Is there any way that let's me restrict merging two branches if one has less code coverage than what is expected? I use jest and added coverageThreshold in package.json file. But even though the coverage was less when I ran coverage, the branch was allowed to merge.
Couldn't find anything in Github settings for branch protection as well.
Branch protection rules are under Settings>Branches for the repo.
To add code coverage requirements, like anything else, you need to add pass/fail statuses to the github actions (or if you use a separate system like Jenkins, that needs to register statuses) and then say that the statuses are required in the rule. Not sure if you can do that on all github plans.
Related
We are using Azure Devops to store our repo (Git) and run a pipeline.
The project type is .Net.
On recent PR that trigger pipeline, we noticed the pipeline failed because the developer removed a necessary file (PS script file).
Is there a way to prevent it -> somehow define that the pipeline will always "guard" some files in the main, and not let them be modified from other branches?
You can get really close to your goal by adding a branch policy called Automatic Code Reviewers based on specific files or directories. You can set the reviewer to a specific person or group of people, and any time a PR is modifying the "protected" file(s) the PR will not be able to be completed until one of those people approves the PR. If none of those people approve it the PR will not get completed. The nice thing about this is when you purposefully do wish to modify the file(s), you still can, but you just need to request that a certain group of people also approve the PR.
Tip: I recommend using groups for automatic code reviewers instead of specific people, even if the group has only one person in it. That way an admin can add/remove people from that group as needed, for example when certain people who normally approve the PRs are on out of office. It feels a little cleaner to adjust group membership temporarily, than to adjust the branch policies themselves on a regular basis.
I have a GiHub repository with GitHub actions based workflow (/.github/workflows/build.yml) to do CI builds.
I am from the DevOps team, my case, folks from development team are not allowed to change CI pipelines, they can change whatever they want on a feature branch except “/.github/workflows/build.yml”.
How to prevent a developer changing GitHib workflow to see his app changes passing through different type of integration build quality checks ?
Is there any better approach to achieve this other than options mentioned below ?
1] Through PR reviews
2] Script/automation to validate PR to see if dev did any changes to (/.github/workflows/build.yml
With code owners you can specify who is allowed to modify certain files like so:
# .github/CODEOWNERS
.github/workflows/build.yml #myorg/devops-team
Somewhat off-topic, but note that Toughtworks does not recommend to separate code and pipeline ownership:
[..] in general we find it painful and unhelpful.
I am looking to create Github repos with branch protection such that any merges to main branch requires certain checks to pass. We bootstrap Github repositories using code. The issue I am facing is to enable branch protection these checks need to exist beforehand. I have tried creating a webhook on push and added code to create checks and then add rule for branch protection but this way there is a small amount of time where there is no check and anyone can merge in this time. Can someone suggest what I can do to avoid this. Thanks!
Suppose we have a large GitHub repo with many contributors. Is it possible to force contributions via PR for all files in the repo except for a few files which can be immediately pushed to main by the contributor?
Use case: suppose 95% of the PRs to the repo are for changes to README.md or CHANGELOG; things you know will not cause any impact on customers if there's a bug or problem, then it may make sense to allow these PRs to be merged without inspection or manual work from a maintainer (or possibly even without raising a PR which triggers notifications to 'watchers'). Can this be achieved?
I have set up some Github actions workflows in my repo and want to require some of them to pass before a PR can be merged into the main branch. Therefore I selected these actions in branch protection rules, but these do not seem to apply. Only the styleci and appveyor checks are marked as required. All actions are not.
Any ideas what I am missing?
Example PR
Screenshot from settings
Thanks
Seems like Github does support emojis in job names, but does not support matching jobs as required, when there are emojis in job names. Removing the emojis makes the jobs look less nice, but makes the branch protection rules work. 😥