@aspruyt/xfg 3.5.8 → 3.7.0

package/README.md

@@ -4,7 +4,7 @@
 [![codecov](https://codecov.io/gh/anthony-spruyt/xfg/graph/badge.svg)](https://codecov.io/gh/anthony-spruyt/xfg)
 [![npm version](https://img.shields.io/npm/v/@aspruyt/xfg.svg)](https://www.npmjs.com/package/@aspruyt/xfg)
 [![npm downloads](https://img.shields.io/npm/dw/@aspruyt/xfg.svg)](https://www.npmjs.com/package/@aspruyt/xfg)
-[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-xfg-blue?logo=github)](https://github.com/marketplace/actions/xfg-config-file-sync)
+[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-xfg-blue?logo=github)](https://github.com/marketplace/actions/xfg-repo-as-code)
 [![docs](https://img.shields.io/badge/docs-GitHub%20Pages-blue)](https://anthony-spruyt.github.io/xfg/)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 

package/dist/config-normalizer.js

@@ -92,10 +92,19 @@ export function mergeSettings(root, perRepo) {
         result.deleteOrphaned = deleteOrphaned;
     }
     // Merge repo settings: per-repo overrides root (shallow merge)
-    const rootRepo = root?.repo;
-    const perRepoRepo = perRepo?.repo;
-    if (rootRepo || perRepoRepo) {
-        result.repo = { ...rootRepo, ...perRepoRepo };
+    // repo: false means opt out of all root repo settings
+    if (perRepo?.repo === false) {
+        // Opt-out: don't include any repo settings
+    }
+    else {
+        const rootRepo = root?.repo;
+        const perRepoRepo = perRepo?.repo;
+        if (rootRepo || perRepoRepo) {
+            result.repo = {
+                ...(rootRepo === false ? {} : rootRepo),
+                ...perRepoRepo,
+            };
+        }
     }
     return Object.keys(result).length > 0 ? result : undefined;
 }

package/dist/config-validator.d.ts

@@ -7,7 +7,7 @@ export declare function validateRawConfig(config: RawConfig): void;
 /**
  * Validates settings object containing rulesets.
  */
-export declare function validateSettings(settings: unknown, context: string, rootRulesetNames?: string[]): void;
+export declare function validateSettings(settings: unknown, context: string, rootRulesetNames?: string[], hasRootRepoSettings?: boolean): void;
 /**
  * Validates that config is suitable for the sync command.
  * @throws Error if files section is missing or empty

package/dist/config-validator.js

@@ -252,7 +252,8 @@ export function validateRawConfig(config) {
             const rootRulesetNames = config.settings?.rulesets
                 ? Object.keys(config.settings.rulesets).filter((k) => k !== "inherit")
                 : [];
-            validateSettings(repo.settings, `Repo ${getGitDisplayName(repo.git)}`, rootRulesetNames);
+            const hasRootRepoSettings = config.settings?.repo !== undefined && config.settings.repo !== false;
+            validateSettings(repo.settings, `Repo ${getGitDisplayName(repo.git)}`, rootRulesetNames, hasRootRepoSettings);
         }
     }
 }
@@ -318,12 +319,17 @@ function validateRepoSettings(repo, context) {
         "secretScanning",
         "secretScanningPushProtection",
         "privateVulnerabilityReporting",
+        "webCommitSignoffRequired",
     ];
     for (const field of booleanFields) {
         if (r[field] !== undefined && typeof r[field] !== "boolean") {
             throw new Error(`${context}: ${field} must be a boolean`);
         }
     }
+    // Validate string fields
+    if (r.defaultBranch !== undefined && typeof r.defaultBranch !== "string") {
+        throw new Error(`${context}: defaultBranch must be a string`);
+    }
     // Validate enum fields
     if (r.visibility !== undefined &&
         !VALID_VISIBILITY.includes(r.visibility)) {
@@ -552,7 +558,7 @@ function validateRuleset(ruleset, name, context) {
 /**
  * Validates settings object containing rulesets.
  */
-export function validateSettings(settings, context, rootRulesetNames) {
+export function validateSettings(settings, context, rootRulesetNames, hasRootRepoSettings) {
     if (typeof settings !== "object" ||
         settings === null ||
         Array.isArray(settings)) {
@@ -585,7 +591,20 @@ export function validateSettings(settings, context, rootRulesetNames) {
     }
     // Validate repo settings
     if (s.repo !== undefined) {
-        validateRepoSettings(s.repo, context);
+        if (s.repo === false) {
+            if (!rootRulesetNames) {
+                // Root level — repo: false not valid here
+                throw new Error(`${context}: repo: false is not valid at root level. Define repo settings or remove the field.`);
+            }
+            // Per-repo level — check root has repo settings to opt out of
+            if (!hasRootRepoSettings) {
+                throw new Error(`${context}: Cannot opt out of repo settings — not defined in root settings.repo`);
+            }
+            // Valid opt-out, skip further repo validation
+        }
+        else {
+            validateRepoSettings(s.repo, context);
+        }
     }
 }
 // =============================================================================

package/dist/config.d.ts

@@ -239,6 +239,8 @@ export interface GitHubRepoSettings {
     allowForking?: boolean;
     visibility?: RepoVisibility;
     archived?: boolean;
+    webCommitSignoffRequired?: boolean;
+    defaultBranch?: string;
     allowSquashMerge?: boolean;
     allowMergeCommit?: boolean;
     allowRebaseMerge?: boolean;
@@ -289,7 +291,7 @@ export interface RawRepoSettings {
     rulesets?: Record<string, Ruleset | false> & {
         inherit?: boolean;
     };
-    repo?: GitHubRepoSettings;
+    repo?: GitHubRepoSettings | false;
     deleteOrphaned?: boolean;
 }
 export interface RawRepoConfig {

package/dist/repo-settings-diff.js

@@ -20,6 +20,8 @@ const PROPERTY_MAPPING = {
     squashMergeCommitMessage: "squash_merge_commit_message",
     mergeCommitTitle: "merge_commit_title",
     mergeCommitMessage: "merge_commit_message",
+    webCommitSignoffRequired: "web_commit_signoff_required",
+    defaultBranch: "default_branch",
     vulnerabilityAlerts: "_vulnerability_alerts",
     automatedSecurityFixes: "_automated_security_fixes",
     secretScanning: "_secret_scanning",

package/dist/repo-settings-plan-formatter.js

@@ -29,6 +29,9 @@ function getWarning(change) {
         change.newValue === false) {
         return `disabling ${change.property} may hide existing content`;
     }
+    if (change.property === "defaultBranch") {
+        return `changing default branch may affect existing PRs, CI workflows, and branch protections`;
+    }
     return undefined;
 }
 /**

package/dist/strategies/github-repo-settings-strategy.js

@@ -32,6 +32,8 @@ function configToGitHubPayload(settings) {
         "squashMergeCommitMessage",
         "mergeCommitTitle",
         "mergeCommitMessage",
+        "webCommitSignoffRequired",
+        "defaultBranch",
     ];
     for (const key of directMappings) {
         if (settings[key] !== undefined) {

package/dist/strategies/repo-settings-strategy.d.ts

@@ -26,6 +26,8 @@ export interface CurrentRepoSettings {
     squash_merge_commit_message?: string;
     merge_commit_title?: string;
     merge_commit_message?: string;
+    web_commit_signoff_required?: boolean;
+    default_branch?: string;
     security_and_analysis?: {
         secret_scanning?: {
             status: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aspruyt/xfg",
-  "version": "3.5.8",
+  "version": "3.7.0",
   "description": "CLI tool for repository-as-code",
   "type": "module",
   "main": "dist/index.js",