Merge pull request #222 from empty-codes/Feature-Improve-branch-prote…

…ctions Migrate branch protections configuration to YAML
creativecommons · Oct 3, 2024 · fbd4764 · fbd4764
2 parents 6984e99 + 74c4b79
commit fbd4764
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 31 deletions.
diff --git a/ccos/norm/branch_protections.py b/ccos/norm/branch_protections.py
diff --git a/ccos/norm/branch_protections.yml b/ccos/norm/branch_protections.yml
@@ -0,0 +1,21 @@
+EXEMPT_REPOSITORIES:
+  # special purpose repo
+  - australian-chapter
+  # exempted for bot pushes to default branch
+  - creativecommons.github.io-source
+  # exempted for bot pushes to default branch
+  - creativecommons.github.io
+  # special purpose repo
+  - global-network-strategy
+  # special purpose repo
+  - network-platforms
+  # exempted for bot pushes to default branch
+  - quantifying
+  # special purpose repo
+  - sre-wiki-js
+  # special purpose repo
+  - tech-support
+
+REQUIRED_STATUS_CHECK_MAP:
+  creativecommons.github.io-source:
+    - Build and Deploy CC Open Source
diff --git a/normalize_repos.py b/normalize_repos.py
@@ -17,7 +17,6 @@
 # First-party/Local
 import ccos.log
 from ccos import gh_utils
-from ccos.norm import branch_protections
 from ccos.norm.get_labels import get_labels, get_required_label_groups
 from ccos.norm.set_labels import set_labels
 from ccos.norm.validate_issues import validate_issues
@@ -93,6 +92,12 @@ def is_engineering_project(repo):
     return metadata.get("engineering_project", False)
 
 
+def load_branch_protection_config():
+    with open("ccos/norm/branch_protections.yml", "r") as file:
+        config = yaml.safe_load(file)
+    return config
+
+
 def update_branch_protection(repo):
     try:
         default_branch = repo.get_branch(repo.default_branch)
@@ -102,22 +107,20 @@ def update_branch_protection(repo):
             return
         else:
             raise
-    if (
-        repo.name not in branch_protections.EXEMPT_REPOSITORIES
-        and is_engineering_project(repo)
-    ):
+    config = load_branch_protection_config()
+    exempt_repositories = config["EXEMPT_REPOSITORIES"]
+    required_status_check_map = config["REQUIRED_STATUS_CHECK_MAP"]
+    if repo.name not in exempt_repositories and is_engineering_project(repo):
         LOG.info(f"{repo.name}: updating branch protections")
         # The following empty *_bypass_pull_request_allowance arguments ensure
         # the required bypass_pull_request_allowances API parameter is
         # populated:
         # https://docs.github.com/rest/branches/branch-protection#update-branch-protection
-        if repo.name in branch_protections.REQUIRED_STATUS_CHECK_MAP:
+        if repo.name in required_status_check_map:
             default_branch.edit_protection(
                 required_approving_review_count=1,
                 user_push_restrictions=[],
-                contexts=branch_protections.REQUIRED_STATUS_CHECK_MAP[
-                    repo.name
-                ],
+                contexts=required_status_check_map[repo.name],
                 users_bypass_pull_request_allowances=[],
                 teams_bypass_pull_request_allowances=[],
                 apps_bypass_pull_request_allowances=[],