This repository has been archived by the owner on Apr 11, 2023. It is now read-only.
generated from DevScope/continuous-integration
-
Notifications
You must be signed in to change notification settings - Fork 0
72 lines (63 loc) · 2.47 KB
/
4-add-branch-protections.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
name: Step 4, Add branch protections
# This step triggers after we turn on or edit a branch protection rule
# This step sets STEP to 5
# This step closes <details id=4> and opens <details id=5>
# This will run every time we turn on or edit a branch protection rule
# Reference https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows
on:
workflow_dispatch:
branch_protection_rule:
types:
- created
- edited
branches:
- main
# Reference https://docs.github.com/en/actions/security-guides/automatic-token-authentication
permissions:
# Need `contents: read` to checkout the repository
# Need `contents: write` to update the step metadata
contents: write
jobs:
# Get the current step from .github/script/STEP so we can
# limit running the main job when the learner is on the same step.
get_current_step:
name: Check current step number
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- id: get_step
run: |
echo "current_step=$(cat ./.github/script/STEP)" >> $GITHUB_OUTPUT
outputs:
current_step: ${{ steps.get_step.outputs.current_step }}
on_update_branch_protection:
name: On update branch protection
needs: get_current_step
# We will only run this action when:
# 1. This repository isn't the template repository
# 2. The STEP is currently 4
# Reference https://docs.github.com/en/actions/learn-github-actions/contexts
# Reference https://docs.github.com/en/actions/learn-github-actions/expressions
if: >-
${{ !github.event.repository.is_template
&& needs.get_current_step.outputs.current_step == 4 }}
# We'll run Ubuntu for performance instead of Mac or Windows
runs-on: ubuntu-latest
steps:
# We'll need to check out the repository so that we can edit the README
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # Let's get all the branches
ref: ci # Important, as normally `branch_protection_rule` event won't grab other branches
# TODO: figure out a better way to deal with the lock on `main`, merge conflict this creates
# Update README to close <details id=4> and open <details id=5>
# and set STEP to '5'
# - name: Update to step 5
# uses: skills/action-update-step@v1
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# from_step: 4
# to_step: 5
# branch_name: ci