From 7956913f14d09ec234421095cc66d3bd96664234 Mon Sep 17 00:00:00 2001
From: Diego Queiroz <diego.queiroz@gmail.com>
Date: Thu, 30 Jun 2022 05:01:52 -0300
Subject: [PATCH] Fixing branch protection creation and adding missing
 restrictions (#45)

* Fixing branch protection creation, and adding missing restrictions

* Safe access to contexts if required_status_checks is not set

* Adding note to wildcard protection rules on readme
---
 README.md                       | 2 ++
 src/utils/enforce-protection.ts | 8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 9887838..d4bc24e 100644
--- a/README.md
+++ b/README.md
@@ -121,6 +121,8 @@ The following inputs should be provided for every organization workflow.
 - **enforce_admin (optional)** Enforce [required status check](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/enabling-required-status-checks) for admins. _Default: false_
 - **documentation (optional)**: Link to documentation of this check. This is shown with the status check on the original commit. (eg `.github/workflows/compliance-info.md`) _Default: null_
 
+Note: if your default branch is covered only by a wildcard protection rule and you enable `enforce` or `enforce_admin`, the app will create a new branch protection rule covering only the default branch and copy the existing settings from the wildcard. Keep this in mind when making further changes on branch protection rules
+
 ```yml
     - uses: SvanBoxel/organization-workflow@main
       with:
diff --git a/src/utils/enforce-protection.ts b/src/utils/enforce-protection.ts
index 902b37f..45e974a 100644
--- a/src/utils/enforce-protection.ts
+++ b/src/utils/enforce-protection.ts
@@ -25,7 +25,7 @@ async function enforceProtection (
     console.error(e)
   }
 
-  const contexts = protection.data.required_status_checks.contexts;
+  const contexts = protection && protection.data.required_status_checks ? protection.data.required_status_checks.contexts : [];
   const enforce_admins_current_setting = protection && protection.data.enforce_admins.enabled
   const adminForceChange = enforce_admins_current_setting !== enforce_admin
   const contextIndex = contexts.indexOf(context_name)
@@ -57,7 +57,11 @@ async function enforceProtection (
     required_linear_history: protection && protection.data.required_linear_history.enabled,
     allow_force_pushes: protection && protection.data.allow_force_pushes.enabled,
     allow_deletions: protection && protection.data.allow_deletions.enabled,
-    restrictions: null
+    restrictions: protection && protection.data.restrictions ? {
+      apps: protection.data.restrictions.apps.map(({ slug } : { slug: string}) => slug),
+      users: protection.data.restrictions.users.map(({ login } : { login: string}) => login),
+      teams: protection.data.restrictions.teams.map(({ slug } : { slug: string}) => slug),
+    } : null,
   })
 
   return true;