Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Allow excluded users (ex. bots) in branch protection implementation #220

Closed
3 of 4 tasks
TimidRobot opened this issue Oct 2, 2024 · 2 comments · Fixed by #224
Closed
3 of 4 tasks

[Feature] Allow excluded users (ex. bots) in branch protection implementation #220

TimidRobot opened this issue Oct 2, 2024 · 2 comments · Fixed by #224
Assignees
@Silvia-Wachira
Labels
💻 aspect: code Concerns the software code in the repository ✨ goal: improvement Improvement to an existing feature help wanted Open to participation from the community 🟨 priority: medium Not blocking but should be fixed soon 💪 skill: python Requires proficiency in 'Python' 🏁 status: ready for work Ready for work

Comments

@TimidRobot
Copy link
Member

TimidRobot commented Oct 2, 2024
edited
Loading

Problem

Repositories updated by bots are excluded (reduced security):

ccos-scripts/ccos/norm/branch_protections.yml

Lines 1 to 17 in fbd4764

EXEMPT_REPOSITORIES:
# special purpose repo
- australian-chapter
# exempted for bot pushes to default branch
- creativecommons.github.io-source
# exempted for bot pushes to default branch
- creativecommons.github.io
# special purpose repo
- global-network-strategy
# special purpose repo
- network-platforms
# exempted for bot pushes to default branch
- quantifying
# special purpose repo
- sre-wiki-js
# special purpose repo
- tech-support

Description

Protections can be maintained with specific users (bots) excluded

In the GitHub GUI, the specific user exclusions look like this, for example:
Screenshot 2024-10-03 at 13 37 05

The script (normalize_repos.py) already handles:

  • Protect matching branches
    • Require a pull request before merging
      • Require approvals

It needs to be updated to also handle (with ability to specify one or more users):

  • Protect matching branches
    • Allow specified actors to bypass required pull requests

Additional context

Implementation

  • I would be interested in implementing this feature.
@TimidRobot TimidRobot added 🟨 priority: medium Not blocking but should be fixed soon 🚧 status: blocked Blocked & therefore, not ready for work ✨ goal: improvement Improvement to an existing feature 💻 aspect: code Concerns the software code in the repository labels Oct 2, 2024
@TimidRobot TimidRobot moved this to Backlog in TimidRobot Oct 2, 2024
@TimidRobot TimidRobot mentioned this issue Oct 2, 2024
Merged
7 tasks
@TimidRobot TimidRobot added 💪 skill: python Requires proficiency in 'Python' 🏁 status: ready for work Ready for work help wanted Open to participation from the community and removed 🚧 status: blocked Blocked & therefore, not ready for work labels Oct 3, 2024
@Silvia-Wachira Silvia-Wachira mentioned this issue Oct 7, 2024
Merged
7 tasks
@github-project-automation github-project-automation bot moved this from Backlog to Done in TimidRobot Oct 15, 2024
@TimidRobot
Copy link
Member Author

@Silvia-Wachira please make a comment here so I can assign the issue to you

@Silvia-Wachira
Copy link

@TimidRobot Thank you! This is my comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Silvia-Wachira Silvia-Wachira

Labels
💻 aspect: code Concerns the software code in the repository ✨ goal: improvement Improvement to an existing feature help wanted Open to participation from the community 🟨 priority: medium Not blocking but should be fixed soon 💪 skill: python Requires proficiency in 'Python' 🏁 status: ready for work Ready for work
Projects
TimidRobot
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement Exclusion of Exempt Users Silvia-Wachira/ccos-scripts
2 participants
@TimidRobot @Silvia-Wachira