feat: [#5] Protect main branch

030 · Mar 2, 2024 · db58f9b · db58f9b
1 parent 4e1ef11
commit db58f9b
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -2,6 +2,8 @@
 
 Settings Action that will configure the settings of a GitHub repository.
 
+https://docs.github.com/en/graphql/reference/input-objects#createbranchprotectionruleinput
+
 ## usage
 
 Create a `~/.github/workflows/settings-guard.yml` file:
@@ -44,3 +46,31 @@ variables:
 | settings_merge_squash | Enable merge request squash |
 | settings_projects | Whether the project tab should be enabled |
 | settings_wiki | Wiki enabled or not |
+
+## testing
+
+- [Install](https://github.com/cli/cli?tab=readme-ov-file#installation) gh cli.
+- Create a read only token.
+- Login: `gh auth login`
+
+https://gist.github.com/duboisf/68fb6e22ac0a2165ca298074f0e3b553
+
+```
+gh api graphql -F repositoryId="MDEwOlJlcG9zaXRvcnkxMTUzMzI5MTE=" -F branchName='master6' -f query='
+ mutation CreateBranchProtectionRule($branchName: String!, $repositoryId: ID!) {
+ createBranchProtectionRule(input: {
+ repositoryId: $repositoryId,
+ pattern: $branchName,requiresApprovingReviews:true, requiredApprovingReviewCount:1
+ requiresCodeOwnerReviews:true, requiresStatusChecks:true,
+ restrictsReviewDismissals:false, allowsDeletions: false
+ allowsForcePushes:false
+ dismissesStaleReviews:true
+ }) {
+ branchProtectionRule {
+ id
+ databaseId
+ }
+ }
+}
+ '
+```
diff --git a/action.yml b/action.yml
@@ -42,6 +42,7 @@ inputs:
 runs:
  using: 'composite'
  steps:
+ - uses: actions/checkout@v4.1.1
  - name: display the gh cli version
  run: gh --version
  shell: bash
@@ -72,3 +73,16 @@ runs:
  - name: enable or disable the 'wiki' tab for ${{ inputs.project }}
  run: gh repo edit ${{ inputs.project }} --enable-wiki=${{ inputs.settings_wiki }}
  shell: bash
+ - name: protect main branch
+ run: |
+ repositoryId=$(gh repo view --json id -q '.id' "${{ inputs.project }}")
+ echo $repositoryId
+
+ ls -ltr
+ ls -ltr ..
+
+ gh api graphql \
+ -f query="$(cat create-branch-protection-rule.graphql)" \
+ -F branchName='main' \
+ -F repositoryId="${repositoryId}"
+ shell: bash
diff --git a/create-branch-protection-rule.graphql b/create-branch-protection-rule.graphql
@@ -0,0 +1,10 @@
+mutation CreateBranchProtectionRule($branchName: String!, $repositoryId: ID!) {
+ createBranchProtectionRule(
+ input: { pattern: $branchName, repositoryId: $repositoryId }
+ ) {
+ branchProtectionRule {
+ id
+ databaseId
+ }
+ }
+}