Skip to content

Commit

Permalink
Switch to probot/settings app
Browse files Browse the repository at this point in the history
Signed-off-by: Kyle Harding <kyle@balena.io>
  • Loading branch information
klutchell committed Sep 27, 2023
1 parent 9b610d8 commit ada1d61
Show file tree
Hide file tree
Showing 2 changed files with 183 additions and 136 deletions.
200 changes: 86 additions & 114 deletions .github/settings.yml
Original file line number Diff line number Diff line change
@@ -1,31 +1,19 @@
# https://github.com/andrewthetechie/gha-repo-manager/blob/main/examples/settings.yml
# These settings are synced to GitHub by https://probot.github.io/apps/settings/

# settings.yml can live in two places:
# 1. in the repo itself
# 2. in a centralized repo

# The Action is able to apply settings to any repo that its token can manage
# You can run Action from each repo, acting on that repo's settings.yml, or
# from a central repo, using a single settings.yml to control many repos.

# Which method you choose is up to you. See README.md for more info and example
# Workflows to implement these strategies.
settings:
repository:
# See https://docs.github.com/en/rest/repos/repos#update-a-repository for all available settings.
# any of these settings can be ommitted to just leave the repo's current setting
# If a setting has a value in settings.yml, it will always overwrite what exists in the repo.

# A short description of the repository that will show up on GitHub. Set to an empty string to clear.
# The name of the repository. Changing this will rename the repository
# name: repo-name

# A short description of the repository that will show up on GitHub
# description: description of repo

# A URL with more information about the repository. Set to an empty string to clear.
# A URL with more information about the repository
# homepage: https://example.github.io/

# A list of strings to apply as topics on the repo. Set to an empty string to clear topics. Omit or set to null to leave what repo already has
# topics:
# - gha
# - foo
# - bar
# A comma-separated list of topics to set on the repository
# topics: github, probot

# Either `true` to make the repository private, or `false` to make it public.
# private: false
Expand All @@ -43,8 +31,8 @@ settings:
# Either `true` to enable downloads for this repository, `false` to disable them.
# has_downloads: true

# Set the default branch for this repository.
# default_branch: main
# Updates the default branch for this repository.
# default_branch: master

# Either `true` to allow squash-merging pull requests, or `false` to prevent
# squash-merging.
Expand Down Expand Up @@ -73,119 +61,103 @@ settings:
# labels:
# - name: bug
# color: CC0000
# description: An issue with the system.
# description: An issue with the system 🐛.

# - name: feature
# # If including a `#`, make sure to wrap it with quotes!
# color: "#336699"
# color: '#336699'
# description: New functionality.

# - name: Help Wanted
# # Provide a new name to rename an existing label. A rename that results in a 'not found' will not fail a run
# # Provide a new name to rename an existing label
# new_name: first-timers-only

# - name: Old Label
# # set exists: false to delete a label. A delete that results in a "not found" will not fail a run
# exists: false

branch_protections:
# branch protection can only be created for branches that exist.
# Milestones: define milestones for Issues and Pull Requests
# milestones:
# - title: milestone-title
# description: milestone-description
# # The state of the milestone. Either `open` or `closed`
# state: open

# Collaborators: give specific users access to this repository.
# See https://docs.github.com/en/rest/collaborators/collaborators#add-a-repository-collaborator for available options
# collaborators:
# - username: bkeepers
# permission: push
# - username: hubot
# permission: pull

# Note: `permission` is only valid on organization-owned repositories.
# The permission to grant the collaborator. Can be one of:
# * `pull` - can pull, but not push to or administer this repository.
# * `push` - can pull and push, but not administer this repository.
# * `admin` - can pull, push and administer this repository.
# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.

# See https://docs.github.com/en/rest/deployments/environments#create-or-update-an-environment for available options
# Note: deployment_branch_policy differs from the API for ease of use. Either protected_branches (boolean) OR custom_branches (array of strings) can be provided; this will manage the API requirements under the hood. See https://docs.github.com/en/rest/deployments/branch-policies for documentation of custom_branches. If both are provided in an unexpected manner, protected_branches will be used.
# Either removing or simply not setting deployment_branch_policy will restore the default 'All branches' setting.
# environments:
# - name: production
# wait_timer: 5
# reviewers:
# - id: 1
# type: 'Team'
# - id: 2
# type: 'User'
# deployment_branch_policy:
# protected_branches: true
# - name: development
# deployment_branch_policy:
# custom_branches:
# - main
# - dev/*

