Bug/issue 465

app.yml

@@ -115,7 +115,7 @@ default_permissions:
     organization_administration: write
 
     # Manage Actions variables.
-    # https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28
+    # https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10
     actions_variables: write
 
 

docs/github-settings/1. repository-settings.md

@@ -50,8 +50,8 @@ repository:
 
 >[!TIP]
 >GitHub's API documentation defines these inputs and types:
->1. [Update an environment](https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#update-a-repository)
->2. [Replace all repository topics](https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#replace-all-repository-topics)
+>1. [Update an environment](https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#update-a-repository)
+>2. [Replace all repository topics](https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#replace-all-repository-topics)
 
 <table>
 <tr><td>

docs/github-settings/2. repository-variables.md

@@ -18,7 +18,7 @@ variables:
 
 >[!TIP]
 >GitHub's API documentation defines these inputs and types:
->1. [Update a repository variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#update-a-repository-variable)
+>1. [Update a repository variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#update-a-repository-variable)
 
 <table>
 <tr><td>

docs/github-settings/3. collaborators.md

@@ -20,8 +20,8 @@ collaborators:
 
 >[!TIP]
 >GitHub's API documentation defines these inputs and types:
->1. [Add a repository collaborator](https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#add-a-repository-collaborator)
->2. [Remove a repository collaborator](https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#remove-a-repository-collaborator)
+>1. [Add a repository collaborator](https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2026-03-10#add-a-repository-collaborator)
+>2. [Remove a repository collaborator](https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2026-03-10#remove-a-repository-collaborator)
 
 <table>
 <tr><td>

docs/github-settings/4. teams.md

@@ -20,7 +20,7 @@ teams:
 
 >[!TIP]
 >GitHub's API documentation defines these inputs and types:
->1. [Add or update team repository permissions](https://docs.github.com/en/rest/teams/teams?apiVersion=2022-11-28#add-or-update-team-repository-permissions)
+>1. [Add or update team repository permissions](https://docs.github.com/en/rest/teams/teams?apiVersion=2026-03-10#add-or-update-team-repository-permissions)
 
 <table>
 <tr><td>

docs/github-settings/5. branch-protection.md

@@ -55,7 +55,7 @@ branches:
 
 >[!TIP]
 >GitHub's API documentation defines these inputs and types:
->1. [Update a repository variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#update-a-repository-variable)
+>1. [Update a repository variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#update-a-repository-variable)
 
 <table>
 <tr><td>

docs/github-settings/6. deployment-environments.md

@@ -46,9 +46,9 @@ environments:
 
 >[!TIP]
 >GitHub's API documentation defines these inputs and types:
->1. [Create or update an environment](https://docs.github.com/en/rest/deployments/environments?apiVersion=2022-11-28#create-or-update-an-environment)
->2. [Create a deployment branch policy](https://docs.github.com/en/rest/deployments/branch-policies?apiVersion=2022-11-28#create-a-deployment-branch-policy)
->3. [Create an environment variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#create-an-environment-variable)
+>1. [Create or update an environment](https://docs.github.com/en/rest/deployments/environments?apiVersion=2026-03-10#create-or-update-an-environment)
+>2. [Create a deployment branch policy](https://docs.github.com/en/rest/deployments/branch-policies?apiVersion=2026-03-10#create-a-deployment-branch-policy)
+>3. [Create an environment variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#create-an-environment-variable)
 
 <table>
 <tr><td>

docs/github-settings/7. autolinks.md

@@ -20,7 +20,7 @@ variables:
 
 >[!TIP]
 >GitHub's API documentation defines these inputs and types:
->1. [Create an autolink reference for a repository](https://docs.github.com/en/rest/repos/autolinks?apiVersion=2022-11-28#create-an-autolink-reference-for-a-repository)
+>1. [Create an autolink reference for a repository](https://docs.github.com/en/rest/repos/autolinks?apiVersion=2026-03-10#create-an-autolink-reference-for-a-repository)
 
 <table>
 <tr><td>

docs/github-settings/8. labels.md

@@ -19,9 +19,9 @@ labels:
 
 >[!TIP]
 >GitHub's API documentation defines these inputs and types:
->1. [Create a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#create-a-label)
->2. [Update a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#update-a-label)
->3. [Delete a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#delete-a-label)
+>1. [Create a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2026-03-10#create-a-label)
+>2. [Update a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2026-03-10#update-a-label)
+>3. [Delete a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2026-03-10#delete-a-label)
 
