🛠 Tooling: Find a cleaner approach to temporarily disabling branch protections #145
Comments
JoshuaKGoldberg
added
area: tooling
|
Apparently with an admin PAT token, you can push by-passing branch protection rules. There's also this action that can help with thing: https://github.com/CasperWA/push-protected (a PAT token is still required). It's also worth noting that GitHub Apps can be given permission to by-pass branch protection rules, but this isn't currently possible with actions. More info here: https://github.com/orgs/community/discussions/13836 |
|
Would like this as well! I thought it was very weird to see it disabled then re-enabled 😅 |
## PR Checklist - [x] Addresses an existing open issue: fixes #862 - [x] That issue was marked as [`status: accepting prs`](https://github.com/JoshuaKGoldberg/create-typescript-app/issues?q=is%3Aopen+is%3Aissue+label%3A%22status%3A+accepting+prs%22) - [x] Steps in [CONTRIBUTING.md](https://github.com/JoshuaKGoldberg/create-typescript-app/blob/main/.github/CONTRIBUTING.md) were taken ## Overview Switches `actions/checkout@4` to fetch from `ref: main` (the branch) instead of the commit that triggered the workflow. Doing so should mean that every release workflow runs on the latest commit as of when it _starts_. This should mean that if N release-worthy commits occur quickly: 1. The first one should always finish releasing nicely 2. The remaining 1...N commits will each I don't love that this solution results in 1...N release workflows each deleting branch protection, doing nothing, then recreating the branch protection. But given https://github.com/orgs/community/discussions/12835 I don't see a way around it. The branch protection shenanigans should be made better by #145.
|
I ended up sticking with the delete-and-recreate strategy in https://github.com/JoshuaKGoldberg/release-it-action -> #927 😞. If there's a cleaner approach I'd be very open to an issue in release-it-action. Looking at the alternatives mentioned so far:
I might be totally off-base here 😄 so again please do file an issue if you've got a suggestion for a better way! |
## PR Checklist - [x] Addresses an existing open issue: fixes #145 - [x] That issue was marked as [`status: accepting prs`](https://github.com/JoshuaKGoldberg/create-typescript-app/issues?q=is%3Aopen+is%3Aissue+label%3A%22status%3A+accepting+prs%22) - [x] Steps in [CONTRIBUTING.md](https://github.com/JoshuaKGoldberg/create-typescript-app/blob/main/.github/CONTRIBUTING.md) were taken ## Overview Uses my new https://github.com/JoshuaKGoldberg/release-it-action that contains much of the same logic as the previous `release.yml` contents. I stuck with the "delete and recreate branch protections" approach because (a) it's worked well and (b) other approaches had other limitations. I can't be 100% sure this works in this repo until it lands on `main` and tries a few release flows. But I did test it in a separate repo and it worked well there.
|
🎉 This is included in version v1.32.0 🎉 The release is available on: Cheers! 📦🚀 |
Bug Report Checklist
mainbranch of the repository.Overview
#144 added scripts to the release workflow that:
mainmainThe branch protections are roughly a copy & paste of the
script/setup.jssettings. It would be nice to use some automation that can remember the existing branch protections without having to copy & paste in source code.Additional Info
I'd tried https://github.com/benjefferies/branch-protection-bot but looks like it's not as comprehensive (benjefferies/branch-protection-bot#30). That general idea would be nice though.
The text was updated successfully, but these errors were encountered: