From 94672a26e7ee03161156334a838fbe9e6f198392 Mon Sep 17 00:00:00 2001 From: afernand Date: Fri, 8 Nov 2024 10:13:29 +0100 Subject: [PATCH 1/5] doc: Include ruleset files in documentation --- doc/source/_rulesets/main.json | 44 +++++++++++++++++++++ doc/source/_rulesets/tag-create.json | 43 ++++++++++++++++++++ doc/source/_rulesets/tag-delete.json | 38 ++++++++++++++++++ doc/source/how-to/repository-protection.rst | 24 ++++++++++- 4 files changed, 147 insertions(+), 2 deletions(-) create mode 100644 doc/source/_rulesets/main.json create mode 100644 doc/source/_rulesets/tag-create.json create mode 100644 doc/source/_rulesets/tag-delete.json diff --git a/doc/source/_rulesets/main.json b/doc/source/_rulesets/main.json new file mode 100644 index 000000000..9fb29c59c --- /dev/null +++ b/doc/source/_rulesets/main.json @@ -0,0 +1,44 @@ +{ + "id": 2045316, + "name": "Main branch protection", + "target": "branch", + "source_type": "Repository", + "source": "ansys-internal/pymechanical-meshworkflows", + "enforcement": "active", + "conditions": { + "ref_name": { + "exclude": [], + "include": [ + "~DEFAULT_BRANCH" + ] + } + }, + "rules": [ + { + "type": "deletion" + }, + { + "type": "non_fast_forward" + }, + { + "type": "branch_name_pattern", + "parameters": { + "operator": "regex", + "pattern": "/release\\/*|feat\\/*|maint\\/*|fix\\/*|junk\\/*|no-ci\\/*|dependabot\\/*|test\\/*|testing\\/*/gm", + "negate": false, + "name": "Branch name must match the regex" + } + }, + { + "type": "pull_request", + "parameters": { + "required_approving_review_count": 1, + "dismiss_stale_reviews_on_push": false, + "require_code_owner_review": true, + "require_last_push_approval": false, + "required_review_thread_resolution": true + } + } + ], + "bypass_actors": [] +} \ No newline at end of file diff --git a/doc/source/_rulesets/tag-create.json b/doc/source/_rulesets/tag-create.json new file mode 100644 index 000000000..5f81ed287 --- /dev/null +++ b/doc/source/_rulesets/tag-create.json @@ -0,0 +1,43 @@ +{ + "id": 2496378, + "name": "Auto-imported tag create protections", + "target": "tag", + "source_type": "Repository", + "source": "ansys/ansys-tools-visualization-interface", + "enforcement": "active", + "conditions": { + "ref_name": { + "exclude": [], + "include": [ + "refs/tags/v*", + "refs/tags/v*.*", + "refs/tags/v*.*.*" + ] + } + }, + "rules": [ + { + "type": "creation" + }, + { + "type": "update" + } + ], + "bypass_actors": [ + { + "actor_id": 2, + "actor_type": "RepositoryRole", + "bypass_mode": "always" + }, + { + "actor_id": 5, + "actor_type": "RepositoryRole", + "bypass_mode": "always" + }, + { + "actor_id": 1, + "actor_type": "OrganizationAdmin", + "bypass_mode": "always" + } + ] +} \ No newline at end of file diff --git a/doc/source/_rulesets/tag-delete.json b/doc/source/_rulesets/tag-delete.json new file mode 100644 index 000000000..be77a77ab --- /dev/null +++ b/doc/source/_rulesets/tag-delete.json @@ -0,0 +1,38 @@ +{ + "id": 2496375, + "name": "Auto-imported tag delete protections", + "target": "tag", + "source_type": "Repository", + "source": "ansys/ansys-tools-visualization-interface", + "enforcement": "active", + "conditions": { + "ref_name": { + "exclude": [], + "include": [ + "refs/tags/v*", + "refs/tags/v*.*", + "refs/tags/v*.*.*" + ] + } + }, + "rules": [ + { + "type": "update" + }, + { + "type": "deletion" + } + ], + "bypass_actors": [ + { + "actor_id": 5, + "actor_type": "RepositoryRole", + "bypass_mode": "always" + }, + { + "actor_id": 1, + "actor_type": "OrganizationAdmin", + "bypass_mode": "always" + } + ] +} \ No newline at end of file diff --git a/doc/source/how-to/repository-protection.rst b/doc/source/how-to/repository-protection.rst index 3bd9008db..aa390de85 100644 --- a/doc/source/how-to/repository-protection.rst +++ b/doc/source/how-to/repository-protection.rst @@ -30,12 +30,32 @@ section: Once a PR is merged into the ``main`` branch, the PR-related branch is deleted so that the repository contains only active branches. + +Rulesets +-------- + +Rulesets can be used to protect branches and tags. These can +be imported and exported from Github. The PyAnsys core team provides +template files for the branch protection and tag protection rulesets. + +Ruleset files: +:download:`Main branch protection ruleset <../_rulesets/main.json>`. +:download:`Tag create <../_rulesets/tag-create.json>`. +:download:`Tag delete <../_rulesets/tag-delete.json>`. + +Please refer to the `Github documentation `_ +to check how to import and export rulesets. + +.. note:: + You still need to manually set the rules for the required status checks + as described below, as they usually are specific to the repository. + Branch protection ----------------- Branch protection is critical in terms of avoiding malicious code insertion and access to confidential data. To access the branch protection rulesets for the repository, -select **Settings > Code and automation > Branches**. +select **Settings > Code and automation > Branches**. Next to **Branch protection rules**, click **Add rule**. @@ -74,7 +94,7 @@ For other branches, conventional commits can be enforced by creating a rule with the following parameters: - Enforcement status: ``Active`` -- Target branches: +- Target branches: - Include: ``All branches`` - Exclude: ``main``, ``gh-pages`` From 505a18863a323bdce64476bf73ca11befe60da50 Mon Sep 17 00:00:00 2001 From: afernand Date: Fri, 8 Nov 2024 10:23:36 +0100 Subject: [PATCH 2/5] fix: small errors --- doc/source/how-to/repository-protection.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/source/how-to/repository-protection.rst b/doc/source/how-to/repository-protection.rst index aa390de85..3d1b5be9c 100644 --- a/doc/source/how-to/repository-protection.rst +++ b/doc/source/how-to/repository-protection.rst @@ -39,12 +39,12 @@ be imported and exported from Github. The PyAnsys core team provides template files for the branch protection and tag protection rulesets. Ruleset files: -:download:`Main branch protection ruleset <../_rulesets/main.json>`. -:download:`Tag create <../_rulesets/tag-create.json>`. -:download:`Tag delete <../_rulesets/tag-delete.json>`. +:download:`Main branch protection ruleset <../_rulesets/main.json>` +:download:`Tag create <../_rulesets/tag-create.json>` +:download:`Tag delete <../_rulesets/tag-delete.json>` Please refer to the `Github documentation `_ -to check how to import and export rulesets. +to learn how to import and export rulesets. .. note:: You still need to manually set the rules for the required status checks From 5ae143a7a9d2e98fc979cc979b11fc2e6776332a Mon Sep 17 00:00:00 2001 From: afernand Date: Fri, 8 Nov 2024 10:26:55 +0100 Subject: [PATCH 3/5] fix: Accept ruleset --- doc/styles/config/vocabularies/ANSYS/accept.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/styles/config/vocabularies/ANSYS/accept.txt b/doc/styles/config/vocabularies/ANSYS/accept.txt index 1e79570ec..57684b5ac 100644 --- a/doc/styles/config/vocabularies/ANSYS/accept.txt +++ b/doc/styles/config/vocabularies/ANSYS/accept.txt @@ -91,7 +91,8 @@ reStructuredText REST RPC RST -rulesets +(?i)rulesets +(?i)ruleset scipy SEO [Ss]etuptools From 38eb0e60182683639d0b9c89ed8370106fef4d6a Mon Sep 17 00:00:00 2001 From: Alex Fernandez <21alex295@gmail.com> Date: Fri, 8 Nov 2024 11:42:33 +0100 Subject: [PATCH 4/5] Update doc/styles/config/vocabularies/ANSYS/accept.txt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sébastien Morais <146729917+SMoraisAnsys@users.noreply.github.com> --- doc/styles/config/vocabularies/ANSYS/accept.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/styles/config/vocabularies/ANSYS/accept.txt b/doc/styles/config/vocabularies/ANSYS/accept.txt index 57684b5ac..99b0b78ba 100644 --- a/doc/styles/config/vocabularies/ANSYS/accept.txt +++ b/doc/styles/config/vocabularies/ANSYS/accept.txt @@ -91,8 +91,8 @@ reStructuredText REST RPC RST -(?i)rulesets -(?i)ruleset +[Rr]ulesets +[Rr]uleset scipy SEO [Ss]etuptools From dea2a8d5cf913828f1eccb01b1cfdefa18183f8c Mon Sep 17 00:00:00 2001 From: afernand Date: Mon, 11 Nov 2024 09:52:00 +0100 Subject: [PATCH 5/5] fix: Remove references to repositories --- doc/source/_rulesets/main.json | 1 - doc/source/_rulesets/tag-create.json | 1 - doc/source/_rulesets/tag-delete.json | 1 - 3 files changed, 3 deletions(-) diff --git a/doc/source/_rulesets/main.json b/doc/source/_rulesets/main.json index 9fb29c59c..c2031bd92 100644 --- a/doc/source/_rulesets/main.json +++ b/doc/source/_rulesets/main.json @@ -3,7 +3,6 @@ "name": "Main branch protection", "target": "branch", "source_type": "Repository", - "source": "ansys-internal/pymechanical-meshworkflows", "enforcement": "active", "conditions": { "ref_name": { diff --git a/doc/source/_rulesets/tag-create.json b/doc/source/_rulesets/tag-create.json index 5f81ed287..6f0e069c8 100644 --- a/doc/source/_rulesets/tag-create.json +++ b/doc/source/_rulesets/tag-create.json @@ -3,7 +3,6 @@ "name": "Auto-imported tag create protections", "target": "tag", "source_type": "Repository", - "source": "ansys/ansys-tools-visualization-interface", "enforcement": "active", "conditions": { "ref_name": { diff --git a/doc/source/_rulesets/tag-delete.json b/doc/source/_rulesets/tag-delete.json index be77a77ab..4213ae160 100644 --- a/doc/source/_rulesets/tag-delete.json +++ b/doc/source/_rulesets/tag-delete.json @@ -3,7 +3,6 @@ "name": "Auto-imported tag delete protections", "target": "tag", "source_type": "Repository", - "source": "ansys/ansys-tools-visualization-interface", "enforcement": "active", "conditions": { "ref_name": {