protection enforce admin
Signed-off-by: Michael Short <michael@bison.dev>
This commit is contained in:
Michael Short
@@ -0,0 +1,5 @@
|
||||
---
|
||||
'@backstage/plugin-scaffolder-backend': patch
|
||||
---
|
||||
|
||||
Add enforceAdmins as scaffolder input to branch protection github config
|
||||
+66
@@ -283,6 +283,7 @@ describe('github:repo:push', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
@@ -301,6 +302,7 @@ describe('github:repo:push', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: true,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
@@ -319,6 +321,67 @@ describe('github:repo:push', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
});
|
||||
|
||||
it('should call enableBranchProtectionOnDefaultRepoBranch with the correct values of enforceAdmins', async () => {
|
||||
mockOctokit.rest.repos.get.mockResolvedValue({
|
||||
data: {
|
||||
clone_url: 'https://github.com/clone/url.git',
|
||||
html_url: 'https://github.com/html/url',
|
||||
},
|
||||
});
|
||||
|
||||
await action.handler(mockContext);
|
||||
|
||||
expect(enableBranchProtectionOnDefaultRepoBranch).toHaveBeenCalledWith({
|
||||
owner: 'owner',
|
||||
client: mockOctokit,
|
||||
repoName: 'repository',
|
||||
logger: mockContext.logger,
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
...mockContext,
|
||||
input: {
|
||||
...mockContext.input,
|
||||
protectEnforceAdmins: true,
|
||||
},
|
||||
});
|
||||
|
||||
expect(enableBranchProtectionOnDefaultRepoBranch).toHaveBeenCalledWith({
|
||||
owner: 'owner',
|
||||
client: mockOctokit,
|
||||
repoName: 'repository',
|
||||
logger: mockContext.logger,
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
...mockContext,
|
||||
input: {
|
||||
...mockContext.input,
|
||||
protectEnforceAdmins: false,
|
||||
},
|
||||
});
|
||||
|
||||
expect(enableBranchProtectionOnDefaultRepoBranch).toHaveBeenCalledWith({
|
||||
owner: 'owner',
|
||||
client: mockOctokit,
|
||||
repoName: 'repository',
|
||||
logger: mockContext.logger,
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: false,
|
||||
});
|
||||
});
|
||||
|
||||
@@ -340,6 +403,7 @@ describe('github:repo:push', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
@@ -358,6 +422,7 @@ describe('github:repo:push', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: ['statusCheck'],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
@@ -376,6 +441,7 @@ describe('github:repo:push', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
@@ -44,6 +44,7 @@ export function createGithubRepoPushAction(options: {
|
||||
description?: string;
|
||||
defaultBranch?: string;
|
||||
protectDefaultBranch?: boolean;
|
||||
protectEnforceAdmins?: boolean;
|
||||
gitCommitMessage?: string;
|
||||
gitAuthorName?: string;
|
||||
gitAuthorEmail?: string;
|
||||
@@ -65,6 +66,7 @@ export function createGithubRepoPushAction(options: {
|
||||
requiredStatusCheckContexts: inputProps.requiredStatusCheckContexts,
|
||||
defaultBranch: inputProps.defaultBranch,
|
||||
protectDefaultBranch: inputProps.protectDefaultBranch,
|
||||
protectEnforceAdmins: inputProps.protectEnforceAdmins,
|
||||
gitCommitMessage: inputProps.gitCommitMessage,
|
||||
gitAuthorName: inputProps.gitAuthorName,
|
||||
gitAuthorEmail: inputProps.gitAuthorEmail,
|
||||
@@ -85,6 +87,7 @@ export function createGithubRepoPushAction(options: {
|
||||
repoUrl,
|
||||
defaultBranch = 'master',
|
||||
protectDefaultBranch = true,
|
||||
protectEnforceAdmins = true,
|
||||
gitCommitMessage = 'initial commit',
|
||||
gitAuthorName,
|
||||
gitAuthorEmail,
|
||||
@@ -120,6 +123,7 @@ export function createGithubRepoPushAction(options: {
|
||||
ctx.input.sourcePath,
|
||||
defaultBranch,
|
||||
protectDefaultBranch,
|
||||
protectEnforceAdmins,
|
||||
owner,
|
||||
client,
|
||||
repo,
|
||||
|
||||
@@ -236,6 +236,7 @@ export async function initRepoPushAndProtect(
|
||||
sourcePath: string | undefined,
|
||||
defaultBranch: string,
|
||||
protectDefaultBranch: boolean,
|
||||
protectEnforceAdmins: boolean,
|
||||
owner: string,
|
||||
client: Octokit,
|
||||
repo: string,
|
||||
@@ -283,6 +284,7 @@ export async function initRepoPushAndProtect(
|
||||
defaultBranch,
|
||||
requireCodeOwnerReviews,
|
||||
requiredStatusCheckContexts,
|
||||
enforceAdmins: protectEnforceAdmins,
|
||||
});
|
||||
} catch (e) {
|
||||
assertError(e);
|
||||
|
||||
@@ -128,6 +128,11 @@ const protectDefaultBranch = {
|
||||
type: 'boolean',
|
||||
description: `Protect the default branch after creating the repository. The default value is 'true'`,
|
||||
};
|
||||
const protectEnforceAdmins = {
|
||||
title: 'Enforce Admins On Protected Branches',
|
||||
type: 'boolean',
|
||||
description: `Enforce admins to adhere to default branch protection. The default value is 'true'`,
|
||||
};
|
||||
const gitCommitMessage = {
|
||||
title: 'Git Commit Message',
|
||||
type: 'string',
|
||||
@@ -152,6 +157,7 @@ export { gitAuthorEmail };
|
||||
export { gitAuthorName };
|
||||
export { gitCommitMessage };
|
||||
export { protectDefaultBranch };
|
||||
export { protectEnforceAdmins };
|
||||
export { repoUrl };
|
||||
export { repoVisibility };
|
||||
export { requireCodeOwnerReviews };
|
||||
|
||||
@@ -135,6 +135,7 @@ type BranchProtectionOptions = {
|
||||
requireCodeOwnerReviews: boolean;
|
||||
requiredStatusCheckContexts?: string[];
|
||||
defaultBranch?: string;
|
||||
enforceAdmins?: boolean;
|
||||
};
|
||||
|
||||
export const enableBranchProtectionOnDefaultRepoBranch = async ({
|
||||
@@ -145,6 +146,7 @@ export const enableBranchProtectionOnDefaultRepoBranch = async ({
|
||||
requireCodeOwnerReviews,
|
||||
requiredStatusCheckContexts = [],
|
||||
defaultBranch = 'master',
|
||||
enforceAdmins = true,
|
||||
}: BranchProtectionOptions): Promise<void> => {
|
||||
const tryOnce = async () => {
|
||||
try {
|
||||
@@ -167,7 +169,7 @@ export const enableBranchProtectionOnDefaultRepoBranch = async ({
|
||||
contexts: requiredStatusCheckContexts,
|
||||
},
|
||||
restrictions: null,
|
||||
enforce_admins: true,
|
||||
enforce_admins: enforceAdmins,
|
||||
required_pull_request_reviews: {
|
||||
required_approving_review_count: 1,
|
||||
require_code_owner_reviews: requireCodeOwnerReviews,
|
||||
|
||||
@@ -623,6 +623,7 @@ describe('publish:github', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
@@ -641,6 +642,7 @@ describe('publish:github', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: true,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
@@ -659,6 +661,70 @@ describe('publish:github', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
});
|
||||
|
||||
it('should call enableBranchProtectionOnDefaultRepoBranch with the correct values of enforceAdmins', async () => {
|
||||
mockOctokit.rest.users.getByUsername.mockResolvedValue({
|
||||
data: { type: 'User' },
|
||||
});
|
||||
|
||||
mockOctokit.rest.repos.createForAuthenticatedUser.mockResolvedValue({
|
||||
data: {
|
||||
name: 'repo',
|
||||
},
|
||||
});
|
||||
|
||||
await action.handler(mockContext);
|
||||
|
||||
expect(enableBranchProtectionOnDefaultRepoBranch).toHaveBeenCalledWith({
|
||||
owner: 'owner',
|
||||
client: mockOctokit,
|
||||
repoName: 'repo',
|
||||
logger: mockContext.logger,
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
...mockContext,
|
||||
input: {
|
||||
...mockContext.input,
|
||||
protectEnforceAdmins: false,
|
||||
},
|
||||
});
|
||||
|
||||
expect(enableBranchProtectionOnDefaultRepoBranch).toHaveBeenCalledWith({
|
||||
owner: 'owner',
|
||||
client: mockOctokit,
|
||||
repoName: 'repo',
|
||||
logger: mockContext.logger,
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: false,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
...mockContext,
|
||||
input: {
|
||||
...mockContext.input,
|
||||
protectEnforceAdmins: true,
|
||||
},
|
||||
});
|
||||
|
||||
expect(enableBranchProtectionOnDefaultRepoBranch).toHaveBeenCalledWith({
|
||||
owner: 'owner',
|
||||
client: mockOctokit,
|
||||
repoName: 'repo',
|
||||
logger: mockContext.logger,
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
});
|
||||
|
||||
@@ -683,6 +749,7 @@ describe('publish:github', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
@@ -701,6 +768,7 @@ describe('publish:github', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: ['statusCheck'],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
|
||||
await action.handler({
|
||||
@@ -719,6 +787,7 @@ describe('publish:github', () => {
|
||||
defaultBranch: 'master',
|
||||
requireCodeOwnerReviews: false,
|
||||
requiredStatusCheckContexts: [],
|
||||
enforceAdmins: true,
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
@@ -48,6 +48,7 @@ export function createPublishGithubAction(options: {
|
||||
access?: string;
|
||||
defaultBranch?: string;
|
||||
protectDefaultBranch?: boolean;
|
||||
protectEnforceAdmins?: boolean;
|
||||
deleteBranchOnMerge?: boolean;
|
||||
gitCommitMessage?: string;
|
||||
gitAuthorName?: string;
|
||||
@@ -93,6 +94,7 @@ export function createPublishGithubAction(options: {
|
||||
repoVisibility: inputProps.repoVisibility,
|
||||
defaultBranch: inputProps.defaultBranch,
|
||||
protectDefaultBranch: inputProps.protectDefaultBranch,
|
||||
protectEnforceAdmins: inputProps.protectEnforceAdmins,
|
||||
deleteBranchOnMerge: inputProps.deleteBranchOnMerge,
|
||||
gitCommitMessage: inputProps.gitCommitMessage,
|
||||
gitAuthorName: inputProps.gitAuthorName,
|
||||
@@ -124,6 +126,7 @@ export function createPublishGithubAction(options: {
|
||||
repoVisibility = 'private',
|
||||
defaultBranch = 'master',
|
||||
protectDefaultBranch = true,
|
||||
protectEnforceAdmins = true,
|
||||
deleteBranchOnMerge = false,
|
||||
gitCommitMessage = 'initial commit',
|
||||
gitAuthorName,
|
||||
@@ -176,6 +179,7 @@ export function createPublishGithubAction(options: {
|
||||
ctx.input.sourcePath,
|
||||
defaultBranch,
|
||||
protectDefaultBranch,
|
||||
protectEnforceAdmins,
|
||||
owner,
|
||||
client,
|
||||
repo,
|
||||
|
||||
Reference in New Issue
Block a user