# See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options
# teams:
# - name: core
# # The permission to grant the team. Can be one of:
# # * `pull` - can pull, but not push to or administer this repository.
# # * `push` - can pull and push, but not administer this repository.
# # * `admin` - can pull, push and administer this repository.
# # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
# # * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
# permission: admin
# - name: docs
# permission: push

branches:
- name: $DEFAULT_BRANCH
# https://docs.github.com/en/rest/branches/branch-protection#update-branch-protection
# Branch Protection settings. Leave a value out to leave set at current repo settings
# Branch Protection settings. Set to null to disable
protection:
# Require at least one approving review on a pull request, before merging. Set to null to disable.
pr_options:
# # The number of approvals required. (1-6)
# Required. Require at least one approving review on a pull request, before merging. Set to null to disable.
required_pull_request_reviews:
# The number of approvals required. (1-6)
# required_approving_review_count: 1
# # Dismiss approved reviews automatically when a new commit is pushed.
# Dismiss approved reviews automatically when a new commit is pushed.
dismiss_stale_reviews: false
# # Blocks merge until code owners have reviewed.
# Blocks merge until code owners have reviewed.
require_code_owner_reviews: false
# # Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories.
# Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories.
dismissal_restrictions: {}
# users: []
# teams: []
# Require status checks to pass before merging. Set to null to disable
# Required. Require status checks to pass before merging. Set to null to disable
required_status_checks:
# Require branches to be up to date before merging.
# Required. Require branches to be up to date before merging.
strict: true
# The list of status checks to require in order to merge into this branch
checks:
- Flowzone / All jobs
# Required. The list of status checks to require in order to merge into this branch
contexts:
- "policy-bot: $DEFAULT_BRANCH"
# Blocks merge until all conversations on a pull request have been resolved
require_conversation_resolution: false
# Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable.
- Flowzone / All jobs
# Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable.
enforce_admins: false
# Prevent merge commits from being pushed to matching branches
require_linear_history: false
# Permit force pushes for all users with push access.
allow_force_pushes: false
# Allow users with push access to delete matching branches.
allow_deletions: false
# If set to true, the restrictions branch protection settings which limits who can push will also block pushes which create new branches, unless the push is initiated by a user, team, or app which has the ability to push. Set to true to restrict new branch creation.
block_creations: false
# Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
required_linear_history: false
# Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
restrictions: null
# apps: []
# users: []
# teams: []
# - name: dev
# # will clear any branch protection on the dev branch, IF the dev branch exists. If you setup protection for a non-existant branch, this action cannot delete it
# exists: False
# # if the repo has a third branch named test with branch protections setup, by not adding a protection with name: test, this config will not change
# # those existing protections.
# - name: test
# exists: True

# secrets:
# # Manage secrets in your repo. Useful to manage secrets from a central repo for non organizations or to manage secrets org wide
# - key: SECRET_KEY
# # pull the value from an environment variable. If this variable is not found in the env, throw an error and fail the run
# # Set env vars on the github action job from secrets in your repo to sync screts across repos
# env: SECRET_VALUE
# # Set a dependabot secret on the repo
# - key: SECRET_KEY
# env: SECRET_VALUE
# type: dependabot
# - key: ANOTHER_SECRET
# # set a value directly in your yaml, probably not a good idea for things that are actually a secret
# value: bar
# - key: THIRD_SECRET
# # pull the value from an environment variable
# env: THIRD_VALUE
# # setting a value as not required allows you to not pass in an env var. if THIRD_VALUE is not set in the env, this secret won't be set but no error will be thrown
# required: false
# - key: DELETED_SECRET
# # setting exists to false will delete a secret. A delete that results in "not found" won't fail a run, so you can use this to make sure a secret is always deleted
# exists: false

# # Can copy files from your local context to the repo.
# # Manipulate files in the target repo
# # * move files around
# # * delete files
# # Changes are automatically commited and pushed to a target branch (default is default branch)
# # File operations are applied sequentially
# files:
# # copy templates/actions/my_workflow.yml to .github/workflows/my_workflow.yml in your target repo
# # and commit it with the default commit message and to your repo's default branch.
# # default commit message is "repo_manager file commit"
# - src_file: templates/actions/my_workflow.yml
# dest_file: .github/workflows/my_workflow.yml
# - src_file: templates/issues/issue_template.md
# dest_file: .github/ISSUE_TEMPLATE/issue.md
# commit_msg: update issue template
# # Update this file in the dev branch. If the dev branch doesn't exist, this will fail the workflow
# - src_file: templates/dev/dev.md
# dest_file: dev.md
# target_branch: dev
# # This moves README.md to README.rst in the remote. If README.md doesn't exist, the workflow will not fail and will emit a warning.
# - src_file: remote://README.md
# dest_file: README.rst
# move: true
# commit_msg: "move readme"
# # This removes OLDDOC.md in the dev branch. If OLDDOC.md doesn't exist, the workflow will emit a warning
# - dest_file: OLDDOC.md
# exists: false
# branch: dev
# commit_msg: "remove OLDDOC.md from dev"
Loading

0 comments on commit ada1d61

Please sign in to comment.