在组织级别的Github中启用分支保护规则

时间:2019-01-16 18:06:10

标签: github github-api branching-strategy

是否可以在Github中的组织级别启用分支保护规则,以便该组织的所有存储库部分都为应用的分支继承这些规则。现在,在每个仓库中为相同的分支机构启用相同的规则组确实很麻烦。

4 个答案:

答案 0 :(得分:1)

我使用一个简单的ruby脚本来工作,该脚本利用了GitHub API:-

require "json"
require "logger"

LOGGER = Logger.new(STDOUT)

def run(cmd)
  LOGGER.debug("Running: #{cmd}")
  output = `#{cmd}`
  raise "Error: #{$?}" unless $?.success?
  output
end


def repos(page = 1, list = [])
  cmd = %Q{curl -s --user "user:pwd" https://github_url/api/v3/orgs/org_name/repos?page=#{page}}
  data = JSON.parse(run(cmd))
  list.concat(data)
  repos(page + 1, list) unless data.empty?
  list
end

repos.each do |repo|
  require 'net/http'
require 'uri'
require 'json'

uri = URI.parse("https://github_url/api/v3/repos/org_name/#{repo["name"]}/branches/master/protection")
request = Net::HTTP::Put.new(uri)
request.basic_auth("user", "pwd")
request["Accept"] = "application/vnd.github.luke-cage-preview+jso"
request.body = JSON.dump({
  "required_status_checks" => {
    "strict" => true,
    "contexts" => [
      "continuous-integration/travis-ci"
    ]
  },
  "enforce_admins" => true,
  "required_pull_request_reviews" => {
    "dismiss_stale_reviews" => true
  },
  "restrictions" => nil
})

req_options = {
  use_ssl: uri.scheme == "https",
}

response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
  http.request(request)
end
end

答案 1 :(得分:1)

从@Ashley的答案中提取出来,对其进行了一些更新,并稍作更改以反映当前Github的API URL,并添加了使用GITHUB_ORGGITHUB_ACCESS_TOKEN环境变量的自定义。

require "json"
require "logger"

$org = ENV["GITHUB_ORG"]
$token = ENV["GITHUB_ACCESS_TOKEN"]

LOGGER = Logger.new(STDOUT)

def run(cmd)
  LOGGER.debug("Running: #{cmd}")
  output = `#{cmd}`
  raise "Error: #{$?}" unless $?.success?
  output
end


def repos(page = 1, list = [])
  cmd = %Q{curl -s -u dummy:#{$token} https://api.github.com/orgs/#{$org}/repos?page=#{page}}
  data = JSON.parse(run(cmd))
  list.concat(data)
  repos(page + 1, list) unless data.empty?
  list
end

repos.each do |repo|
p(repo["name"])
  require 'net/http'
require 'uri'
require 'json'

uri = URI.parse("https://api.github.com/repos/#{$org}/#{repo["name"]}/branches/master/protection")
request = Net::HTTP::Put.new(uri)
request.basic_auth("dummy", $token)
request["Accept"] = "application/vnd.github.luke-cage-preview+jso"
request.body = JSON.dump({
  "required_status_checks" => {
    "strict" => true,
    "contexts" => []
  },
  "enforce_admins" => true,
  "required_pull_request_reviews" => {
    "dismiss_stale_reviews" => true
  },
  "restrictions" => nil
})

req_options = {
  use_ssl: uri.scheme == "https",
}

response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
  http.request(request)
end
p(response)
end

答案 2 :(得分:0)

您应该尝试将Github API的update branch protection端点与某种自动化过程结合使用,以将分支机构保护规则应用于组织中的所有新分支机构。

PUT /repos/:owner/:repo/branches/:branch/protection

答案 3 :(得分:0)

您可以对Datree.io之类的服务器端git-hooks使用集中式解决方案。 它具有内置策略,例如:

  1. Enforce branch protection,用于所有当前和以后创建的仓库-防止主分支删除并强制推送。
  2. Enforce pull request flow在所有存储库(包括将来创建的存储库)的默认分支上-防止在没有拉取请求和检查的情况下直接提交给master。

该产品会主动更改现有存储库的GitHub设置,并为将来创建的存储库强制执行设置。

免责声明:我是Datree联合创始人之一

相关问题
最新问题