Skip to content

feat: protect default branch instead of main#196

Open
AlexanderLanin wants to merge 1 commit into
eclipse-score:mainfrom
etas-contrib:split_rulesets
Open

feat: protect default branch instead of main#196
AlexanderLanin wants to merge 1 commit into
eclipse-score:mainfrom
etas-contrib:split_rulesets

Conversation

@AlexanderLanin

Copy link
Copy Markdown
Member

protect default branch instead of main

  • move archived repos to the end
  • drop test integration with module a + b

+ move archived repos to the end
+ drop test integration with module a + b
@AlexanderLanin AlexanderLanin requested a review from a team as a code owner June 10, 2026 19:17
@eclipse-otterdog

Copy link
Copy Markdown
Contributor

Thank you for raising a pull request to update the configuration of your GitHub organization.
You can manually add reviewers to this PR to eventually enable auto-merging.

The following conditions need to be fulfilled for auto-merging to be available:

  • valid configuration
  • approved by a project lead
  • does not require any secrets
  • does not update settings only accessible via the GitHub Web UI
  • does not remove any resource
Otterdog commands and options

You can trigger otterdog actions by commenting on this PR:

  • /otterdog team-info checks the team / org membership for the PR author
  • /otterdog validate validates the configuration change
  • /otterdog validate info validates the configuration change, printing also validation infos
  • /otterdog check-sync checks if the base ref is in sync with live settings
  • /otterdog merge merges and applies the changes if the PR is eligible for auto-merging (only accessible for the author)
  • /otterdog done notifies the self-service bot that a required manual apply operation has been performed (only accessible for members of the admin team)
  • /otterdog apply re-apply a previously failed attempt (only accessible for members of the admin team)

@eclipse-otterdog

Copy link
Copy Markdown
Contributor

The author (AlexanderLanin) of this PR is associated with this organization in the role of MEMBER.

Additionally, AlexanderLanin is a member of the following teams:

@eclipse-otterdog

Copy link
Copy Markdown
Contributor

Please find below the validation of the requested configuration changes:

Diff for ca34120
Project automotive.score[github_id=eclipse-score]
  there have been 39 validation infos, enable verbose output to display them.

  
!   repo_ruleset[name="main", repository=.github] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=apt-install] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=bazel-tools-cc] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=bazel-tools-python] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=bazel_cpp_toolchains] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=bazel_platforms] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=cicd-actions] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=cicd-workflows] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=dash-license-scan] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=dev_playground] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=docs-as-code] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=eclipse-score.github.io] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=feo] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=ferrocene_toolchain_builder] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=inc_daal] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=inc_diagnostics] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=inc_os_autosd] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=inc_security_crypto] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=inc_time] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=infrastructure] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=mcp-servers] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=module_template] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=more-disk-space] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=os_images] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=process_description] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=rules_imagefs] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=rules_rust] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=sbom-tool] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=score] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=score_cpp_policies] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=score_rust_policies] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=scrample] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

-  remove repository[name="test_integration"] {
-    allow_auto_merge                           = false
-    allow_forking                              = true
-    allow_merge_commit                         = false
-    allow_rebase_merge                         = false
-    allow_squash_merge                         = true
-    allow_update_branch                        = true
-    archived                                   = true
-    code_scanning_default_setup_enabled        = false
-    custom_properties                          = {
-      category                                   = "infrastructure"
-      eclipse_project                            = "automotive.score"
-    }
-    default_branch                             = "main"
-    delete_branch_on_merge                     = true
-    dependabot_alerts_enabled                  = true
-    dependabot_security_updates_enabled        = true
-    description                                = "Tests for the integration infrastructure"
-    gh_pages_build_type                        = "disabled"
-    has_discussions                            = false
-    has_issues                                 = true
-    has_projects                               = false
-    has_wiki                                   = false
-    homepage                                   = null
-    is_template                                = false
-    merge_commit_message                       = "PR_TITLE"
-    merge_commit_title                         = "MERGE_MESSAGE"
-    name                                       = "test_integration"
-    private                                    = false
-    private_vulnerability_reporting_enabled    = false
-    secret_scanning                            = "enabled"
-    secret_scanning_push_protection            = "enabled"
-    squash_merge_commit_message                = "COMMIT_MESSAGES"
-    squash_merge_commit_title                  = "COMMIT_OR_PR_TITLE"
-    template_repository                        = null
-    topics                                     = []
-    workflows                                  = {
-      actions_can_approve_pull_request_reviews   = true
-      allow_action_patterns                      = []
-      allow_github_owned_actions                 = true
-      allow_verified_creator_actions             = true
-      allowed_actions                            = "all"
-      default_workflow_permissions               = "read"
-      enabled                                    = true
-    }
-  }

