From e2479c519fdf851059950882f12435a038aec306 Mon Sep 17 00:00:00 2001 From: Martin Bruzina Date: Sat, 5 Jul 2025 22:21:27 +0200 Subject: [PATCH 1/2] fix: main branch ruleset shouldn't prevent pull request merges --- README.md | 2 +- test.yaml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index f7dc4b8..552bbf6 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ Set up GitHub actions, variables and secrets: - Secrets and variables / Actions / Actions secrets and variables - Secrets - **New repository secret** - - `APP_PEM_FILE` (`GITHUB_APP_PEM_FILE` contents) + - `GH_APP_PEM_FILE` (`GITHUB_APP_PEM_FILE` contents) - `AWS_ACCESS_KEY_ID` - `AWS_SECRET_ACCESS_KEY` - Variables diff --git a/test.yaml b/test.yaml index 7f391b1..48def9d 100644 --- a/test.yaml +++ b/test.yaml @@ -14,12 +14,10 @@ organization: - ~DEFAULT_BRANCH rules: creation: true - update: true deletion: true pull_request: required_approving_review_count: 0 required_linear_history: true - required_signatures: true repositories: - name: .github # Repository metadata From 64ba2b9d7226db5d6fcf67147d0e687a3523c7f2 Mon Sep 17 00:00:00 2001 From: Martin Bruzina Date: Sun, 6 Jul 2025 09:45:03 +0200 Subject: [PATCH 2/2] feat: all-repository ruleset bypass actors --- README.md | 7 ++++++- terraform/main.tf | 10 ++++++++++ test.yaml | 5 +++++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 552bbf6..7bb8bba 100644 --- a/README.md +++ b/README.md @@ -176,9 +176,14 @@ organization: - name: "Main Branch" target: branch # REQUIRED, VALUES branch or tag enforcement: active # REQUIRED, VALUES disabled or active + bypass_actors: # OPTIONAL, DEFAULT empty + # Xebis GitHub Semantic Release https://github.com/apps/xebis-github-semantic-release + - actor_id: 1527160 # REQUIRED, VALUE The ID of the actor + actor_type: Integration # REQUIRED, VALUES RepositoryRole, Team, Integration, OR OrganizationAdmin + bypass_mode: always # REQUIRED, VALUES always or pull_request conditions: # OPTIONAL, DEFAULT empty ref_name: - include: # OPTIONAL, DEFAULT empty, VALUE array of ref names or patterns to include, special values ~ALL and ~DEFAULT_BRANCH also accepted + include: # OPTIONAL, DEFAULT empty, VALUE array of ref names or patterns to include, SPECIAL VALUES ~ALL and ~DEFAULT_BRANCH also accepted - ~DEFAULT_BRANCH exclude: # OPTIONAL, DEFAULT empty rules: diff --git a/terraform/main.tf b/terraform/main.tf index 35f3cbb..c0d183a 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -49,6 +49,16 @@ resource "github_repository_ruleset" "all_repositories" { target = try(each.value.ruleset.target, null) enforcement = try(each.value.ruleset.enforcement, null) + # Bypass actors + dynamic "bypass_actors" { + for_each = try(each.value.ruleset.bypass_actors, []) + content { + actor_id = bypass_actors.value.actor_id + actor_type = bypass_actors.value.actor_type + bypass_mode = bypass_actors.value.bypass_mode + } + } + # Conditions dynamic "conditions" { for_each = try(length(each.value.ruleset.conditions) > 0 ? [each.value.ruleset.conditions] : [], []) diff --git a/test.yaml b/test.yaml index 48def9d..acd9d37 100644 --- a/test.yaml +++ b/test.yaml @@ -8,6 +8,11 @@ organization: - name: "Main Branch" target: branch enforcement: active + bypass_actors: + # Xebis GitHub Semantic Release https://github.com/apps/xebis-github-semantic-release + - actor_id: 1527160 + actor_type: Integration + bypass_mode: always conditions: ref_name: include: