98 lines
3.2 KiB
Python
98 lines
3.2 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Sync branch protection rules from .gitea/branch-protection/*.yml to Gitea.
|
|
Correctly uses the Gitea 1.25+ API (not GitHub-style).
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import json
|
|
import os
|
|
import sys
|
|
import urllib.request
|
|
from pathlib import Path
|
|
|
|
import yaml
|
|
|
|
GITEA_URL = os.getenv("GITEA_URL", "https://forge.alexanderwhitestone.com")
|
|
GITEA_TOKEN = os.getenv("GITEA_TOKEN", "")
|
|
ORG = "Timmy_Foundation"
|
|
PROJECT_ROOT = Path(__file__).resolve().parent.parent
|
|
CONFIG_DIR = PROJECT_ROOT / ".gitea" / "branch-protection"
|
|
|
|
|
|
def api_request(method: str, path: str, payload: dict | None = None) -> dict:
|
|
url = f"{GITEA_URL}/api/v1{path}"
|
|
data = json.dumps(payload).encode() if payload else None
|
|
req = urllib.request.Request(
|
|
url,
|
|
data=data,
|
|
method=method,
|
|
headers={
|
|
"Authorization": f"token {GITEA_TOKEN}",
|
|
"Content-Type": "application/json",
|
|
},
|
|
)
|
|
with urllib.request.urlopen(req, timeout=30) as resp:
|
|
return json.loads(resp.read().decode())
|
|
|
|
|
|
def build_branch_protection_payload(branch: str, rules: dict) -> dict:
|
|
return {
|
|
"branch_name": branch,
|
|
"rule_name": branch,
|
|
"required_approvals": rules.get("required_approvals", 1),
|
|
"block_on_rejected_reviews": rules.get("block_on_rejected_reviews", True),
|
|
"dismiss_stale_approvals": rules.get("dismiss_stale_approvals", True),
|
|
"block_deletions": rules.get("block_deletions", True),
|
|
"block_force_push": rules.get("block_force_push", rules.get("block_force_pushes", True)),
|
|
"block_admin_merge_override": rules.get("block_admin_merge_override", True),
|
|
"enable_status_check": rules.get("require_ci_to_merge", False),
|
|
"status_check_contexts": rules.get("status_check_contexts", []),
|
|
"block_on_outdated_branch": rules.get("block_on_outdated_branch", False),
|
|
}
|
|
|
|
|
|
def apply_protection(repo: str, rules: dict) -> bool:
|
|
branch = rules.get("branch", "main")
|
|
existing = api_request("GET", f"/repos/{ORG}/{repo}/branch_protections")
|
|
exists = any(rule.get("branch_name") == branch for rule in existing)
|
|
payload = build_branch_protection_payload(branch, rules)
|
|
|
|
try:
|
|
if exists:
|
|
api_request("PATCH", f"/repos/{ORG}/{repo}/branch_protections/{branch}", payload)
|
|
else:
|
|
api_request("POST", f"/repos/{ORG}/{repo}/branch_protections", payload)
|
|
print(f"✅ {repo}:{branch} synced")
|
|
return True
|
|
except Exception as exc:
|
|
print(f"❌ {repo}:{branch} failed: {exc}")
|
|
return False
|
|
|
|
|
|
def main() -> int:
|
|
if not GITEA_TOKEN:
|
|
print("ERROR: GITEA_TOKEN not set")
|
|
return 1
|
|
if not CONFIG_DIR.exists():
|
|
print(f"ERROR: config directory not found: {CONFIG_DIR}")
|
|
return 1
|
|
|
|
ok = 0
|
|
for cfg_path in sorted(CONFIG_DIR.glob("*.yml")):
|
|
repo = cfg_path.stem
|
|
with cfg_path.open() as fh:
|
|
cfg = yaml.safe_load(fh) or {}
|
|
rules = cfg.get("rules", {})
|
|
rules.setdefault("branch", cfg.get("branch", "main"))
|
|
if apply_protection(repo, rules):
|
|
ok += 1
|
|
|
|
print(f"\nSynced {ok} repo(s)")
|
|
return 0
|
|
|
|
|
|
if __name__ == "__main__":
|
|
raise SystemExit(main())
|