Skip to content

setup-pureos-pkg-repo: Don't use obsolete API for protecting branches

Evangelos Ribeiro Tzaras requested to merge fix-protected-branches-setup-pkg-repo into master

The correct way (nowadays) to protect a branch is by using the protected_branches endpoint (see https://docs.gitlab.com/ee/api/protected_branches.html)

Fixes #4 (closed)

First commit: We have a similar check already in get_branch, but the API we're using for checking the CI file uses the branch as a name/string and not as a branch object.

Second commit:

Perhaps it would make sense to specify more options in the dictionary (access levels, whether to allow force pushing, etc)?

Just setting the name of the branch we end up with the following defaults for the other values (inserted linebreaks to increase readability). These seem like good defaults to me, but maybe we want to be explicit about them:

> $ ~/git/librem5-dev-tools/setup-pureos-pkg-repo -i 2386
CI configured as expected
Repo https://source.puri.sm/evangelos.tzaras/sofia-sip.git setup complete.
                                                                                                                                                                                                                                                                                          
> $ curl --header "PRIVATE-TOKEN: $GITLAB_TOKEN" "https://source.puri.sm/api/v4/projects/2386/protected_branches"
[{"id":2369,"name":"pureos/latest",
"push_access_levels":
[{"access_level":40,"access_level_description":"Maintainers","user_id":null,"group_id":null}],
"merge_access_levels":
[{"access_level":40,"access_level_description":"Maintainers","user_id":null,"group_id":null}],
"allow_force_push":false,
"unprotect_access_levels":
[{"access_level":40,"access_level_description":"Maintainers","user_id":null,"group_id":null}],
"code_owner_approval_required":false},

{"id":2370,"name":"pristine-tar",
"push_access_levels":
[{"access_level":40,"access_level_description":"Maintainers","user_id":null,"group_id":null}],
"merge_access_levels":
[{"access_level":40,"access_level_description":"Maintainers","user_id":null,"group_id":null}],
"allow_force_push":false,
"unprotect_access_levels":
[{"access_level":40,"access_level_description":"Maintainers","user_id":null,"group_id":null}],
"code_owner_approval_required":false}]%

NOTE

This is only tested on Debian Bookworm/Sid and incidentally only started working after the latest gitlab upgrade (before the upgrade I was getting 403 Forbidden errors, I assume because the API endpoint didn't exist?!)

Edited by Evangelos Ribeiro Tzaras

Merge request reports