Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Branch protection not applying #923

Open
m-schrepel opened this issue Apr 24, 2024 · 4 comments
Open

Branch protection not applying #923

m-schrepel opened this issue Apr 24, 2024 · 4 comments
Labels
bug

Comments

@m-schrepel
Copy link

Problem Description

When creating a new repository with a .github/settings.yml, branch protection is not being applied. Interestingly, repository and teams settings are working, but branches doesn't seem to. I copied the documentation for branches from this repository to make sure I wasn't running into a syntax issue, but no branch settings were applied. I uninstalled and reinstalled the app to make sure that wasn't the issue as well.

branches:
  - name: main
    # https://docs.github.com/en/rest/reference/repos#update-branch-protection
    # Branch Protection settings. Set to null to disable
    protection:
      # Required. Require at least one approving review on a pull request, before merging. Set to null to disable.
      required_pull_request_reviews:
        # The number of approvals required. (1-6)
        required_approving_review_count: 2
        # Dismiss approved reviews automatically when a new commit is pushed.
        dismiss_stale_reviews: true
        # Blocks merge until code owners have reviewed.
        require_code_owner_reviews: true
        # Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories.
        dismissal_restrictions:
          users: []
          teams: []
      # Required. Require status checks to pass before merging. Set to null to disable
      required_status_checks:
        # Required. Require branches to be up to date before merging.
        strict: true
        # Required. The list of status checks to require in order to merge into this branch
        contexts: ["check / required tests passed"]
      # Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable.
      enforce_admins: true
      # Prevent merge commits from being pushed to matching branches
      required_linear_history: true
      # Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
      restrictions:
        apps: []
        users: []
        teams: []

Context

Are you using the hosted instance of repository-settings/app or running your own?

I am using the app
@m-schrepel m-schrepel added the bug label Apr 24, 2024
@tinkooladik
Copy link

were you be able to figure this out?

@bernardpletikosa
Copy link

same here, regardless of the rules, or just plain C/P of config from the docs also doesn't trigger it.

@chrisjohnson00
Copy link

We're migrating off this tool because of this issue and the lack of action on this issue. Github Rulesets will be our replacement.

@tinkooladik
Copy link

tinkooladik commented Jul 1, 2024
edited
Loading

I kinda figured why it didn't work, so leaving a comment in case it can help anyone.

If branch protection rules don't apply, it means something is set up wrong - might be the tiniest mistake.

  • On my private playground repo everything started working once I changed it to public. Because reviewers requirement couldn't be applied to private repo.
  • On another project it didn't work because of required_status_checks.contexts. To add a required check there, this check should have already been ran at least once on the repo. So to set up lint / test status check, you should set up lint / tests itself first, run them, and then set up the rule.

It kinda makes sense, since it works the same way when you configure settings manually.

Other things:

  • enforce_admins: null - should be null and not false
  • restrictions: null - should be null and not empty arrays

The default / required values could be found in the official docs:
image
Why it's null instead of false in some cases, and false in other cases is weird to me but ¯_(ツ)_/¯

Also sometimes it took a little more time for rules to apply. I usually gave it a minute or two before checking if it worked - just in case.

I wanted to use this tool to setup settings for numerous new repos we have. But due to these limitations, it doesn't work for me.

We probably might use it for setting up labels list, and use Rulesets for settings. So far Rulesets worked pretty decent.

Anyway, I'm thankful to the author for the labels part and for making me think in this direction in general 🙂 without it, I'd probably didn't find out about Rulesets yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@chrisjohnson00 @m-schrepel @bernardpletikosa @tinkooladik