From 9db80406f3dfe4c6be4657423da7e7d0876cbd80 Mon Sep 17 00:00:00 2001 From: Steve Boyd Date: Fri, 31 May 2024 12:32:14 +1200 Subject: [PATCH] ENH Remove restrict creations rule for tag ruleset --- rulesets/tag-ruleset.json | 3 --- rulesets_command.php | 6 ++++-- run.php | 3 +++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/rulesets/tag-ruleset.json b/rulesets/tag-ruleset.json index e6740f2..1b0f6e1 100644 --- a/rulesets/tag-ruleset.json +++ b/rulesets/tag-ruleset.json @@ -17,9 +17,6 @@ { "type": "non_fast_forward" }, - { - "type": "creation" - }, { "type": "update" } diff --git a/rulesets_command.php b/rulesets_command.php index b5a5f5d..a29b22e 100644 --- a/rulesets_command.php +++ b/rulesets_command.php @@ -67,8 +67,10 @@ // Note: This will read from the "rulesets" directory // In each of those json rulesets there is "bypass_actors"."actor_id" = 5 // This translates to the "Repository admin" role - // It has been confirmed that the github-action user is able to bypass the ruleset as - // it has the "Organisation admin" role which is one level above the "Repository admin" role + // + // Note that the github-action user appears to have NO bypass permissions (not even write), + // even if it has the `contents: write` permission on the job that is running the action + // $branchRuleset = create_ruleset('branch', $additionalBranchConditions); $tagRuleset = create_ruleset('tag'); diff --git a/run.php b/run.php index 70a89b0..1222dc0 100644 --- a/run.php +++ b/run.php @@ -20,6 +20,9 @@ const TOOL_URL = 'https://github.com/silverstripe/module-standardiser'; const PR_TITLE = 'MNT Run module-standardiser'; const PR_DESCRIPTION = 'This pull-request was created automatically by [module-standardiser](' . TOOL_URL . ')'; + +// DO NOT change these constants or else new ruleset will be created instead of +// updating existing rulesets and we'll end up with 2x rulesets const BRANCH_RULESET_NAME = 'Silverstripe CMS branch ruleset'; const TAG_RULESET_NAME = 'Silverstripe CMS tag ruleset';