki' tab for ${{ inputs.project }} run: gh repo edit ${{ inputs.project }} --enable-wiki=${{ inputs.settings_wiki }} shell: bash + + - name: Set GitHub Path + run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH + shell: bash + env: + GITHUB_ACTION_PATH: ${{ github.action_path }} + - name: protect main branch + run: | + repositoryId=$(gh repo view --json id -q '.id' "${{ inputs.project }}") + echo $repositoryId + + branch_to_be_protected="main" + if gh api repos/${{ inputs.project }}/branches/${branch_to_be_protected}/protection; then + echo hello; + else + echo "main branch not protected. Protecting it now..."; + gh api graphql \ + -f query="$(cat ${GITHUB_ACTION_PATH}/create-branch-protection-rule.graphql)" \ + -F branchName="${branch_to_be_protected}" \ + -F repository="${{ inputs.project }}" + fi + + shell: bash diff --git a/create-branch-protection-rule.graphql b/create-branch-protection-rule.graphql new file mode 100644 index 0000000..a7efa05 --- /dev/null +++ b/create-branch-protection-rule.graphql @@ -0,0 +1,11 @@ +# https://docs.github.com/en/graphql/reference/input-objects#createbranchprotectionruleinput +mutation CreateBranchProtectionRule($branchName: String!, $repositoryId: ID!) { + updateBranchProtectionRule( + input: { pattern: $branchName, repositoryId: $repositoryId } + ) { + branchProtectionRule { + id + databaseId + } + } +} diff --git a/update-branch-protection-rule.graphql b/update-branch-protection-rule.graphql new file mode 100644 index 0000000..f01d9b2 --- /dev/null +++ b/update-branch-protection-rule.graphql @@ -0,0 +1,19 @@ +# https://docs.github.com/en/graphql/reference/input-objects#updatebranchprotectionruleinput +# https://docs.github.com/en/graphql/reference/objects#branchprotectionrule +mutation UpdateBranchProtectionRule( + $branchName: String! + $repository: String! +) { + branchProtectionRule( + input: { + pattern: $branchName + repository: $repository + requiresApprovingReviews: true + } + ) { + branchProtectionRule { + pattern + requiresApprovingReviews + } + } +}