Merge pull request #374 from stackhpc/epoxy-master-bp

Alex-Welsh · web-flow · commit 716eaa38a6e8 · 2025-01-27T13:54:06.000Z
Add stackhpc/master and Epoxy branch protection
diff --git a/terraform/github/branches.tf b/terraform/github/branches.tf
@@ -204,6 +204,77 @@ resource "github_branch_protection" "kayobe_branch_protection_caracal" {
   }
 }
 
+resource "github_branch_protection" "kayobe_branch_protection_epoxy" {
+  for_each      = toset(var.repositories["Kayobe"])
+  repository_id = data.github_repository.repositories[each.key].node_id
+
+  pattern                         = "stackhpc/2025.1"
+  require_conversation_resolution = true
+  allows_deletions                = false
+  allows_force_pushes             = false
+
+  required_pull_request_reviews {
+    dismiss_stale_reviews           = true
+    require_code_owner_reviews      = true
+    required_approving_review_count = 1
+  }
+
+  push_restrictions = [
+    resource.github_team.organisation_teams["Developers"].node_id
+  ]
+
+  required_status_checks {
+    contexts = lookup(lookup(var.required_status_checks, each.key, {}), "stackhpc/2025.1", lookup(var.required_status_checks, each.key, {
+      "default" : [
+        "tox / Tox pep8 with Python 3.12",
+        "tox / Tox py3 with Python 3.12",
+        "tox / Tox py3 with Python 3.10"
+      ]
+    }).default)
+    strict = false
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+
+resource "github_branch_protection" "kayobe_branch_protection_master" {
+  for_each      = toset(var.repositories["Kayobe"])
+  repository_id = data.github_repository.repositories[each.key].node_id
+
+  pattern                         = "stackhpc/master"
+  require_conversation_resolution = true
+  allows_deletions                = false
+  allows_force_pushes             = false
+
+  required_pull_request_reviews {
+    dismiss_stale_reviews           = true
+    require_code_owner_reviews      = true
+    required_approving_review_count = 1
+  }
+
+  push_restrictions = [
+    resource.github_team.organisation_teams["Developers"].node_id
+  ]
+
+  required_status_checks {
+    contexts = lookup(lookup(var.required_status_checks, each.key, {}), "stackhpc/master", lookup(var.required_status_checks, each.key, {
+      "default" : [
+        "tox / Tox pep8 with Python 3.12",
+        "tox / Tox py3 with Python 3.12",
+        "tox / Tox py3 with Python 3.10"
+      ]
+    }).default)
+    strict = false
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
 resource "github_branch_protection" "openstack_branch_protection_py_3-6" {
   for_each      = toset(var.repositories["OpenStack"])
   repository_id = data.github_repository.repositories[each.key].node_id
@@ -346,6 +417,76 @@ resource "github_branch_protection" "openstack_branch_protection_caracal" {
   }
 }
 
+resource "github_branch_protection" "openstack_branch_protection_epoxy" {
+  for_each      = toset(var.repositories["OpenStack"])
+  repository_id = data.github_repository.repositories[each.key].node_id
+
+  pattern                         = "stackhpc/2025.1"
+  require_conversation_resolution = true
+  allows_deletions                = false
+  allows_force_pushes             = false
+
+  push_restrictions = [
+    resource.github_team.organisation_teams["Developers"].node_id
+  ]
+
+  required_pull_request_reviews {
+    dismiss_stale_reviews           = true
+    require_code_owner_reviews      = true
+    required_approving_review_count = 1
+  }
+
+  required_status_checks {
+    contexts = lookup(lookup(var.required_status_checks, each.key, {}), "stackhpc/2025.1", lookup(var.required_status_checks, each.key, {
+      "default" : [
+        "tox / Tox pep8 with Python 3.12",
+        "tox / Tox py3 with Python 3.12",
+        "tox / Tox py3 with Python 3.10"
+      ]
+    }).default)
+    strict = false
+  }
+
+  lifecycle {
+    prevent_destroy = false
+  }
+}
+
+resource "github_branch_protection" "openstack_branch_protection_master" {
+  for_each      = toset(var.repositories["OpenStack"])
+  repository_id = data.github_repository.repositories[each.key].node_id
+
+  pattern                         = "stackhpc/master"
+  require_conversation_resolution = true
+  allows_deletions                = false
+  allows_force_pushes             = false
+
+  push_restrictions = [
+    resource.github_team.organisation_teams["Developers"].node_id
+  ]
+
+  required_pull_request_reviews {
+    dismiss_stale_reviews           = true
+    require_code_owner_reviews      = true
+    required_approving_review_count = 1
+  }
+
+  required_status_checks {
+    contexts = lookup(lookup(var.required_status_checks, each.key, {}), "stackhpc/master", lookup(var.required_status_checks, each.key, {
+      "default" : [
+        "tox / Tox pep8 with Python 3.12",
+        "tox / Tox py3 with Python 3.12",
+        "tox / Tox py3 with Python 3.10"
+      ]
+    }).default)
+    strict = false
+  }
+
+  lifecycle {
+    prevent_destroy = false
+  }
+}
+
 resource "github_branch_protection" "platform_branch_protection" {
   for_each      = toset(var.repositories["Platform"])
   repository_id = data.github_repository.repositories[each.key].node_id
diff --git a/terraform/github/import_resources.py b/terraform/github/import_resources.py
@@ -235,6 +235,14 @@ def main() -> None:
             branch_protection_resource = BranchProtection(team_id.name.lower(
             ), {f"{name}:stackhpc/2024.1": name for name in team_repositories}, parsed_args.dry_run, "_caracal")
             branch_protection_resource.refresh_resource()
+            # Epoxy branch protection
+            branch_protection_resource = BranchProtection(team_id.name.lower(
+            ), {f"{name}:stackhpc/2025.1": name for name in team_repositories}, parsed_args.dry_run, "_epoxy")
+            branch_protection_resource.refresh_resource()
+            # Master branch protection
+            branch_protection_resource = BranchProtection(team_id.name.lower(
+            ), {f"{name}:stackhpc/master": name for name in team_repositories}, parsed_args.dry_run, "_master")
+            branch_protection_resource.refresh_resource()
         elif team_id == TeamID.SMSLAB:
             branch_protection_resource = BranchProtection(team_id.name.lower(
             ), {f"{name}:smslab/[y,z,2]*": name for name in team_repositories}, parsed_args.dry_run)