-  remove repository[name="test_module_a"] {
-    allow_auto_merge                           = false
-    allow_forking                              = true
-    allow_merge_commit                         = false
-    allow_rebase_merge                         = false
-    allow_squash_merge                         = true
-    allow_update_branch                        = true
-    archived                                   = true
-    code_scanning_default_setup_enabled        = false
-    custom_properties                          = {
-      category                                   = "infrastructure"
-      eclipse_project                            = "automotive.score"
-    }
-    default_branch                             = "main"
-    delete_branch_on_merge                     = true
-    dependabot_alerts_enabled                  = true
-    dependabot_security_updates_enabled        = true
-    description                                = "Dummy module for testing the integration infrastructure"
-    gh_pages_build_type                        = "disabled"
-    has_discussions                            = false
-    has_issues                                 = true
-    has_projects                               = false
-    has_wiki                                   = false
-    homepage                                   = null
-    is_template                                = false
-    merge_commit_message                       = "PR_TITLE"
-    merge_commit_title                         = "MERGE_MESSAGE"
-    name                                       = "test_module_a"
-    private                                    = false
-    private_vulnerability_reporting_enabled    = false
-    secret_scanning                            = "enabled"
-    secret_scanning_push_protection            = "enabled"
-    squash_merge_commit_message                = "COMMIT_MESSAGES"
-    squash_merge_commit_title                  = "COMMIT_OR_PR_TITLE"
-    template_repository                        = "eclipse-score/module_template"
-    topics                                     = []
-    workflows                                  = {
-      actions_can_approve_pull_request_reviews   = true
-      allow_action_patterns                      = []
-      allow_github_owned_actions                 = true
-      allow_verified_creator_actions             = true
-      allowed_actions                            = "all"
-      default_workflow_permissions               = "read"
-      enabled                                    = true
-    }
-  }

-  remove repository[name="test_module_b"] {
-    allow_auto_merge                           = false
-    allow_forking                              = true
-    allow_merge_commit                         = false
-    allow_rebase_merge                         = false
-    allow_squash_merge                         = true
-    allow_update_branch                        = true
-    archived                                   = true
-    code_scanning_default_setup_enabled        = false
-    custom_properties                          = {
-      category                                   = "infrastructure"
-      eclipse_project                            = "automotive.score"
-    }
-    default_branch                             = "main"
-    delete_branch_on_merge                     = true
-    dependabot_alerts_enabled                  = true
-    dependabot_security_updates_enabled        = true
-    description                                = "Dummy module for testing the integration infrastructure"
-    gh_pages_build_type                        = "disabled"
-    has_discussions                            = false
-    has_issues                                 = true
-    has_projects                               = false
-    has_wiki                                   = false
-    homepage                                   = null
-    is_template                                = false
-    merge_commit_message                       = "PR_TITLE"
-    merge_commit_title                         = "MERGE_MESSAGE"
-    name                                       = "test_module_b"
-    private                                    = false
-    private_vulnerability_reporting_enabled    = false
-    secret_scanning                            = "enabled"
-    secret_scanning_push_protection            = "enabled"
-    squash_merge_commit_message                = "COMMIT_MESSAGES"
-    squash_merge_commit_title                  = "COMMIT_OR_PR_TITLE"
-    template_repository                        = "eclipse-score/module_template"
-    topics                                     = []
-    workflows                                  = {
-      actions_can_approve_pull_request_reviews   = true
-      allow_action_patterns                      = []
-      allow_github_owned_actions                 = true
-      allow_verified_creator_actions             = true
-      allowed_actions                            = "all"
-      default_workflow_permissions               = "read"
-      enabled                                    = true
-    }
-  }

  
!   repo_ruleset[name="main", repository=testing_tools] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=toolchains_gcc] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=toolchains_gcc_packages] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=toolchains_rust] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=tooling] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=tools] {
!     include_refs = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!   }
  
  Plan: 0 to add, 38 to change, 3 to delete.

@eclipse-otterdog

Copy link
Copy Markdown
Contributor

Note

The current configuration is out-of-sync with the live settings:

Diff to live settings
Project automotive.score[github_id=eclipse-score]
  there have been 39 validation infos, enable verbose output to display them.

  
!   repository[name="score"] {
!     topics = [
-      "specification"
!     ]
!   }

  
!   repository[name="persistency"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name=".github"] {
!     code_scanning_default_languages = [
-      "javascript"
+      "javascript-typescript"
-      "typescript"
!     ]
!   }

  
!   repo_ruleset[name="main", repository=bazel_registry] {
!     bypass_actors           = [
+      "#OrganizationAdmin"
!     ]
!     include_refs            = [
!       "refs/heads/main" -> "~DEFAULT_BRANCH"
!     ]
!     requires_linear_history = false -> true
!   }

  
!   repository[name="process_description"] {
!     topics = [
-      "process"
-      "specification"
!     ]
!   }

  
!   repository[name="itf"] {
!     topics = [
-      "testing"
-      "tooling"
!     ]
!   }

  
!   repository[name="tooling"] {
-    homepage = "",
!     topics   = [
-      "tooling"
!     ]
!   }

