Add bot branch protection bypass in root-signing-staging (#403)

* Remove unused custom role This was an attempt to allow a specific user/bot to bypass branch protections in a repository. Luckily we should not need the role after all. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com> * Add sigstore-bot to root-signing-staging bypass list Allow sigstore-bot to bypass required pull requests: this is for the online signing. Also remove sigstore-reviewe-bot: it should not be needed. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com> --------- Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
sigstore · Feb 16, 2024 · bcd885c · bcd885c
1 parent f2a8452
commit bcd885c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 7 deletions.
diff --git a/github-sync/github-data/sigstore/repositories.yaml b/github-sync/github-data/sigstore/repositories.yaml
@@ -1470,8 +1470,6 @@ repositories:
         permission: admin
       - username: sigstore-bot
         permission: push
-      - username: sigstore-review-bot
-        permission: push
     teams:
       - name: tuf-root-signing-staging-codeowners
         id: 8790813
@@ -1497,6 +1495,8 @@ repositories:
           - sigstore-bot
         dismissalRestrictions:
           - tuf-root-signing-staging-codeowners
+        pullRequestBypassers:
+          - sigstore-bot
       - pattern: publish
         enforceAdmins: true
         allowsDeletions: false

diff --git a/github-sync/github-data/sigstore/roles.yaml b/github-sync/github-data/sigstore/roles.yaml