Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Branch protection protects branches that are not listed in rfc-0015 #580

Closed
stephanme opened this issue Apr 13, 2023 · 2 comments · Fixed by #582
Closed

Branch protection protects branches that are not listed in rfc-0015 #580

stephanme opened this issue Apr 13, 2023 · 2 comments · Fixed by #582
Assignees
@stephanme

Comments

@stephanme
Copy link
Contributor

Branch protection automation protected the following branches for cf-deployment:

  • update-java-buildpack-release-4.56
  • develop
  • main
  • manual_merge_stemcell_update_from_main
  • update-cf-cli-release-v1.43.0

It should have protected only the main branch from this list. Looks like the branch protection protects all branches that include main (the default branch of cf-deployment) or v (from pattern v[0-9]*).

Reason seems to be that the inclusionPattern is checked with regexp.MatchString by the branchprotector tool.

MatchString reports whether the string s contains any match of the regular expression pattern.

https://github.com/cloudfoundry/community/actions/runs/4677029281/jobs/8284059449

...
{"component":"branchprotector","file":"k8s.io/test-infra/prow/cmd/branchprotector/protect.go:329","func":"main.(*protector).UpdateRepo","level":"info","msg":"cloudfoundry/cf-deployment=update-windows-utilities-release-0.19.0: not included","severity":"info","time":"2023-04-12T13:16:40Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranches(cloudfoundry, cf-deployment, true)","severity":"info","time":"2023-04-12T13:16:40Z"}
{"component":"branchprotector","file":"k8s.io/test-infra/prow/cmd/branchprotector/protect.go:329","func":"main.(*protector).UpdateRepo","level":"info","msg":"cloudfoundry/cf-deployment=release-candidate: not included","severity":"info","time":"2023-04-12T13:16:40Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranchProtection(cloudfoundry, cf-deployment, update-java-buildpack-release-4.56)","severity":"info","time":"2023-04-12T13:16:40Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranchProtection(cloudfoundry, cf-deployment, develop)","severity":"info","time":"2023-04-12T13:16:40Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranchProtection(cloudfoundry, cf-deployment, main)","severity":"info","time":"2023-04-12T13:16:40Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranchProtection(cloudfoundry, cf-deployment, manual_merge_stemcell_update_from_main)","severity":"info","time":"2023-04-12T13:16:40Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranchProtection(cloudfoundry, cf-deployment, update-cf-cli-release-v1.43.0)","severity":"info","time":"2023-04-12T13:16:40Z"}
...
stephanme added a commit that referenced this issue Apr 13, 2023
@stephanme
Test for branch protection include pattern
29a2a9d 
- surrounding branch patterns with ^...$ should solve #580
@stephanme stephanme mentioned this issue Apr 13, 2023
Merged
@stephanme
Copy link
Contributor Author

Idea is to surround the branch inclusion patterns by ^...$ to get a full branch name match.

#581 will test this on https://github.com/cloudfoundry/branchprotection-test. Once merged, I will create test branches similar to the ones listed above which should not be touched anymore. If it works as expected, I adapt the org automation.

@stephanme
Copy link
Contributor Author

Test #581 succeeded. I created a few test branches on repo branchprotection-test similar to the problematic ones on cf-deployment and the remained unprotected after an org automation run:

https://github.com/cloudfoundry/community/actions/runs/4694888643/jobs/8323476572

...
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetRepo(cloudfoundry, branchprotection-test)","severity":"info","time":"2023-04-14T06:36:00Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranches(cloudfoundry, branchprotection-test, false)","severity":"info","time":"2023-04-14T06:36:01Z"}
{"component":"branchprotector","file":"k8s.io/test-infra/prow/cmd/branchprotector/protect.go:329","func":"main.(*protector).UpdateRepo","level":"info","msg":"cloudfoundry/branchprotection-test=develop: not included","severity":"info","time":"2023-04-14T06:36:01Z"}
{"component":"branchprotector","file":"k8s.io/test-infra/prow/cmd/branchprotector/protect.go:329","func":"main.(*protector).UpdateRepo","level":"info","msg":"cloudfoundry/branchprotection-test=manual_merge_stemcell_update_from_main: not included","severity":"info","time":"2023-04-14T06:36:01Z"}
{"component":"branchprotector","file":"k8s.io/test-infra/prow/cmd/branchprotector/protect.go:329","func":"main.(*protector).UpdateRepo","level":"info","msg":"cloudfoundry/branchprotection-test=stephanme-patch-1: not included","severity":"info","time":"2023-04-14T06:36:01Z"}
{"component":"branchprotector","file":"k8s.io/test-infra/prow/cmd/branchprotector/protect.go:329","func":"main.(*protector).UpdateRepo","level":"info","msg":"cloudfoundry/branchprotection-test=test: not included","severity":"info","time":"2023-04-14T06:36:01Z"}
{"component":"branchprotector","file":"k8s.io/test-infra/prow/cmd/branchprotector/protect.go:329","func":"main.(*protector).UpdateRepo","level":"info","msg":"cloudfoundry/branchprotection-test=update-cf-cli-release-v1.43.0: not included","severity":"info","time":"2023-04-14T06:36:01Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranches(cloudfoundry, branchprotection-test, true)","severity":"info","time":"2023-04-14T06:36:01Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranchProtection(cloudfoundry, branchprotection-test, main)","severity":"info","time":"2023-04-14T06:36:01Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetBranchProtection(cloudfoundry, branchprotection-test, v1)","severity":"info","time":"2023-04-14T06:36:01Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"UpdateBranchProtection(cloudfoundry, branchprotection-test, main, {\"required_status_checks\":null,\"enforce_admins\":true,\"required_pull_request_reviews\":{\"dismissal_restrictions\":{},\"dismiss_stale_reviews\":true,\"require_code_owner_reviews\":true,\"required_approving_review_count\":1,\"bypass_pull_request_allowances\":{\"users\":[],\"teams\":[\"wg-app-runtime-deployments-bots\"]}},\"restrictions\":null,\"required_linear_history\":false,\"allow_force_pushes\":false,\"allow_deletions\":false})","severity":"info","time":"2023-04-14T06:36:01Z"}
{"client":"github","component":"branchprotector","file":"k8s.io/test-infra/prow/github/client.go:918","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"UpdateBranchProtection(cloudfoundry, branchprotection-test, v1, {\"required_status_checks\":null,\"enforce_admins\":true,\"required_pull_request_reviews\":{\"dismissal_restrictions\":{},\"dismiss_stale_reviews\":true,\"require_code_owner_reviews\":true,\"required_approving_review_count\":1,\"bypass_pull_request_allowances\":{\"users\":[],\"teams\":[\"wg-app-runtime-deployments-bots\"]}},\"restrictions\":null,\"required_linear_history\":false,\"allow_force_pushes\":false,\"allow_deletions\":false})","severity":"info","time":"2023-04-14T06:36:01Z"}
...

I will file a PR to adapt the org automation coding to generate branch protection include patterns surrounded by ^...$.

@stephanme stephanme self-assigned this Apr 14, 2023
stephanme added a commit that referenced this issue Apr 14, 2023
@stephanme
branch protection: match complete branch name
59468b1 
- surround branch include patterns by ^...$ to avoid matching branches
  containing 'main' or 'v'
- fixes #580
- adapt integration test to changed ARD bots
@stephanme stephanme mentioned this issue Apr 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stephanme stephanme

Labels
None yet
Projects
CF Community
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

branch protection: match complete branch name cloudfoundry/community
1 participant
@stephanme