 <table>
 <tr><td>

docs/sample-settings/sample-deployment-settings.yml

@@ -27,10 +27,10 @@ overridevalidators:
     error: |
       `Branch protection required_approving_review_count cannot be overidden to a lower value`
     script: |
-      console.log(`baseConfig ${JSON.stringify(baseconfig)}`)
-      console.log(`overrideConfig ${JSON.stringify(overrideconfig)}`)
-      if (baseconfig.protection.required_pull_request_reviews.required_approving_review_count && overrideconfig.protection.required_pull_request_reviews.required_approving_review_count ) {
-        return overrideconfig.protection.required_pull_request_reviews.required_approving_review_count >= baseconfig.protection.required_pull_request_reviews.required_approving_review_count
+      const baseCount = baseconfig?.protection?.required_pull_request_reviews?.required_approving_review_count
+      const overrideCount = overrideconfig?.protection?.required_pull_request_reviews?.required_approving_review_count
+      if (baseCount && overrideCount) {
+        return overrideCount >= baseCount
       }
       return true
   - plugin: labels

docs/sample-settings/settings.yml

@@ -1,7 +1,7 @@
 # This settings file can be used to create org-level settings
 
 # This is the settings that need to be applied to all repositories in the org
-# See https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#create-an-organization-repository for all available settings for a repository
+# See https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#create-an-organization-repository for all available settings for a repository
 repository:
   # A short description of the repository that will show up on GitHub
   description: description of the repo
@@ -123,7 +123,7 @@ milestones:
     state: open
 
 # Collaborators: give specific users access to any repository.
-# See https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#add-a-repository-collaborator for available options
+# See https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2026-03-10#add-a-repository-collaborator for available options
 collaborators:
   - username: regpaco
     # The permission to grant the collaborator. Can be one of:
@@ -144,7 +144,7 @@ collaborators:
       - another-repo
 
 # Teams
-# See https://docs.github.com/en/rest/teams/teams?apiVersion=2022-11-28#create-a-team for available options
+# See https://docs.github.com/en/rest/teams/teams?apiVersion=2026-03-10#create-a-team for available options
 teams:
   - name: core
     # The permission to grant the team. Can be one of:
@@ -163,7 +163,7 @@ teams:
     visibility: closed
 
 # Branch protection rules
-# See https://docs.github.com/en/rest/branches/branch-protection?apiVersion=2022-11-28#update-branch-protection for available options
+# See https://docs.github.com/en/rest/branches/branch-protection?apiVersion=2026-03-10#update-branch-protection for available options
 branches:
   # If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo
   - name: default
@@ -202,7 +202,7 @@ branches:
         teams: []
 
 # Custom properties
-# See https://docs.github.com/en/rest/repos/custom-properties?apiVersion=2022-11-28
+# See https://docs.github.com/en/rest/repos/custom-properties?apiVersion=2026-03-10
 custom_properties:
   - name: test
     value: test
@@ -221,7 +221,7 @@ validator:
   pattern: "[a-zA-Z0-9_-]+"
 
 # Rulesets
-# See https://docs.github.com/en/rest/orgs/rules?apiVersion=2022-11-28#create-an-organization-repository-rulesetfor available options
+# See https://docs.github.com/en/rest/orgs/rules?apiVersion=2026-03-10#create-an-organization-repository-rulesetfor available options
 rulesets:
   - name: Template
     # The target of the ruleset. Can be one of:

index.js

@@ -407,7 +407,7 @@ module.exports = (robot, { getRouter }, Settings = require('./lib/settings')) =>
           repo: env.ADMIN_REPO,
           path: oldPath,
           headers: {
-            'X-GitHub-Api-Version': '2022-11-28'
+            'X-GitHub-Api-Version': '2026-03-10'
           }
         })
         let content = Buffer.from(repofile.data.content, 'base64').toString()
@@ -418,10 +418,10 @@ module.exports = (robot, { getRouter }, Settings = require('./lib/settings')) =>
           // Check if a config file already exists for the renamed repo name
           await context.octokit.request('GET /repos/{owner}/{repo}/contents/{path}', {
             owner: payload.repository.owner.login,
-            repo: env.ADMIN_REPO,
+            repo: env.ADMIN_REPO, 
             path: newPath,
             headers: {
-              'X-GitHub-Api-Version': '2022-11-28'
+              'X-GitHub-Api-Version': '2026-03-10'
             }
           })
         } catch (error) {
@@ -436,7 +436,7 @@ module.exports = (robot, { getRouter }, Settings = require('./lib/settings')) =>
               message: `Repo Renamed and safe-settings renamed the file from ${payload.changes.repository.name.from} to ${payload.repository.name}`,
               sha: repofile.data.sha,
               headers: {
-                'X-GitHub-Api-Version': '2022-11-28'
+                'X-GitHub-Api-Version': '2026-03-10'
               }
             })
             robot.log.debug(`Created a new setting file ${newPath}`)

lib/plugins/autolinks.js

@@ -19,7 +19,7 @@ module.exports = class Autolinks extends Diffable {
   changed (existing, attr) {
     // is_alphanumeric was added mid-2023. In order to continue to support settings yamls which dont specify this
     // attribute, consider an unset is_alphanumeric as `true` (since that is the default value in the API)
-    // https://docs.github.com/en/rest/repos/autolinks?apiVersion=2022-11-28#create-an-autolink-reference-for-a-repository
+    // https://docs.github.com/en/rest/repos/autolinks?apiVersion=2026-03-10#create-an-autolink-reference-for-a-repository
     const isAlphaNumericMatch = attr.is_alphanumeric === undefined
       ? existing.is_alphanumeric // === true, the default
       : attr.is_alphanumeric === existing.is_alphanumeric

lib/plugins/branches.js

@@ -5,10 +5,18 @@ const Overrides = require('./overrides')
 const ignorableFields = []
 const previewHeaders = { accept: 'application/vnd.github.hellcat-preview+json,application/vnd.github.luke-cage-preview+json,application/vnd.github.zzzax-preview+json' }
 const overrides = {
-  'contexts': {
-    'action': 'reset',
-    'type': 'array'
-  },
+  contexts: {
+    action: 'reset',
+    type: 'array'
+  }
+}
+
+// GitHub API requires these fields to be present in updateBranchProtection calls
+// See: https://docs.github.com/rest/branches/branch-protection#update-branch-protection
+const requiredBranchProtectionDefaults = {
+  required_status_checks: null,
+  enforce_admins: null,
+  restrictions: null
 }
 
 module.exports = class Branches extends ErrorStash {
@@ -56,7 +64,7 @@ module.exports = class Branches extends ErrorStash {
               const params = Object.assign({}, p)
               return this.github.rest.repos.getBranchProtection(params).then((result) => {
                 const mergeDeep = new MergeDeep(this.log, this.github, ignorableFields)
-                const changes = mergeDeep.compareDeep({ branch: { protection: this.reformatAndReturnBranchProtection(result.data) } }, { branch: { protection: Overrides.removeOverrides(overrides, branch.protection, result.data) } })
+                const changes = mergeDeep.compareDeep({ branch: { protection: this.reformatAndReturnBranchProtection(structuredClone(result.data)) } }, { branch: { protection: Overrides.removeOverrides(overrides, branch.protection, result.data) } })
                 const results = { msg: `Followings changes will be applied to the branch protection for ${params.branch.name} branch`, additions: changes.additions, modifications: changes.modifications, deletions: changes.deletions }
                 this.log.debug(`Result of compareDeep = ${results}`)
 
@@ -73,7 +81,7 @@ module.exports = class Branches extends ErrorStash {
                   resArray.push(new NopCommand(this.constructor.name, this.repo, null, results))
                 }
 
-                Object.assign(params, branch.protection, { headers: previewHeaders })
+                Object.assign(params, requiredBranchProtectionDefaults, this.reformatAndReturnBranchProtection(structuredClone(result.data)), Overrides.removeOverrides(overrides, branch.protection, result.data), { headers: previewHeaders })
 
                 if (this.nop) {
                   resArray.push(new NopCommand(this.constructor.name, this.repo, this.github.rest.repos.updateBranchProtection.endpoint(params), 'Add Branch Protection'))
@@ -83,7 +91,7 @@ module.exports = class Branches extends ErrorStash {
                 return this.github.rest.repos.updateBranchProtection(params).then(res => this.log.debug(`Branch protection applied successfully ${JSON.stringify(res.url)}`)).catch(e => { this.logError(`Error applying branch protection ${JSON.stringify(e)}`); return [] })
               }).catch((e) => {
                 if (e.status === 404) {
-                  Object.assign(params, Overrides.removeOverrides(overrides, branch.protection, {}), { headers: previewHeaders })
+                  Object.assign(params, requiredBranchProtectionDefaults, Overrides.removeOverrides(overrides, branch.protection, {}), { headers: previewHeaders })
                   if (this.nop) {
                     resArray.push(new NopCommand(this.constructor.name, this.repo, this.github.rest.repos.updateBranchProtection.endpoint(params), 'Add Branch Protection'))
                     return Promise.resolve(resArray)
@@ -123,6 +131,29 @@ module.exports = class Branches extends ErrorStash {
       protection.required_linear_history = protection.required_linear_history && protection.required_linear_history.enabled
       protection.enforce_admins = protection.enforce_admins && protection.enforce_admins.enabled
       protection.required_signatures = protection.required_signatures && protection.required_signatures.enabled
+      protection.allow_force_pushes = protection.allow_force_pushes && protection.allow_force_pushes.enabled
+      protection.block_creations = protection.block_creations && protection.block_creations.enabled
+      protection.lock_branch = protection.lock_branch && protection.lock_branch.enabled
+      protection.allow_fork_syncing = protection.allow_fork_syncing && protection.allow_fork_syncing.enabled
+      if (protection.restrictions) {
+        delete protection.restrictions.url
+        protection.restrictions.users = Array.isArray(protection.restrictions.users)
+          ? protection.restrictions.users.map(user => user.login || user)
+          : []
+        protection.restrictions.teams = Array.isArray(protection.restrictions.teams)
+          ? protection.restrictions.teams.map(team => team.slug || team)
+          : []
+        protection.restrictions.apps = Array.isArray(protection.restrictions.apps)
+          ? protection.restrictions.apps.map(app => app.slug || app)
+          : []
+      }
+      if (protection.required_status_checks) {
+        delete protection.required_status_checks.url
+        delete protection.required_status_checks.contexts_url
+        if (Array.isArray(protection.required_status_checks.contexts) && protection.required_status_checks.contexts.length === 0) {
+          delete protection.required_status_checks.contexts
+        }
+      }
       if (protection.required_pull_request_reviews && !protection.required_pull_request_reviews.bypass_pull_request_allowances) {
         protection.required_pull_request_reviews.bypass_pull_request_allowances = { apps: [], teams: [], users: [] }
       }

lib/plugins/collaborators.js

@@ -15,7 +15,7 @@ module.exports = class Collaborators extends Diffable {
   }
 
   find () {
-    // https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28
+    // https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2026-03-10
     // 'outside' means all outside collaborators of an organization-owned repository.
     // 'direct' means all collaborators with permissions to an organization-owned repository, regardless of organization membership status. (includes outside collaborators)
     // 'all' means all collaborators the authenticated user can see.

lib/plugins/custom_properties.js

@@ -12,10 +12,12 @@ module.exports = class CustomProperties extends Diffable {
 
   // Force all names to lowercase to avoid comparison issues.
   normalizeEntries () {
-    this.entries = this.entries.map(({ name, value }) => ({
-      name: name.toLowerCase(),
-      value
-    }))
+    this.entries = this.entries
+      .filter(({ name }) => name != null)
+      .map(({ name, value }) => ({
+        name: name.toLowerCase(),
+        value
+      }))
   }
 
   async find () {
@@ -38,10 +40,12 @@ module.exports = class CustomProperties extends Diffable {
 
   // Force all names to lowercase to avoid comparison issues.
   normalize (properties) {
-    return properties.map(({ property_name: propertyName, value }) => ({
-      name: propertyName.toLowerCase(),
-      value
-    }))
+    return properties
+      .filter(({ property_name: propertyName }) => propertyName != null)
+      .map(({ property_name: propertyName, value }) => ({
+        name: propertyName.toLowerCase(),
+        value
+      }))
   }
 
   comparator (existing, attrs) {

lib/plugins/rulesets.js

@@ -7,12 +7,12 @@ const overrides = {
   'required_status_checks': {
     'action': 'delete',
     'parents': 3,
-    'type': 'dict'
+    'type': 'array'
   },
 }
 
 const version = {
-  'X-GitHub-Api-Version': '2022-11-28'
+  'X-GitHub-Api-Version': '2026-03-10'
 }
 module.exports = class Rulesets extends Diffable {
   constructor (nop, github, repo, entries, log, errors, scope) {