I have set up some Github actions workflows in my repo and want to require some of them to pass before a PR can be merged into the main branch. Therefore I selected these actions in branch protection rules, but these do not seem to apply. Only the styleci and appveyor checks are marked as required. All actions are not.
Any ideas what I am missing?
Example PR
Screenshot from settings
Thanks
Seems like Github does support emojis in job names, but does not support matching jobs as required, when there are emojis in job names. Removing the emojis makes the jobs look less nice, but makes the branch protection rules work. 😥
Related
I am working on a repo where I am the owner and only author in it.
I want to have in my repo the same behavior as I would when working with a team that protects my branch from direct commits as they must go through a Pull Request. The reason for doing so is to protect from my own mistakes as I sometimes go back to main branch and accidentally push code to it. I want only code that passed through a Pull Request to be able to be merged to main branch.
In order to achieve such behavior I added the following rule to my main branch -
Which is almost what I need, expect that I am locked without the ability to approve my PR's as there is a message I get saying authors of the PR can't approve their PR's - a logical error nonetheless, but if I am working alone in the repo this is not what I am looking for.
How can I achieve what I am looking for?
Simply disable "Require approvals" (the second checkbox in your screenshot), you will still be required to create a PR.
You can merge your own PRs, the only thing you cannot do is to approve your own work (after all: why would you? Hopefully you deem your own changes good!)
I have a GiHub repository with GitHub actions based workflow (/.github/workflows/build.yml) to do CI builds.
I am from the DevOps team, my case, folks from development team are not allowed to change CI pipelines, they can change whatever they want on a feature branch except “/.github/workflows/build.yml”.
How to prevent a developer changing GitHib workflow to see his app changes passing through different type of integration build quality checks ?
Is there any better approach to achieve this other than options mentioned below ?
1] Through PR reviews
2] Script/automation to validate PR to see if dev did any changes to (/.github/workflows/build.yml
With code owners you can specify who is allowed to modify certain files like so:
# .github/CODEOWNERS
.github/workflows/build.yml #myorg/devops-team
Somewhat off-topic, but note that Toughtworks does not recommend to separate code and pipeline ownership:
[..] in general we find it painful and unhelpful.
I am looking to create Github repos with branch protection such that any merges to main branch requires certain checks to pass. We bootstrap Github repositories using code. The issue I am facing is to enable branch protection these checks need to exist beforehand. I have tried creating a webhook on push and added code to create checks and then add rule for branch protection but this way there is a small amount of time where there is no check and anyone can merge in this time. Can someone suggest what I can do to avoid this. Thanks!
Is there any way that let's me restrict merging two branches if one has less code coverage than what is expected? I use jest and added coverageThreshold in package.json file. But even though the coverage was less when I ran coverage, the branch was allowed to merge.
Couldn't find anything in Github settings for branch protection as well.
Branch protection rules are under Settings>Branches for the repo.
To add code coverage requirements, like anything else, you need to add pass/fail statuses to the github actions (or if you use a separate system like Jenkins, that needs to register statuses) and then say that the statuses are required in the rule. Not sure if you can do that on all github plans.
I am looking for a way by GitHub setting or CircleCI settings preventing the person that is involved in PR (create PR or make a commit) to be able to merge PR (or even approve it).
So far I have the protection of a branch that requires approvals but post-approval I as PR creator and committer I still able to merge.
You need to be able to
prevent the person that is involved in PR (create PR or make a commit) to be able to merge PR (or even approve it)
A contributor who has created a PR cannot approve or request changes by default in GitHub, so that is already taken care of.
Since a Pull Request is a GitHub feature, a PR merge can currently only be blocked by 2 ways
Using GitHub's settings
Using pre-receive hooks (only for GitHub Enterprise)
Using GitHub's settings, you can only block merging by requiring either pull request reviews, status checks to pass, signed commits or linear history as shown under the branch protection settings.
or by allowing merge commits, squash merging or rebase merging as shown in the Merge button section under repo settings
If you are on GitHub Enterprise, you can use a pre-receive hook (documentation) like below and ensure that self merging PRs are blocked (This eg is here)
if [[ "$GITHUB_VIA" = *"merge"* ]] && [[ "$GITHUB_PULL_REQUEST_AUTHOR_LOGIN" = "$GITHUB_USER_LOGIN" ]]; then
echo "Blocking merging of your own pull request."
exit 1
fi
exit 0
Apart from the above, there is no other way currently to block self merging PRs on GitHub. And using CircleCI or any other CI workflow can only block merging for everybody(if you opt for the requirement of status checks on GitHub) or nobody, as it can't control the PR merge button.
Greeting! The short answer is no. Now the longer answer! GitHub supports enabling master branch protection. This can help you enforce all kinds of rules like:
All PRs must have a code review before being merged
The reviewers of the code need to be an admin
The reviewers of the code need to be in a CODEOWNERS file
A subset of status checks all need to pass
For all of these rules, the assumption is that once they've been satisfied, anyone with write access to the repository can merge the PR. I'm curious - in what situation do you want to prevent that?
Now onto the bad ideas. If this was super important - you could take the drastic step of ensuring no human is responsible for merging PRs :) You could add a codeowner that is mapped to a robot account, ensuring that robot account performs an approval before the PR can merge. To that end, you could write logic in a custom GitHub action that's triggered on PR events to determine if the PR should be merged, and auto-merge it if all appropriate conditions are met.
I'm curious - why is this something you wanna do?
I've built an Action to provide this; should work on GitHub.com, GHEC, and GHES: https://github.com/marketplace/actions/dismiss-code-reviews-from-collaborators
As always, Issues & PRs are welcomed: https://github.com/peckjon/reject-pr-approval-from-committer