Add concourse github org to org automation#1545
Conversation
beff8ee to
2faf3b6
Compare
|
@taylorsilva : Can you install the github app "CF Foundation Community Automation" (https://github.com/apps/cf-foundation-community-automation) into your concourse org and grant it the following permissions to all repos (these are the permissions granted in the cloudfoundry org):
This should enable the CFF org automation to manage the concourse org. I would test it then by running the Dump Github Organization Settings workflow. |
|
I've installed the app into the Concourse org. I think because I'm not part of the CF org here yet I can't run the workflow though. Can you kick it off and I'll check the output. Feel free to ping me here again. |
|
Result of concourse org dump: #1557 (note that it just the concourse org). I copied the repos part over into orgs.yaml of this PR. Resulting orgs.out.yml is attached. This is the input for peribolos and describes how the concourse org will look like after the org automation did its job. Please review carefully. |
| concourse: | ||
| repos: {} |
There was a problem hiding this comment.
If this is left blank, as-is, what happens to all the rules we currently have in place across our repos? Will the automation force some defaults onto all of our repo's?
There was a problem hiding this comment.
Looking at branchprotection.out.yml from your comment, it looks like defaults are applied. Looking at just one repo as an example:
concourse:
allow_deletions: false
allow_disabled_policies: true
allow_force_pushes: false
enforce_admins: true
include:
- ^master$
- ^v[0-9]*$
protect: true
required_pull_request_reviews:
bypass_pull_request_allowances:
teams:
- wg-concourse-bots
dismiss_stale_reviews: true
require_code_owner_reviews: true
required_approving_review_count: 1It's missing protecting our release/* branches, and the required status checks we have set in that repo too for PRs. Is it also possible to protect tags as well in this list?
It seems that we should populate this field with all of our custom rules across our repos. How should we collaborate on this? Should I update it and paste the file here?
There was a problem hiding this comment.
rfc-0015-branch-protection.md suggests v[0-9]* as release branch names. If you have a different naming convention you would need to configure the branch protection for your repos in orgs/branchprotection.yml. Same applies if you need status checks (they can't be generated).
Best way forward is probably to past your branch protection config here and I add it then to the PR. Once this PR is merged, you have write access in the community repo (as WG lead) and collaboration gets much easier.
|
Will take me a bit but I'll post |
|
@stephanme I've pushed my changes to a branch here: https://github.com/taylorsilva/cff-community/tree/concourse-org Relevant commit: taylorsilva@7066911 |
Concourse wg definition taken from #1540
TODOs: