-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow setup for all protected branches #413
Comments
I believe the current syntax already allows using wild card pattern for branch names and set desired configs. |
Unfortunately GitLab supports just plain wildcards with just @rossbeehler: I would use YAML anchors to shorten the config here: projects_and_groups:
<group/project clause>:
(...)
master: &protected_branch_permissions
push_access_level: (...)
merge_access_level: (...)
(...)
main: *protected_branch_permissions
dev: *protected_branch_permissions
develop: *protected_branch_permissions
(...) As GitLabForm skips missing branches by default (unless you do |
Yes, you're right. I was thinking of using global wildcard with just Yaml anchor is a good way to address this. Another option might be setting these branch protection at the group level. That way each special branch name and config needs to be listed once and it'll be applied to all projects under that group. Please correct me if I'm wrong. |
@gdubicki - thanks for the YAML anchor workaround. Trying to think through the risk of not being able to cover the multitude of names teams/groups could hash up that simply wouldn't be visible in GitLabForm config. Maybe at the top-level we should only be so prescriptive for @amimas - I'm not seeing the ability in the GitLab UIs to set group-level protected branch names/settings. Or are you saying that would be done in GitLabForm's config (it's actually a project level setting but done at the group level)? If that's what you mean, then I wholeheartedly agree. |
Yes. That's what I meant. Creating a gitlabform config that will apply the specified branch protection to all projects. projects_and_groups:
group_1/*:
branches:
# Keep this branch unprotected
develop:
protected: false
# Allow merging by developers, but no direct commits
main:
protected: true
push_access_level: no access
merge_access_level: developer
unprotect_access_level: maintainer
# Disallow any changes to this branch
special_protected_branch:
protected: true
push_access_level: no access
merge_access_level: no access
unprotect_access_level: maintainer
# Protect branches with names matching wildcards
'*-some-name-suffix':
protected: true
push_access_level: no access
merge_access_level: developer
unprotect_access_level: maintainer
# Protect the branch but allow force pushes
allow_to_force_push:
protected: true
push_access_level: no access
merge_access_level: developer
unprotect_access_level: maintainer
allow_force_push: true The above example is taken from the docs link I posted above. Only tweak is the wildcard used at the group ( |
Note that I did some testing with this approach, and it produces a little bit of a mess. Note all the Is this expected? I would have hoped that it only applied those settings to existing branches. |
I believe that's a default behaviour by Gitlab. It allows setting branch protection for a branch that doesn't exist yet. I agree the message in the UI maybe slightly misleading. |
This might be a separate feature request for gitlabform. |
We have a rich structure of groups/projects with a variety of branching strategies. We'd like to enforce
merge_access_level
andpush_access_level
across all existing protected branches for a project/repo, but the current syntax only allows you to specify a name with or without a wildcard. It would be nice if GitLabForm had a way to set branch settings for all protected branches in a repo, even if they are namedmaster
,main
,dev
,develop
,qa
,uat
,testing
, etc.Proposed syntax
The text was updated successfully, but these errors were encountered: