branch

package
v0.0.0-...-feeb19d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation ¶

Overview ¶

Package branch implements the Branch Protection security policy.

Index ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewBranch ¶

func NewBranch() policydef.Policy

NewBranch returns a new BranchProtection policy.

Types ¶

type Branch ¶

type Branch bool

Branch is the Branch Protection policy object, implements policydef.Policy.

func (Branch) Check ¶

func (b Branch) Check(ctx context.Context, c *github.Client, owner,
	repo string,
) (*policydef.Result, error)

Check performs the policy check for Branch Protection based on the configuration stored in the org/repo, implementing policydef.Policy.Check().

func (Branch) Fix ¶

func (b Branch) Fix(ctx context.Context, c *github.Client, owner, repo string) error

Fix implementing policydef.Policy.Fix().

func (Branch) GetAction ¶

func (b Branch) GetAction(ctx context.Context, c *github.Client, owner, repo string) string

GetAction returns the configured action from Branch Protection's configuration stored in the org-level repo, default log. Implementing policydef.Policy.GetAction().

func (Branch) IsEnabled ¶

func (b Branch) IsEnabled(ctx context.Context, c *github.Client, owner, repo string) (bool, error)

Check whether this policy is enabled or not.

func (Branch) Name ¶

func (b Branch) Name() string

Name returns the name of this policy, implementing policydef.Policy.Name().

type OrgConfig ¶

type OrgConfig struct {
	// OptConfig is the standard org-level opt in/out config, RepoOverride
	// applies to all BP config.
	OptConfig config.OrgOptConfig `json:"optConfig"`

	// Action defines which action to take, default log, other: issue...
	Action string `json:"action"`

	// EnforceDefault : set to true to enforce policy on default branch, default
	// true.
	EnforceDefault bool `json:"enforceDefault"`

	// EnforceBranches is a map of repos and branches. These are other
	// non-default branches to enforce policy on, such as branches which releases
	// are made from.
	EnforceBranches map[string][]string `json:"enforceBranches"`

	// RequireApproval : set to true to enforce approval on PRs, default true.
	// When this config is false, ApprovalCount will always be set to 0.
	RequireApproval bool `json:"requireApproval"`

	// RequireCodeOwnerReviews : set to true to enforce code owner reviews on PRs, default false.
	// If set to true, then "requireApproval" must also be true
	RequireCodeOwnerReviews bool `json:"requireCodeOwnerReviews"`

	// ApprovalCount is the number of required PR approvals, default 1.
	ApprovalCount int `json:"approvalCount"`

	// DismissStale : set to true to require PR approvals be dismissed when a PR
	// is updated, default true.
	DismissStale bool `json:"dismissStale"`

	// BlockForce : set to true to block force pushes, default true.
	BlockForce bool `json:"blockForce"`

	// RequireUpToDateBranch : set to true to require that branches must be up
	// to date before merging. Only used if RequireStatusChecks is set. Default
	// true.
	RequireUpToDateBranch bool `json:"requireUpToDateBranch"`

	// RequireStatusChecks is a list of status checks that are required in
	// order to merge into the protected branch. Each entry must specify
	// the context, and optionally an appID.
	RequireStatusChecks []StatusCheck `json:"requireStatusChecks"`

	// EnforceOnAdmins : set to true to apply the branch protection rules on
	// administrators as well.
	EnforceOnAdmins bool `json:"enforceOnAdmins"`

	// RequireSignedCommits : set to true to require signed commits on protected branches, default false
	RequireSignedCommits bool `json:"requireSignedCommits"`
}

OrgConfig is the org-level config definition for Branch Protection.

type RepoConfig ¶

type RepoConfig struct {
	// OptConfig is the standard repo-level opt in/out config.
	OptConfig config.RepoOptConfig `json:"optConfig"`

	// Action overrides the same setting in org-level, only if present.
	Action *string `json:"action"`

	// EnforceDefault overrides the same setting in org-level, only if present.
	EnforceDefault *bool `json:"enforceDefault"`

	// EnforceBranches adds more branches to the org-level list. Does not
	// override. Always allowed irrespective of DisableRepoOverride setting.
	EnforceBranches []string `json:"enforceBranches"`

	// RequireApproval overrides the same setting in org-level, only if present.
	RequireApproval *bool `json:"requireApproval"`

	// RequireCodeOwnerReviews overrides the same setting in org-level, only if present.
	RequireCodeOwnerReviews *bool `json:"requireCodeOwnerReviews"`

	// ApprovalCount overrides the same setting in org-level, only if present.
	ApprovalCount *int `json:"approvalCount"`

	// DismissStale overrides the same setting in org-level, only if present.
	DismissStale *bool `json:"dismissStale"`

	// BlockForce overrides the same setting in org-level, only if present.
	BlockForce *bool `json:"blockForce"`

	// EnforceOnAdmins overrides the same setting in org-level, only if present.
	EnforceOnAdmins *bool `json:"enforceOnAdmins"`

	// RequireUpToDateBranch overrides the same setting in org-level, only if
	// present.
	RequireUpToDateBranch *bool `json:"requireUpToDateBranch"`

	// RequireStatusChecks overrides the same setting in org-level, only if
	// present. Omitting will lead to taking the org-level config as is, but
	// specifying an empty list (`requireStatusChecks: []`) will override the
	// setting to be empty.
	RequireStatusChecks []StatusCheck `json:"requireStatusChecks"`

	// RequireSignedCommits overrides the same setting in org-level, only if
	// present.
	RequireSignedCommits *bool `json:"requireSignedCommits"`
}

RepoConfig is the repo-level config for Branch Protection.

type StatusCheck ¶

type StatusCheck struct {
	// Context is the status check name that should be required.
	Context string `json:"context"`

	// AppID, when provided, will require that the status check be set by
	// the GitHub App with the given AppID. When omitted, any app can
	// provide the required status check.
	AppID *int64 `json:"appID"`
}

StatusCheck is the config description for specifying a single required status check in the RequireStatusChecks list.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL