Skip to content

Commit 01dc5fc

Browse files
Jetman80Jetman80
committed
allowed_to_merge, allowed_to_push for protected branches, allowed_to_create for protected tags
1 parent 90ae640 commit 01dc5fc

2 files changed

Lines changed: 77 additions & 11 deletions

File tree

projects.py

Lines changed: 68 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -965,30 +965,87 @@ def create_var(var):
965965
else:
966966
old_p_branch = {}
967967

968-
project.protectedbranches.create(
969-
{
970-
'name': branch["name"],
971-
'push_access_level': branch["push_access_level"],
972-
'merge_access_level': branch["merge_access_level"],
973-
'allow_force_push': default(lambda: branch["allow_force_push"], False),
974-
'code_owner_approval_required': branch["code_owner_approval_required"]
975-
}
976-
)
968+
branch_dict = {
969+
"name": branch["name"],
970+
"push_access_level": branch["push_access_level"],
971+
"merge_access_level": branch["merge_access_level"],
972+
"allow_force_push": default(lambda: branch["allow_force_push"], False),
973+
"code_owner_approval_required": branch["code_owner_approval_required"]
974+
}
975+
976+
if "allowed_to_merge" in branch:
977+
branch_dict["allowed_to_merge"] = []
978+
for user_or_group in branch["allowed_to_merge"]:
979+
if "user" in user_or_group:
980+
user_id = gl.users.list(username=user_or_group["user"])[0].id
981+
logger.info("Found user ID: {id}, name: {user}".format(id=user_id, user=user_or_group["user"]))
982+
branch_dict["allowed_to_merge"].append({"user_id": user_id})
983+
if "group" in user_or_group:
984+
group_id = gl.groups.get(user_or_group["group"]).id
985+
logger.info("Found group ID: {id}, name: {group}".format(id=group_id, group=user_or_group["group"]))
986+
branch_dict["allowed_to_merge"].append({"group_id": group_id})
987+
988+
if "allowed_to_push" in branch:
989+
branch_dict["allowed_to_push"] = []
990+
for user_or_group in branch["allowed_to_push"]:
991+
if "user" in user_or_group:
992+
user_id = gl.users.list(username=user_or_group["user"])[0].id
993+
logger.info("Found user ID: {id}, name: {user}".format(id=user_id, user=user_or_group["user"]))
994+
branch_dict["allowed_to_push"].append({"user_id": user_id})
995+
if "group" in user_or_group:
996+
group_id = gl.groups.get(user_or_group["group"]).id
997+
logger.info("Found group ID: {id}, name: {group}".format(id=group_id, group=user_or_group["group"]))
998+
branch_dict["allowed_to_push"].append({"group_id": group_id})
999+
1000+
project.protectedbranches.create(branch_dict)
9771001
new_p_branch = project.protectedbranches.get(branch["name"]).asdict()
9781002
diff = DeepDiff(old_p_branch, new_p_branch, exclude_regex_paths=[r"root\[.+\]\[.+\]\['id'\]", r"root\['id'\]"])
9791003
if diff:
9801004
print("Protected branch \"{branch_name}\" config diff:".format(branch_name=branch["name"]))
9811005
print("---")
9821006
print(diff.pretty())
9831007
print("---")
1008+
9841009
project.save()
1010+
9851011
# Protected tags
9861012
if "protected_tags" in project_dict:
9871013
for tag in project_dict["protected_tags"]:
1014+
9881015
if any(project_tag.name == tag["name"] for project_tag in project.protectedtags.list(get_all=True)):
9891016
p_tag = project.protectedtags.get(tag["name"])
1017+
old_p_tag = project.protectedtags.get(tag["name"]).asdict()
9901018
p_tag.delete()
991-
project.protectedtags.create({'name': tag["name"], 'create_access_level': tag["create_access_level"]})
1019+
else:
1020+
old_p_tag = {}
1021+
1022+
tag_dict = {
1023+
"name": tag["name"],
1024+
"create_access_level": tag["create_access_level"]
1025+
}
1026+
1027+
if "allowed_to_create" in tag:
1028+
tag_dict["allowed_to_create"] = []
1029+
for user_or_group in tag["allowed_to_create"]:
1030+
if "user" in user_or_group:
1031+
user_id = gl.users.list(username=user_or_group["user"])[0].id
1032+
logger.info("Found user ID: {id}, name: {user}".format(id=user_id, user=user_or_group["user"]))
1033+
tag_dict["allowed_to_create"].append({"user_id": user_id})
1034+
if "group" in user_or_group:
1035+
group_id = gl.groups.get(user_or_group["group"]).id
1036+
logger.info("Found group ID: {id}, name: {group}".format(id=group_id, group=user_or_group["group"]))
1037+
tag_dict["allowed_to_create"].append({"group_id": group_id})
1038+
1039+
project.protectedtags.create(tag_dict)
1040+
new_p_tag = project.protectedtags.get(tag["name"]).asdict()
1041+
diff = DeepDiff(old_p_tag, new_p_tag, exclude_regex_paths=[r"root\[.+\]\[.+\]\['id'\]", r"root\['id'\]"])
1042+
if diff:
1043+
print("Protected tag \"{tag_name}\" config diff:".format(tag_name=tag["name"]))
1044+
print("---")
1045+
print(diff.pretty())
1046+
print("---")
1047+
1048+
project.save()
9921049

9931050
# MR approval rules (should be done after branch protection reset)
9941051
if "merge_request_approval_rules" in project_dict:
@@ -1180,7 +1237,7 @@ def create_var(var):
11801237
project.save()
11811238
new_project_dict = project.asdict()
11821239
if old_project_dict != new_project_dict:
1183-
print(DeepDiff(old_project_dict, new_project_dict).pretty())
1240+
print(DeepDiff(old_project_dict, new_project_dict, exclude_regex_paths=[r"root\['permissions'\]"]).pretty())
11841241

11851242
logger.info("Project {project} settings:".format(project=project_dict["path"]))
11861243
logger.info(project)

projects.yaml.example

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,9 +85,18 @@ projects:
8585
merge_access_level: 40
8686
code_owner_approval_required: True
8787
allow_force_push: True
88+
allowed_to_merge: # optional
89+
- user: user1
90+
- group: dev/group2
91+
allowed_to_push: # optional
92+
- user: user1
93+
- group: dev/group2
8894
protected_tags: # optional
8995
- name: 'v*'
9096
create_access_level: 40
97+
allowed_to_create: # optional
98+
- user: user1
99+
- group: dev/group2
91100
merge_request_approval_rules: # optional
92101
- name: QA
93102
groups:

0 commit comments

Comments
 (0)