Is it possible to enable branch protection rules at the organisation level in Github so that all repositories part of that organisation inherit these rules for the applied branches. Right now its really a hassle to enable those same set of rules on a per repo basis for same set of branches.
Enable branch protection rules in Github at the Organisation level
Asked Answered
I got it to work using a simple ruby script that makes use of the GitHub APIs :-
require "json"
require "logger"
LOGGER = Logger.new(STDOUT)
def run(cmd)
LOGGER.debug("Running: #{cmd}")
output = `#{cmd}`
raise "Error: #{$?}" unless $?.success?
output
end
def repos(page = 1, list = [])
cmd = %Q{curl -s --user "user:pwd" https://github_url/api/v3/orgs/org_name/repos?page=#{page}}
data = JSON.parse(run(cmd))
list.concat(data)
repos(page + 1, list) unless data.empty?
list
end
repos.each do |repo|
require 'net/http'
require 'uri'
require 'json'
uri = URI.parse("https://github_url/api/v3/repos/org_name/#{repo["name"]}/branches/master/protection")
request = Net::HTTP::Put.new(uri)
request.basic_auth("user", "pwd")
request["Accept"] = "application/vnd.github.luke-cage-preview+jso"
request.body = JSON.dump({
"required_status_checks" => {
"strict" => true,
"contexts" => [
"continuous-integration/travis-ci"
]
},
"enforce_admins" => true,
"required_pull_request_reviews" => {
"dismiss_stale_reviews" => true
},
"restrictions" => nil
})
req_options = {
use_ssl: uri.scheme == "https",
}
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
http.request(request)
end
end
I took this code as a base, made a few adjustments and now it works great, thanks Ashley –
Recall
Taken from @Ashley 's answers, updated it a bit, with a slight change to reflect current Github's API URLs and, added customization using GITHUB_ORG and GITHUB_ACCESS_TOKEN environment variables.
require "json"
require "logger"
$org = ENV["GITHUB_ORG"]
$token = ENV["GITHUB_ACCESS_TOKEN"]
LOGGER = Logger.new(STDOUT)
def run(cmd)
LOGGER.debug("Running: #{cmd}")
output = `#{cmd}`
raise "Error: #{$?}" unless $?.success?
output
end
def repos(page = 1, list = [])
cmd = %Q{curl -s -u dummy:#{$token} https://api.github.com/orgs/#{$org}/repos?page=#{page}}
data = JSON.parse(run(cmd))
list.concat(data)
repos(page + 1, list) unless data.empty?
list
end
repos.each do |repo|
p(repo["name"])
require 'net/http'
require 'uri'
require 'json'
uri = URI.parse("https://api.github.com/repos/#{$org}/#{repo["name"]}/branches/master/protection")
request = Net::HTTP::Put.new(uri)
request.basic_auth("dummy", $token)
request["Accept"] = "application/vnd.github.luke-cage-preview+jso"
request.body = JSON.dump({
"required_status_checks" => {
"strict" => true,
"contexts" => []
},
"enforce_admins" => true,
"required_pull_request_reviews" => {
"dismiss_stale_reviews" => true
},
"restrictions" => nil
})
req_options = {
use_ssl: uri.scheme == "https",
}
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
http.request(request)
end
p(response)
end
You should try using the Github API's update branch protection endpoint with some kind of automated process to apply branch protection rules to all new branches in your organization.
PUT /repos/:owner/:repo/branches/:branch/protection
Thanks for the response. I could use API to successfully enable branch protection one of the branches in one of the repos but how to achieve that for all repos and a set of branches within each repo using it. Any suggestions? –
Silvan
You could use the
GET /orgs/:org/repos endpoint to get all repos in your org, and then use GET /repos/:owner/:repo/branches to get all branches of that repo. Then, combine this with PUT /repos/:owner/:repo/branches/:branch/protection to protect all branches of all repos in your org. Does that make sense? –
Tenebrous © 2022 - 2024 — McMap. All rights reserved.