-
Notifications
You must be signed in to change notification settings - Fork 70
166 lines (140 loc) · 5.16 KB
/
setting.yml
File metadata and controls
166 lines (140 loc) · 5.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
name: Repository Settings
on:
pull_request:
paths:
- .github/workflows/setting.yml
- .github/environments.json
- .github/protection.json
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
jobs:
branch:
runs-on: ubuntu-latest
steps:
- name: Generate a token
id: generate-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_KEY }}
- name: Enable auto-delete head branches
run: |
gh repo edit ${{ github.repository }} \
--default-branch develop \
--delete-branch-on-merge
env:
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
environments:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- environment: Develop
branch: develop
- environment: Production
branch: main
- environment: github-pages
branch: gh-pages
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Generate a token
id: generate-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_KEY }}
- name: Configure Environment
run: |
if [ ! -f ${{ env.CONFIG_FILE }} ]; then
echo "Error: ${{ env.CONFIG_FILE }} not found!"
exit 1
fi
jq -c ".\"${{ env.ENVIRONMENT_NAME }}\"" ${{ env.CONFIG_FILE }} | gh api -X PUT "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}" --input -
CUSTOM_BRANCH_POLICIES=$(jq -r ".\"${{ env.ENVIRONMENT_NAME }}\".deployment_branch_policy.custom_branch_policies" ${{ env.CONFIG_FILE }})
if [ "$CUSTOM_BRANCH_POLICIES" != true ]; then
IDS=$(gh api "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies" --jq '.branch_policies[].id' || true)
for ID in $IDS; do
gh api -X DELETE "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies/$ID" --silent || true
done
exit 0
fi
gh api -X POST "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies" \
-f "name=${{ env.BRANCH_NAME }}" \
-f "type=branch"
env:
CONFIG_FILE: .github/environments.json
BRANCH_NAME: ${{ matrix.branch }}
ENDPOINT: repos/${{ github.repository }}/environments
ENVIRONMENT_NAME: ${{ matrix.environment }}
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
pages:
runs-on: ubuntu-latest
steps:
- name: Generate a token
id: generate-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_KEY }}
- name: Set GitHub Pages Source
run: |
gh api -X POST ${{ env.ENDPOINT }} \
-f "source[branch]=${{ env.BRANCH }}" \
-f "source[path]=${{ env.TARGET_PATH }}" --silent \
|| \
gh api -X PUT ${{ env.ENDPOINT }} \
-f "source[branch]=${{ env.BRANCH }}" \
-f "source[path]=${{ env.TARGET_PATH }}"
env:
ENDPOINT: repos/${{ github.repository }}/pages
BRANCH: gh-pages
TARGET_PATH: /
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
permission:
runs-on: ubuntu-latest
steps:
- name: Generate a token
id: generate-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_KEY }}
- name: Configure Actions Workflow Permissions
run: |
gh api -X PUT "${{ env.ENDPOINT }}" \
-f "default_workflow_permissions=write" \
-F "can_approve_pull_request_reviews=true"
env:
ENDPOINT: repos/${{ github.repository }}/actions/permissions/workflow
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
protection:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Generate a token
id: generate-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_KEY }}
- name: Apply Branch Protection Rules
run: |
if [ ! -f ${{ env.CONFIG_FILE }} ]; then
echo "Error: ${{ env.CONFIG_FILE }} not found!"
exit 1
fi
BRANCHES=$(jq -r 'keys[]' ${{ env.CONFIG_FILE }})
for BRANCH in $BRANCHES; do
if ! gh api "${{ env.ENDPOINT }}/$BRANCH" --silent >/dev/null 2>&1; then
echo "Warning: Branch $BRANCH does not exist in this repository. Skipping..."
continue
fi
jq -c ".\"$BRANCH\"" ${{ env.CONFIG_FILE }} | gh api -X PUT "${{ env.ENDPOINT }}/$BRANCH/protection" --input -
done
env:
CONFIG_FILE: .github/protection.json
ENDPOINT: repos/${{ github.repository }}/branches
GH_TOKEN: ${{ steps.generate-token.outputs.token }}