feat: add qnx environment to all relevant repos

[AlexanderLanin]

Specifically add qnx environment to:

• all dependeable element repos
• all repos that currently have access to the QNX secrets

[eclipse-otterdog]

Thank you for raising a pull request to update the configuration of your GitHub organization.
You can manually add reviewers to this PR to eventually enable auto-merging.

The following conditions need to be fulfilled for auto-merging to be available:

• valid configuration
• approved by a project lead
• does not require any secrets
• does not update settings only accessible via the GitHub Web UI
• does not remove any resource

Otterdog commands and options

You can trigger otterdog actions by commenting on this PR:

• /otterdog team-info checks the team / org membership for the PR author
• /otterdog validate validates the configuration change
• /otterdog validate info validates the configuration change, printing also validation infos
• /otterdog check-sync checks if the base ref is in sync with live settings
• /otterdog merge merges and applies the changes if the PR is eligible for auto-merging (only accessible for the author)
• /otterdog done notifies the self-service bot that a required manual apply operation has been performed (only accessible for members of the admin team)
• /otterdog apply re-apply a previously failed attempt (only accessible for members of the admin team)

[eclipse-otterdog]

The author (AlexanderLanin) of this PR is associated with this organization in the role of MEMBER.

Additionally, AlexanderLanin is a member of the following teams:

• automotive-score-committers

• automotive-score-security

• cft-orchestration

• cft-feo

• infrastructure-maintainers

[eclipse-otterdog]

Please find below the validation of the requested configuration changes:

Diff for 48531da

Project automotive.score[github_id=eclipse-score]
  there have been 33 validation infos, enable verbose output to display them.

  
!   environment[name="workflow-approval", repository=baselibs] {
!     wait_timer = 1 -> 0
!   }

  
!   environment[name="workflow-approval", repository=baselibs_rust] {
!     wait_timer = 1 -> 0
!   }

+  add environment[name="workflow-approval", repository=bazel-tools-cc] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=bazel-tools-python] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=bazel_cpp_toolchains] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=feo] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=ferrocene_toolchain_builder] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_abi_compatible_datatypes] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_ai_platform] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_config_management] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_daal] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_diagnostics] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_gen_ai] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_json] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_os_autosd] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_security_crypto] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_someip_gateway] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=inc_time] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=kyron] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=lifecycle] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=logging] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=orchestrator] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

  
!   environment[name="workflow-approval", repository=persistency] {
!     wait_timer = 1 -> 0
!   }

+  add environment[name="workflow-approval", repository=reference_integration] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

+  add environment[name="workflow-approval", repository=rules_imagefs] {
+    deployment_branch_policy = "all"
+    name                     = "workflow-approval"
+    reviewers                = [
+      "@eclipse-score/automotive-score-committers"
+    ],
+    wait_timer               = 0
+  }

  
!   environment[name="workflow-approval", repository=scrample] {
!     wait_timer = 1 -> 0
!   }

  
!   environment[name="workflow-approval", repository=toolchains_qnx] {
!     wait_timer = 1 -> 0
!   }
  
  Plan: 22 to add, 5 to change, 0 to delete.

[eclipse-otterdog]

Note

The current configuration is out-of-sync with the live settings:

Diff to live settings

Project automotive.score[github_id=eclipse-score]
  there have been 33 validation infos, enable verbose output to display them.

-  remove environment[name="workflow-approval", repository=reference_integration] {
-    deployment_branch_policy = "all"
-    name                     = "workflow-approval"
-    reviewers                = []
-    wait_timer               = 0
-  }

  
!   repository[name="baselibs"] {
!     code_scanning_default_setup_enabled = true -> false
!   }

+  add repo_ruleset[name="Restrict Release Creation to Code Owners", repository=communication] {
+    allows_creations                    = false
+    allows_deletions                    = false
+    allows_force_pushes                 = false
+    allows_updates                      = false
+    bypass_actors                       = [
+      "@eclipse-score/codeowner-lola"
+    ],
+    enforcement                         = "active"
+    exclude_refs                        = []
+    include_refs                        = [
+      "refs/tags/*"
+    ],
+    name                                = "Restrict Release Creation to Code Owners"
+    required_pull_request               = {
+      dismisses_stale_reviews             = false
+      required_approving_review_count     = 2
+      requires_code_owner_review          = false
+      requires_last_push_approval         = false
+      requires_review_thread_resolution   = false
+    }
+    required_status_checks              = {
+      do_not_enforce_on_create            = false
+      status_checks                       = [
+        "eclipse-eca-validation:eclipsefdn/eca"
+      ],
+      strict                              = false
+    }
+    requires_commit_signatures          = false
+    requires_deployments                = false
+    requires_linear_history             = false
+    target                              = "tag"
+  }

-  remove environment[name="workflow-approval", repository=orchestrator] {
-    deployment_branch_policy = "all"
-    name                     = "workflow-approval"
-    reviewers                = []
-    wait_timer               = 0
-  }

  
!   repository[name="testing_tools"] {
!     code_scanning_default_languages = [
-      "actions"
!     ]
!   }

-  remove environment[name="workflow-approval", repository=lifecycle] {
-    deployment_branch_policy = "all"
-    name                     = "workflow-approval"
-    reviewers                = []
-    wait_timer               = 0
-  }

-  remove environment[name="workflow-approval", repository=logging] {
-    deployment_branch_policy = "all"
-    name                     = "workflow-approval"
-    reviewers                = []
-    wait_timer               = 0
-  }

-  remove environment[name="workflow-approval", repository=inc_someip_gateway] {
-    deployment_branch_policy = "all"
-    name                     = "workflow-approval"
-    reviewers                = []
-    wait_timer               = 0
-  }

-  remove environment[name="workflow-approval", repository=kyron] {
-    deployment_branch_policy = "all"
-    name                     = "workflow-approval"
-    reviewers                = []
-    wait_timer               = 0
-  }
  
  Plan: 1 to add, 2 to change, 6 to delete.

[Copilot]

Pull request overview

This PR updates the Otterdog organization configuration to introduce a shared “QNX approval” environment setup and apply it across dependable element repositories and other repos that have access to QNX org secrets.

Changes:

• Introduces qnx_enabled_repos and qnx_environments locals to centralize QNX-related repo selection and environment configuration.
• Applies workflow-approval environment to dependable element repos via newDependableElementRepo, and to additional QNX-secret-enabled repos explicitly.
• Refactors several repository definitions to use newDependableElementRepo and deduplicates org secret selected_repositories definitions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[AlexanderLanin]

@dcalavrezo-qorix please review jsonnet for structure, readability etc AND the Diff as printed above.

[dcalavrezo-qorix]

LGTM

[AlexanderLanin]

@antonkri please review the Diff as printed above.

[dcalavrezo-qorix]

@AlexanderLanin but the diff to LIVE seems worrying , those aren't NO-OPs in the end, or

[AlexanderLanin]

diff to live is not our problem :-)

[antonkri]

@kairoaraujo , @eclipse-score/eclipsefdn-security please approve and merge

[AlexanderLanin]

/otterdog merge