Skip to content

Add all-repository ruleset bypass actors #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bruzina merged 2 commits into from
Jul 6, 2025
Merged

Add all-repository ruleset bypass actors #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e2479c5
fix: main branch ruleset shouldn't prevent pull request merges
bruzina Jul 5, 2025
64ba2b9
feat: all-repository ruleset bypass actors
bruzina Jul 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ Set up GitHub actions, variables and secrets:
- Secrets and variables / Actions / Actions secrets and variables
- Secrets
- **New repository secret**
- `APP_PEM_FILE` (`GITHUB_APP_PEM_FILE` contents)
- `GH_APP_PEM_FILE` (`GITHUB_APP_PEM_FILE` contents)
- `AWS_ACCESS_KEY_ID`
- `AWS_SECRET_ACCESS_KEY`
- Variables
Expand Down Expand Up @@ -176,9 +176,14 @@ organization:
- name: "Main Branch"
target: branch # REQUIRED, VALUES branch or tag
enforcement: active # REQUIRED, VALUES disabled or active
bypass_actors: # OPTIONAL, DEFAULT empty
# Xebis GitHub Semantic Release https://github.com/apps/xebis-github-semantic-release
- actor_id: 1527160 # REQUIRED, VALUE The ID of the actor
actor_type: Integration # REQUIRED, VALUES RepositoryRole, Team, Integration, OR OrganizationAdmin
bypass_mode: always # REQUIRED, VALUES always or pull_request
conditions: # OPTIONAL, DEFAULT empty
ref_name:
include: # OPTIONAL, DEFAULT empty, VALUE array of ref names or patterns to include, special values ~ALL and ~DEFAULT_BRANCH also accepted
include: # OPTIONAL, DEFAULT empty, VALUE array of ref names or patterns to include, SPECIAL VALUES ~ALL and ~DEFAULT_BRANCH also accepted
- ~DEFAULT_BRANCH
exclude: # OPTIONAL, DEFAULT empty
rules:
Expand Down
10 changes: 10 additions & 0 deletions terraform/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,16 @@ resource "github_repository_ruleset" "all_repositories" {
target = try(each.value.ruleset.target, null)
enforcement = try(each.value.ruleset.enforcement, null)

# Bypass actors
dynamic "bypass_actors" {
for_each = try(each.value.ruleset.bypass_actors, [])
content {
actor_id = bypass_actors.value.actor_id
actor_type = bypass_actors.value.actor_type
bypass_mode = bypass_actors.value.bypass_mode
}
}

# Conditions
dynamic "conditions" {
for_each = try(length(each.value.ruleset.conditions) > 0 ? [each.value.ruleset.conditions] : [], [])
Expand Down
7 changes: 5 additions & 2 deletions test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,21 @@ organization:
- name: "Main Branch"
target: branch
enforcement: active
bypass_actors:
# Xebis GitHub Semantic Release https://github.com/apps/xebis-github-semantic-release
- actor_id: 1527160
actor_type: Integration
bypass_mode: always
conditions:
ref_name:
include:
- ~DEFAULT_BRANCH
rules:
creation: true
update: true
deletion: true
pull_request:
required_approving_review_count: 0
required_linear_history: true
required_signatures: true
repositories:
- name: .github
# Repository metadata
Expand Down