Documentation
¶
Overview ¶
Package branch implements the Branch Protection security policy.
Index ¶
- func NewBranch() policydef.Policy
- type Branch
- func (b Branch) Check(ctx context.Context, c *github.Client, owner, repo string) (*policydef.Result, error)
- func (b Branch) Fix(ctx context.Context, c *github.Client, owner, repo string) error
- func (b Branch) GetAction(ctx context.Context, c *github.Client, owner, repo string) string
- func (b Branch) IsEnabled(ctx context.Context, c *github.Client, owner, repo string) (bool, error)
- func (b Branch) Name() string
- type OrgConfig
- type RepoConfig
- type StatusCheck
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Branch ¶
type Branch bool
Branch is the Branch Protection policy object, implements policydef.Policy.
func (Branch) Check ¶
func (b Branch) Check(ctx context.Context, c *github.Client, owner, repo string) (*policydef.Result, error)
Check performs the policy check for Branch Protection based on the configuration stored in the org/repo, implementing policydef.Policy.Check()
func (Branch) GetAction ¶
GetAction returns the configured action from Branch Protection's configuration stored in the org-level repo, default log. Implementing policydef.Policy.GetAction()
type OrgConfig ¶
type OrgConfig struct {
// OptConfig is the standard org-level opt in/out config, RepoOverride
// applies to all BP config.
OptConfig config.OrgOptConfig `json:"optConfig"`
// Action defines which action to take, default log, other: issue...
Action string `json:"action"`
// EnforceDefault : set to true to enforce policy on default branch, default
// true.
EnforceDefault bool `json:"enforceDefault"`
// EnforceBranches is a map of repos and branches. These are other
// non-default branches to enforce policy on, such as branches which releases
// are made from.
EnforceBranches map[string][]string `json:"enforceBranches"`
// RequireApproval : set to true to enforce approval on PRs, default true.
// When this config is false, ApprovalCount will always be set to 0.
RequireApproval bool `json:"requireApproval"`
// RequireCodeOwnerReviews : set to true to enforce code owner reviews on PRs, default false.
// If set to true, then "requireApproval" must also be true
RequireCodeOwnerReviews bool `json:"requireCodeOwnerReviews"`
// ApprovalCount is the number of required PR approvals, default 1.
ApprovalCount int `json:"approvalCount"`
// DismissStale : set to true to require PR approvals be dismissed when a PR
// is updated, default true.
DismissStale bool `json:"dismissStale"`
// BlockForce : set to true to block force pushes, default true.
BlockForce bool `json:"blockForce"`
// RequireUpToDateBranch : set to true to require that branches must be up
// to date before merging. Only used if RequireStatusChecks is set. Default
// true.
RequireUpToDateBranch bool `json:"requireUpToDateBranch"`
// RequireStatusChecks is a list of status checks that are required in
// order to merge into the protected branch. Each entry must specify
// the context, and optionally an appID.
RequireStatusChecks []StatusCheck `json:"requireStatusChecks"`
// EnforceOnAdmins : set to true to apply the branch protection rules on
// administrators as well.
EnforceOnAdmins bool `json:"enforceOnAdmins"`
// RequireSignedCommits : set to true to require signed commits on protected branches, default false
RequireSignedCommits bool `json:"requireSignedCommits"`
}
OrgConfig is the org-level config definition for Branch Protection.
type RepoConfig ¶
type RepoConfig struct {
// OptConfig is the standard repo-level opt in/out config.
OptConfig config.RepoOptConfig `json:"optConfig"`
// Action overrides the same setting in org-level, only if present.
Action *string `json:"action"`
// EnforceDefault overrides the same setting in org-level, only if present.
EnforceDefault *bool `json:"enforceDefault"`
// EnforceBranches adds more branches to the org-level list. Does not
// override. Always allowed irrespective of DisableRepoOverride setting.
EnforceBranches []string `json:"enforceBranches"`
// RequireApproval overrides the same setting in org-level, only if present.
RequireApproval *bool `json:"requireApproval"`
// RequireCodeOwnerReviews overrides the same setting in org-level, only if present.
RequireCodeOwnerReviews *bool `json:"requireCodeOwnerReviews"`
// ApprovalCount overrides the same setting in org-level, only if present.
ApprovalCount *int `json:"approvalCount"`
// DismissStale overrides the same setting in org-level, only if present.
DismissStale *bool `json:"dismissStale"`
// BlockForce overrides the same setting in org-level, only if present.
BlockForce *bool `json:"blockForce"`
// EnforceOnAdmins overrides the same setting in org-level, only if present.
EnforceOnAdmins *bool `json:"enforceOnAdmins"`
// RequireUpToDateBranch overrides the same setting in org-level, only if
// present.
RequireUpToDateBranch *bool `json:"requireUpToDateBranch"`
// RequireStatusChecks overrides the same setting in org-level, only if
// present. Omitting will lead to taking the org-level config as is, but
// specifying an empty list (`requireStatusChecks: []`) will override the
// setting to be empty.
RequireStatusChecks []StatusCheck `json:"requireStatusChecks"`
// RequireSignedCommits overrides the same setting in org-level, only if
// present.
RequireSignedCommits *bool `json:"requireSignedCommits"`
}
RepoConfig is the repo-level config for Branch Protection
type StatusCheck ¶
type StatusCheck struct {
// Context is the status check name that should be required.
Context string `json:"context"`
// AppID, when provided, will require that the status check be set by
// the GitHub App with the given AppID. When omitted, any app can
// provide the required status check.
AppID *int64 `json:"appID"`
}
StatusCheck is the config description for specifying a single required status check in the RequireStatusChecks list.
Source Files
Click to show internal directories.
Click to hide internal directories.