Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add info about applying rulesets for branch protection #163

Merged
merged 3 commits into from
Apr 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions github-rulesets.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# GitHub Rulesets

Rulesets can be used to apply branch protection and CI status check rules to a repo, in the case where branch protection needs to be bypassed in certain cases.

An example of this is the [GHA Scala Library Release Workflow](https://github.com/guardian/gha-scala-library-release-workflow), which requires branch protection to be turned off in order for it to be able to run.

To re-apply branch protection of the default branch via rulesets:

* Edit the Custom Property `production_status` on your repo to select `production`. This will enable an organisation-level ruleset on your repo which applies branch protection to the default branch . (N.B. This ruleset is configured to allow the 'Gu Scala Library Release' app to bypass the branch protection.)

To require CI checks to pass before merge:
* Create a second ruleset in your repo with the 'Branch protection' property 'Require status checks to pass' -> 'Require branches to be up to date before merging'.
* Type your repo's workflow name(s) (not to be confused with the filename) into the 'Status checks that are required' box. For example, if your repo has a CI workflow with the name 'CI', then the setting would look like this:
![status_checks.png](images/status_checks.png)
* Add your app (e.g. 'Gu Scala Library Release') to the ruleset bypass list.

### To enable your repo to access the GitHub App
* Add your repo to the repository access list of your app (e.g. 'Gu Scala Library Release'). A GitHub admin is required for this).
2 changes: 2 additions & 0 deletions github.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ Particularly when [continuous delivery] is configured, branch protection reduces
- Require branches to be up to date before merging
- Include administrators

If you need to disable branch protection, e.g. in order to use the [Scala release workflow](https://github.com/guardian/gha-scala-library-release-workflow), you should [re-enable protection via rulesets](github-rulesets.md), which allow for protection to be bypassed in certain specific cases.

### Access
Access should be granted to [GitHub teams][gh-teams]. Avoid individual access.

Expand Down
Binary file added images/status_checks.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.