Add a ruleset to configure the merge queue

Rulesets can now be used to configure merge queues, so we can finally drop branch protection rules completely. Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
llucax · Apr 16, 2024 · d629c97 · d629c97
1 parent b8a0c80
commit d629c97
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 47 deletions.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -26,7 +26,7 @@
 
 ## New Features
 
-<!-- Here goes the main new features and examples or instructions on how to use them -->
+- A new GitHub ruleset is provided to configure the merge queue, so branch protection rules are not needed anymore.
 
 ### Cookiecutter template
 

diff --git a/cookiecutter/migrate.sh b/cookiecutter/migrate.sh
@@ -33,5 +33,15 @@ echo
 manual_step "Please make sure that the 'Markdown' and 'types-Markdown' dependencies are at version 3.5.2 or higher in 'pyproject.toml':"
 grep 'Markdown' pyproject.toml
 
+echo "========================================================================"
+
+manual_step "To configure merge queues via repository rulesets you need to:"
+manual_step "  1. Go to your repository settings and click on 'Rules' -> 'Rulesets' in the sidebar."
+manual_step "  2. Click on 'New ruleset' on the top right and select 'Import a ruleset'."
+manual_step "  3. Select the file 'github-rulesets/Queue PRs for v0.x.x.json'."
+manual_step "  4. Make sure the branch name is correct (matches the branch you want to configure the merge queue for) and click 'Create'."
+manual_step "  5. Go to the 'Branches' section in the sidebar."
+manual_step "  6. Remove any branch protection rules that are not needed anymore (you should probably have only one configuring the merge queue if you were using other rulesets before)."
+
 # Add a separation line like this one after each migration step.
 echo "========================================================================"
diff --git a/docs/user-guide/start-a-new-project/configure-github.md b/docs/user-guide/start-a-new-project/configure-github.md
@@ -74,52 +74,6 @@ This depends on the repo, but in general we want this:
 * Give the team owning the repository *Role: Admin*
 * Give *everybody* team *Role: Triage*
 
-### Branches
-
-After importing code to the repository, add the following *Branch protection
-rules* (as always this is a guideline, defaults that should be used unless
-there is a reason to diverge):
-
-#### Protect matching branches
-
-!!! Note inline end
-
-    This is only to enable the merge queue, all the real protection rules will
-    be added afterwards via [rulesets](#rulesets). This is why all other
-    protections are disabled here.
-
-Add a rule for the **main branch** (`v0.x.x`) without wildcards so merge queues
-can be enabled:
-
-- [ ] Require a pull request before merging
-    - [ ] Require approvals: 1
-    - [ ] Dismiss stale pull request approvals when new commits are pushed
-    - [ ] Require review from Code Owners
-    - [ ] Restrict who can dismiss pull request reviews
-    - [ ] Allow specified actors to bypass required pull requests
-    - [ ] Require approval of the most recent reviewable push
-- [ ] Require status checks to pass before merging
-    - [ ] Require branches to be up to date before merging
-    - **(add all the tests that should pass)**
-- [ ] Require conversation resolution before merging
-- [ ] Require signed commits
-- [ ] Require linear history
-- [x] Require merge queue:
-    * Maximum pull requests to build: **5**
-    * Minimum pull requests to merge: **2** (this should be the only change
-      to defaults) or after **5** minutes
-    * Maximum pull requests to merge: **5**
-    - [x] Only merge non-failing pull requests
-    * Consider check failed after **60**
-- [ ] Require deployments to succeed before merging
-- [ ] Lock branch
-- [ ] Do not allow bypassing the above settings
-- [ ] Restrict who can push to matching branches (this might be disabled
-  while pushing the initial changes)
-- Rules applied to everyone including administrators
-    - [ ] Allow force pushes
-    - [ ] Allow deletions
-
 ### Rules
 
 #### Rulesets
@@ -146,6 +100,8 @@ Import the following
   tags]({{config.repo_url}}/blob/{{ref_name}}/github-rulesets/Protect released tags.json)
 * [Protect version
   branches]({{config.repo_url}}/blob/{{ref_name}}/github-rulesets/Protect version branches.json)
+* [Queue PRs for
+  v0.x.x]({{config.repo_url}}/blob/{{ref_name}}/github-rulesets/Queue PRs for v0.x.x.json)
 
 ### Code security and analysis
 

diff --git a/github-rulesets/Queue PRs for v0.x.x.json b/github-rulesets/Queue PRs for v0.x.x.json
@@ -0,0 +1,46 @@
+{
+  "name": "Queue PRs for v0.x.x",
+  "target": "branch",
+  "source_type": "Repository",
+  "source": "frequenz-floss/frequenz-repo-config-python",
+  "enforcement": "active",
+  "conditions": {
+    "ref_name": {
+      "exclude": [],
+      "include": [
+        "refs/heads/v0.x.x"
+      ]
+    }
+  },
+  "rules": [
+    {
+      "type": "merge_queue",
+      "parameters": {
+        "merge_method": "Merge commit",
+        "max_entries_to_build": 5,
+        "min_entries_to_merge": 3,
+        "max_entries_to_merge": 5,
+        "min_entries_to_merge_wait_minutes": 1,
+        "grouping_strategy_all_green": true,
+        "check_response_timeout_minutes": 60
+      }
+    }
+  ],
+  "bypass_actors": [
+    {
+      "actor_id": 2,
+      "actor_type": "RepositoryRole",
+      "bypass_mode": "pull_request"
+    },
+    {
+      "actor_id": 5,
+      "actor_type": "RepositoryRole",
+      "bypass_mode": "always"
+    },
+    {
+      "actor_id": 1,
+      "actor_type": "OrganizationAdmin",
+      "bypass_mode": "always"
+    }
+  ]
+}