Configure
-
Verify if all prerequisites are met before starting to configure.
-
If need to set branch protection rules for teams or users, verify the roles and access of corresponding teams in the repositories.
Note: If proper role not set the tool just skips the branch rule and add other branch rules specified.
-
Clone the repository to your machine.
git clone https://github.com/CanarysAutomations/automate-branch-rules.git
-
Open config.py in any text editor.
-
Provide the branch names you need inside the parenthesis as shown below. Verify whether the branch exists in the repositories.
Note: Add a comma at the end if giving single branch name.
eg:branches = ("main",)
-
Skip the remaining part of this section if you are only planning to Remove the branch protection rule.
-
Provide value for add_codeowners_file as True if you need to add or update CODEOWNERS file which is required for branch rule Require review from Code Owners else keep it as False
Note: Also configure the CODEOWNERS file in the tools' root folder for this to be done. To learn how the configure CODEOWNERS click here
-
Provide value for signed_commit as True if you need branch rule Require signed commits else keep it as False.
-
Add the branch protection rules which are required to add or modify in the repositories in branch_rules section with the following syntax.
branch_rules = { "key":int_value, "key2":["string_value1","string_value2","string_value3"], "key3":boolean_value # True/False }
-
Refer the following table to configure.
Key Value Type Branch Rule Example strict boolean Require branches to be up to date before merging. Should come along with contexts. branch_rules = { "strict":True, "contexts": ["BUILD_VALIDATE_JOB"] } contexts string list Enable status checks. Should come along with strict. branch_rules= { "strict":True, "contexts": ["BUILD_VALIDATE_JOB","CODE_SCAN_JOB"] } enforce_admins boolean Include administrators branch_rules = { "enforce_admins":True } required_approving_review_count int Require pull request reviews before merging with approver count as value provided branch_rules = { "required_approving_review_count":2 } dismissal_users string list Restrict users who can dismiss pull request reviews. branch_rules = { "required_approving_review_count":2, "dismissal_users":["User1","User2","User3"] } dismissal_teams string list Restrict teams who can dismiss pull request reviews. branch_rules = { "required_approving_review_count":2, "dismissal_teams":["Internal_App_Team","OSS_Devs"] } dismiss_stale_reviews boolean Dismiss stale pull request approvals when new commits are pushed branch_rules = { "required_approving_review_count":1, "dismiss_stale_reviews": True } require_code_owner_reviews boolean Require review from Code Owners branch_rules = { "required_approving_review_count":1, "require_code_owner_reviews": True } user_push_restrictions string list Restrict users who can push to matching branches branch_rules = { "user_push_restrictions":["User1","User2","User3"] } team_push_restrictions sting list Restrict teams who can push to matching branches branch_rules = { "team_push_restrictions":["Internal_App_Team","OSS_Devs"] } -
Save and close config.py.
-
You can run the tool as Docker Container or cli using Python.