adding new parameter BRANCH_PROTECTION_ENABLED (#9)

kbrashears5 · web-flow · commit 4e07e64f17de · 2022-07-25T19:07:32.000-05:00
* support for branch protection enabled

* switching to string check

* cleanup
diff --git a/README.md b/README.md
@@ -43,7 +43,8 @@ jobs:
           REBASE_MERGE: 'true'
           AUTO_MERGE: 'false'
           DELETE_HEAD: 'false'
-          BRANCH_PROTECTION_NAME: 'master'
+          BRANCH_PROTECTION_ENABLED: true
+          BRANCH_PROTECTION_NAME: 'main'
           BRANCH_PROTECTION_REQUIRED_REVIEWERS: '1'
           BRANCH_PROTECTION_DISMISS: 'true'
           BRANCH_PROTECTION_CODE_OWNERS: 'true'
@@ -63,6 +64,7 @@ jobs:
 | REBASE_MERGE | false | true | Whether or not to allow rebase merges on the repo |
 | AUTO_MERGE | false | false | Whether or not to allow auto-merge on the repo |
 | DELETE_HEAD | false | false | Whether or not to delete head branch after merges |
+| BRANCH_PROTECTION_ENABLED | false | false | Whether or not to enable branch protection |
 | BRANCH_PROTECTION_NAME | false | 'master' | Branch name pattern for branch protection rule |
 | BRANCH_PROTECTION_REQUIRED_REVIEWERS | false | 1 | Number of required reviewers for branch protection rule |
 | BRANCH_PROTECTION_DISMISS | false | true | Dismiss stale pull request approvals when new commits are pushed |
diff --git a/action.yml b/action.yml
@@ -41,10 +41,14 @@ inputs:
     description: 'Whether or not to delete head branch after merges'
     required: false
     default: 'false'
+  BRANCH_PROTECTION_ENABLED:
+    description: 'Whether or not to enable branch protection'
+    required: false
+    default: 'false'
   BRANCH_PROTECTION_NAME:
     description: 'Branch name pattern for branch protection rule'
     required: false
-    default: 'master'
+    default: 'main'
   BRANCH_PROTECTION_REQUIRED_REVIEWERS:
     description: 'Number of required reviewers for branch protection rule'
     required: false
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -33,6 +33,8 @@ AUTO_MERGE=$INPUT_AUTO_MERGE
 echo "Auto-Merge             : $AUTO_MERGE"
 DELETE_HEAD=$INPUT_DELETE_HEAD
 echo "Delete Head            : $DELETE_HEAD"
+BRANCH_PROTECTION_ENABLED=$INPUT_BRANCH_PROTECTION_ENABLED
+echo "Branch Protection      : $BRANCH_PROTECTION_ENABLED"
 BRANCH_PROTECTION_NAME=$INPUT_BRANCH_PROTECTION_NAME
 echo "Branch Protection Name : $BRANCH_PROTECTION_NAME"
 BRANCH_PROTECTION_REQUIRED_REVIEWERS=$INPUT_BRANCH_PROTECTION_REQUIRED_REVIEWERS
@@ -114,31 +116,41 @@ for repository in "${REPOSITORIES[@]}"; do
 
     echo " "
 
-    echo "Setting [${BRANCH_PROTECTION_NAME}] branch protection rules"
-    
-    # the argjson instead of just arg lets us pass the values not as strings
-    jq -n \
-    --argjson enforceAdmins $BRANCH_PROTECTION_ENFORCE_ADMINS \
-    --argjson dismissStaleReviews $BRANCH_PROTECTION_DISMISS \
-    --argjson codeOwnerReviews $BRANCH_PROTECTION_CODE_OWNERS \
-    --argjson reviewCount $BRANCH_PROTECTION_REQUIRED_REVIEWERS \
-    '{
-        required_status_checks:null,
-        enforce_admins:$enforceAdmins,
-        required_pull_request_reviews:{
-            dismiss_stale_reviews:$dismissStaleReviews,
-            require_code_owner_reviews:$codeOwnerReviews,
-            required_approving_review_count:$reviewCount
-        },
-        restrictions:null
-    }' \
-    | curl -d @- \
-        -X PUT \
-        -H "Accept: application/vnd.github.luke-cage-preview+json" \
-        -H "Content-Type: application/json" \
-        -u ${USERNAME}:${GITHUB_TOKEN} \
-        --silent \
-        ${GITHUB_API_URL}/repos/${repository}/branches/${BRANCH_PROTECTION_NAME}/protection
+    if [ "$BRANCH_PROTECTION_ENABLED" == "true" ]; then
+        echo "Setting [${BRANCH_PROTECTION_NAME}] branch protection rules"
+        
+        # the argjson instead of just arg lets us pass the values not as strings
+        jq -n \
+        --argjson enforceAdmins $BRANCH_PROTECTION_ENFORCE_ADMINS \
+        --argjson dismissStaleReviews $BRANCH_PROTECTION_DISMISS \
+        --argjson codeOwnerReviews $BRANCH_PROTECTION_CODE_OWNERS \
+        --argjson reviewCount $BRANCH_PROTECTION_REQUIRED_REVIEWERS \
+        '{
+            required_status_checks:null,
+            enforce_admins:$enforceAdmins,
+            required_pull_request_reviews:{
+                dismiss_stale_reviews:$dismissStaleReviews,
+                require_code_owner_reviews:$codeOwnerReviews,
+                required_approving_review_count:$reviewCount
+            },
+            restrictions:null
+        }' \
+        | curl -d @- \
+            -X PUT \
+            -H "Accept: application/vnd.github.luke-cage-preview+json" \
+            -H "Content-Type: application/json" \
+            -u ${USERNAME}:${GITHUB_TOKEN} \
+            --silent \
+            ${GITHUB_API_URL}/repos/${repository}/branches/${BRANCH_PROTECTION_NAME}/protection
+    else
+        curl \
+            -X DELETE \
+            -H "Accept: application/vnd.github.luke-cage-preview+json" \
+            -H "Content-Type: application/json" \
+            -u ${USERNAME}:${GITHUB_TOKEN} \
+            --silent \
+            ${GITHUB_API_URL}/repos/${repository}/branches/${BRANCH_PROTECTION_NAME}/protection
+    fi
 
     echo "Completed [${repository}]"
     echo "::endgroup::"
