Created
February 27, 2024 21:51
-
-
Save johnnymo87/4f5cd6b4cdc316df1bbfda56bb0782d6 to your computer and use it in GitHub Desktop.
Using the GitHub graphql API, set the read-only setting on an existing protection rule for a branch. When true, no one can merge pull requests to it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env bash | |
| # Using the GitHub graphql API, set the read-only setting on an existing | |
| # protection rule for a branch. When true, no one can merge pull requests to | |
| # it. | |
| # | |
| # Dependencies: | |
| # * gh (https://cli.github.com/) | |
| # * A fine-grained GitHub personal access token, set as `GH_TOKEN` in the | |
| # environment. | |
| # * https://github.com/settings/personal-access-tokens/new | |
| # * Token settings: | |
| # * Resource owner: ... | |
| # * Repository: ... | |
| # * Repository Permissions: Administration read and write | |
| # | |
| # Credit: https://github.com/cli/cli/issues/3528#issuecomment-828561786 | |
| set -euo pipefail | |
| repositoryOwner="johnnymo87" | |
| repositoryName="create-react-app-docker" | |
| branchNamePattern="master" | |
| # Check if the lockBranch argument is provided. | |
| if [ $# -eq 0 ]; then | |
| echo "Error: No argument provided for lockBranch." | |
| echo "Usage: $0 <lockBranch>" | |
| exit 1 | |
| fi | |
| lockBranch="$1" | |
| # Prepare the query to get the ID and branch name pattern of the first branch | |
| # protection rule of the repository. | |
| branchProtectionRuleQuery=$(cat <<EOF | |
| { | |
| repository(owner: "$repositoryOwner", name: "$repositoryName") { | |
| branchProtectionRules(first: 100) { | |
| nodes { | |
| id | |
| pattern | |
| } | |
| } | |
| } | |
| } | |
| EOF | |
| ) | |
| # Execute the query and scan the results, looking for the branch protection | |
| # rule that has a pattern matching the branchNamePattern, extracting the ID. | |
| branchProtectionRuleId=$( \ | |
| gh api graphql \ | |
| -f query="$branchProtectionRuleQuery" \ | |
| -q ".data.repository.branchProtectionRules.nodes[] | select(.pattern == \"$branchNamePattern\") | .id" | |
| ) | |
| # Check if a branch protection rule ID was found and exit if not. | |
| if [ -z "$branchProtectionRuleId" ]; then | |
| echo "No branch protection rule found matching the pattern: $branchNamePattern" | |
| exit 1 | |
| fi | |
| # Prepare the mutation to set the read-only flag on the branch protection rule. | |
| setReadOnlyMutation=$(cat <<'EOF' | |
| mutation($branchProtectionRuleId: ID!, $lockBranch: Boolean!) { | |
| updateBranchProtectionRule(input: { | |
| branchProtectionRuleId: $branchProtectionRuleId | |
| lockBranch: $lockBranch | |
| }) { | |
| clientMutationId | |
| } | |
| } | |
| EOF | |
| ) | |
| # Set the read-only flag on the branch protection rule. | |
| gh api graphql \ | |
| -H "X-Github-Next-Global-ID: 1" \ | |
| --silent \ | |
| -f query="$setReadOnlyMutation" \ | |
| -f branchProtectionRuleId="$branchProtectionRuleId" \ | |
| -F lockBranch=$lockBranch | |
| echo "Branch protection rule updated to lockBranch=$lockBranch" |
Author
johnnymo87
commented
Feb 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment