@i-santos/create-package-starter 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -1
- package/lib/run.js +31 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -79,7 +79,8 @@ All commands print a deterministic summary with:
|
|
|
79
79
|
- delete branch on merge
|
|
80
80
|
- auto-merge enabled
|
|
81
81
|
- squash-only merge policy
|
|
82
|
-
-
|
|
82
|
+
- set Actions workflow default permissions to `write` (with PR review approvals enabled for workflows)
|
|
83
|
+
- create/update branch ruleset with required PR, 0 approvals by default, stale review dismissal, resolved conversations, and deletion/force-push protection
|
|
83
84
|
|
|
84
85
|
If `gh` is missing or unauthenticated, command exits non-zero with actionable guidance.
|
|
85
86
|
|
package/lib/run.js
CHANGED
|
@@ -581,7 +581,7 @@ function createBaseRulesetPayload(defaultBranch) {
|
|
|
581
581
|
{
|
|
582
582
|
type: 'pull_request',
|
|
583
583
|
parameters: {
|
|
584
|
-
required_approving_review_count:
|
|
584
|
+
required_approving_review_count: 0,
|
|
585
585
|
dismiss_stale_reviews_on_push: true,
|
|
586
586
|
require_code_owner_review: false,
|
|
587
587
|
require_last_push_approval: false,
|
|
@@ -663,6 +663,26 @@ function upsertRuleset(deps, repo, rulesetPayload) {
|
|
|
663
663
|
return 'updated';
|
|
664
664
|
}
|
|
665
665
|
|
|
666
|
+
function updateWorkflowPermissions(deps, repo) {
|
|
667
|
+
const workflowPermissionsPayload = {
|
|
668
|
+
default_workflow_permissions: 'write',
|
|
669
|
+
can_approve_pull_request_reviews: true
|
|
670
|
+
};
|
|
671
|
+
|
|
672
|
+
const result = ghApi(
|
|
673
|
+
deps,
|
|
674
|
+
'PUT',
|
|
675
|
+
`/repos/${repo}/actions/permissions/workflow`,
|
|
676
|
+
workflowPermissionsPayload
|
|
677
|
+
);
|
|
678
|
+
|
|
679
|
+
if (result.status !== 0) {
|
|
680
|
+
throw new Error(
|
|
681
|
+
`Failed to update workflow permissions: ${result.stderr || result.stdout}`.trim()
|
|
682
|
+
);
|
|
683
|
+
}
|
|
684
|
+
}
|
|
685
|
+
|
|
666
686
|
function setupGithub(args, dependencies = {}) {
|
|
667
687
|
const deps = {
|
|
668
688
|
exec: dependencies.exec || execCommand
|
|
@@ -674,10 +694,17 @@ function setupGithub(args, dependencies = {}) {
|
|
|
674
694
|
const rulesetPayload = createRulesetPayload(args);
|
|
675
695
|
const summary = createSummary();
|
|
676
696
|
|
|
677
|
-
summary.updatedScriptKeys.push(
|
|
697
|
+
summary.updatedScriptKeys.push(
|
|
698
|
+
'repository.default_branch',
|
|
699
|
+
'repository.delete_branch_on_merge',
|
|
700
|
+
'repository.allow_auto_merge',
|
|
701
|
+
'repository.merge_policy',
|
|
702
|
+
'actions.default_workflow_permissions'
|
|
703
|
+
);
|
|
678
704
|
|
|
679
705
|
if (args.dryRun) {
|
|
680
706
|
summary.warnings.push(`dry-run: would update repository settings for ${repo}`);
|
|
707
|
+
summary.warnings.push(`dry-run: would set actions workflow permissions to write for ${repo}`);
|
|
681
708
|
summary.warnings.push(`dry-run: would upsert ruleset "${rulesetPayload.name}" for refs/heads/${args.defaultBranch}`);
|
|
682
709
|
printSummary(`GitHub settings dry-run for ${repo}`, summary);
|
|
683
710
|
return;
|
|
@@ -697,6 +724,8 @@ function setupGithub(args, dependencies = {}) {
|
|
|
697
724
|
throw new Error(`Failed to update repository settings: ${patchRepo.stderr || patchRepo.stdout}`.trim());
|
|
698
725
|
}
|
|
699
726
|
|
|
727
|
+
updateWorkflowPermissions(deps, repo);
|
|
728
|
+
|
|
700
729
|
const upsertResult = upsertRuleset(deps, repo, rulesetPayload);
|
|
701
730
|
summary.overwrittenFiles.push(`github-ruleset:${upsertResult}`);
|
|
702
731
|
|