Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/benjefferies/branch-protection-bot
A bot tool to disable and re-enable "Include administrators" option in branch protection
https://github.com/benjefferies/branch-protection-bot
actions bot branch branch-protection ci github github-actions protection
Last synced: about 1 month ago
JSON representation
A bot tool to disable and re-enable "Include administrators" option in branch protection
- Host: GitHub
- URL: https://github.com/benjefferies/branch-protection-bot
- Owner: benjefferies
- License: mit
- Created: 2019-11-12T13:39:56.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-05-21T06:59:57.000Z (7 months ago)
- Last Synced: 2024-09-19T08:02:09.904Z (3 months ago)
- Topics: actions, bot, branch, branch-protection, ci, github, github-actions, protection
- Language: Python
- Homepage:
- Size: 193 KB
- Stars: 72
- Watchers: 3
- Forks: 19
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-actions - Branch Protection Bot - Temporarily disable and re-enable "Include administrators" option in branch protection. (Community Resources / Utility)
- fucking-awesome-actions - Branch Protection Bot - Temporarily disable and re-enable "Include administrators" option in branch protection. (Community Resources / Utility)
- awesome-ccamel - benjefferies/branch-protection-bot - A bot tool to disable and re-enable "Include administrators" option in branch protection (Python)
- awesome-workflows - Branch Protection Bot - Temporarily disable and re-enable "Include administrators" option in branch protection. (Community Resources / Utility)
README
# Branch Protection Bot
A bot tool to temporarily disable and re-enable `Do not allow bypassing the above settings` option in branch protectionGithub doesn't have a way to give a Bot access to override the branch protection, specifically if you [Do not allow bypassing the above settings](https://github.com/isaacs/github/issues/1390).
The only possible solution is to disable the `Do not allow bypassing the above settings` option. This increases risk of accidental pushes to master from administrators (I've done it a few times).
This tool doesn't completely solve the problem of accidents happening but reduces the chances by closing the window.The intended use of this tool is to is in a CI/CD pipeline where you require temporary access to allow a administrator Bot push to a branch.
[Tutorial](https://www.turfemon.com/bump-version-protected-branch-github-actions)
## How it works
1. Your automated pipeline is kicked off
1. Before you push to github you run this tool to disable `Do not allow bypassing the above settings`
1. Push to the repository
1. After you push to github you run this tool to enable `Do not allow bypassing the above settings`## Example usage
### Docker
```
docker run -e ACCESS_TOKEN=abc123 -e BRANCH=master -e REPO=branch-protection-bot -e OWNER=benjefferies benjjefferies/branch-protection-bot
```### Github Actions
```
- name: Temporarily disable "Do not allow bypassing the above settings" branch protection
uses: benjefferies/branch-protection-bot@master
if: always()
with:
access_token: ${{ secrets.ACCESS_TOKEN }}
branch: ${{ github.event.repository.default_branch }}
- name: Deploy
run: |
mvn release:prepare -B
mvn release:perform -B
- name: Enable "Do not allow bypassing the above settings" branch protection
uses: benjefferies/branch-protection-bot@master
if: always() # Force to always run this step to ensure "Do not allow bypassing the above settings" is always turned back on
with:
access_token: ${{ secrets.ACCESS_TOKEN }}
owner: benjefferies
repo: branch-protection-bot
branch: ${{ github.event.repository.default_branch }}
```#### Inputs
##### `access_token`
**Required** Github access token. https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line. See [issue](https://github.com/benjefferies/branch-protection-bot/issues/9#issuecomment-1637223088) for required permissions
##### `owner`
For example benjefferies for https://github.com/benjefferies/branch-protection-bot. If not set with repo GITHUB_REPOSITORY variable will be used
##### `repo`
For example branch-protection-bot for https://github.com/benjefferies/branch-protection-bot. If not set with repo GITHUB_REPOSITORY variable will be used
##### `branch`
Branch name. Default `"master"`
##### `retries`
Number of times to retry before exiting. Default `5`.
##### `enforce_admins`
If you want to pin the state of `Do not allow bypassing the above settings` for a step in the workflow.
#### Outputs
##### `initial_status`
Output the current branch protection status of `Do not allow bypassing the above settings` prior to any change.
You can retrieve it from any next step in your job using: `${{ steps.disable_include_admins.outputs.initial_status }}`.
This would help you to restore the initial setting this way:```yaml
steps:
- name: "Temporarily disable 'Do not allow bypassing the above settings' default branch protection"
id: disable_include_admins
uses: benjefferies/branch-protection-bot@master
if: always()
with:
access_token: ${{ secrets.ACCESS_TOKEN }}
branch: ${{ github.event.repository.default_branch }}
enforce_admins: false
- ...- name: "Restore 'Do not allow bypassing the above settings' default branch protection"
uses: benjefferies/branch-protection-bot@master
if: always() # Force to always run this step to ensure "Do not allow bypassing the above settings" is always turned back on
with:
access_token: ${{ secrets.ACCESS_TOKEN }}
branch: ${{ github.event.repository.default_branch }}
enforce_admins: ${{ steps.disable_include_admins.outputs.initial_status }}
```## Github repository settings
The Bot account must be an administrator.