  
!   repository[name="baselibs"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name="communication"] {
-    homepage = "",
!     topics   = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name="toolchains_qnx"] {
-    homepage = "",
!     topics   = [
-      "toolchain"
-      "toolin"
!     ]
!   }

  
!   repository[name="toolchains_gcc"] {
-    homepage = "",
!     topics   = [
-      "toolchain"
-      "tooling"
!     ]
!   }

  
!   repository[name="cicd-workflows"] {
-    homepage = "",
!     topics   = [
-      "ci-cd"
-      "tooling"
!     ]
!   }

  
!   repository[name="toolchains_rust"] {
-    homepage = "",
!     topics   = [
-      "toolchain"
-      "tooling"
!     ]
!   }

  
!   repository[name="toolchains_gcc_packages"] {
-    homepage = "",
!     topics   = [
-      "toolchain"
-      "tooling"
!     ]
!   }

  
!   repository[name="docs-as-code"] {
!     code_scanning_default_query_suite = "extended" -> "default"
!     topics                            = [
-      "tooling"
!     ]
!   }

  
!   repository[name="orchestrator"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name="testing_tools"] {
-    homepage = "",
!     topics   = [
-      "testing"
-      "tooling"
!     ]
!   }

  
!   repository[name="devcontainer"] {
-    homepage = "",
!     topics   = [
-      "tooling"
!     ]
!   }

  
!   repository[name="feo"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name="inc_daal"] {
!     topics = [
-      "incubation"
-      "module-implementation"
!     ]
!   }

  
!   repository[name="bazel_platforms"] {
-    homepage = "",
!     topics   = [
-      "bazel"
-      "tooling"
!     ]
!   }

  
!   repository[name="nlohmann_json"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name="inc_os_autosd"] {
!     topics = [
-      "incubation"
-      "reference-platform"
!     ]
!   }

  
!   repository[name="bazel-tools-python"] {
-    homepage = "",
!     topics   = [
-      "python"
-      "tooling"
!     ]
!   }

  
!   repository[name="bazel-tools-cc"] {
-    homepage = "",
!     topics   = [
-      "clang"
-      "clang-tidy"
-      "tooling"
!     ]
!   }

  
!   repository[name="lifecycle"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name="logging"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

-  remove environment[name="copilot", repository=logging] {
-    deployment_branch_policy = "all"
-    name                     = "copilot"
-    reviewers                = []
-    wait_timer               = 0
-  }

  
!   repository[name="scrample"] {
!     topics = [
-      "module-implementation"
-      "sample"
!     ]
!   }

  
!   repository[name="score-crates"] {
!     topics = [
-      "tooling"
!     ]
!   }

  
!   repository[name="inc_someip_gateway"] {
!     topics = [
-      "incubation"
-      "module-implementation"
!     ]
!   }

-  remove environment[name="copilot", repository=inc_someip_gateway] {
-    deployment_branch_policy = "all"
-    name                     = "copilot"
-    reviewers                = []
-    wait_timer               = 0
-  }

  
!   repository[name="dash-license-scan"] {
-    homepage = "",
!     topics   = [
-      "tooling"
!     ]
!   }

  
!   repository[name="tools"] {
-    homepage = "",
!     topics   = [
-      "tooling"
!     ]
!   }

  
!   repository[name="baselibs_rust"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name="inc_diagnostics"] {
!     topics = [
-      "incubation"
-      "module-implementation"
!     ]
!   }

  
!   repository[name="inc_time"] {
!     topics = [
-      "incubation"
-      "module-implementation"
!     ]
!   }

  
!   repository[name="os_images"] {
-    homepage = "",
!     topics   = [
-      "integration"
!     ]
!   }

  
!   repository[name="bazel_cpp_toolchains"] {
-    homepage = "",
!     topics   = [
-      "toolchain"
-      "tooling"
!     ]
!   }

  
!   repository[name="score_rust_policies"] {
!     topics = [
-      "tooling"
!     ]
!   }

  
!   repository[name="kyron"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name="config_management"] {
!     topics = [
-      "module-implementation"
!     ]
!   }

  
!   repository[name="ferrocene_toolchain_builder"] {
-    homepage = "",
!     topics   = [
-      "toolchain"
-      "tooling"
!     ]
!   }

  
!   repository[name="more-disk-space"] {
!     code_scanning_default_languages = [
-      "javascript"
-      "typescript"
+      "javascript-typescript"
!     ]
!   }

-  remove environment[name="copilot", repository=more-disk-space] {
-    deployment_branch_policy = "all"
-    name                     = "copilot"
-    reviewers                = []
-    wait_timer               = 0
-  }

  
!   repository[name="inc_security_crypto"] {
!     topics = [
-      "incubation"
-      "module-implementation"
!     ]
!   }

-  remove environment[name="copilot", repository=inc_security_crypto] {
-    deployment_branch_policy = "all"
-    name                     = "copilot"
-    reviewers                = []
-    wait_timer               = 0
-  }

  
!   repository[name="rules_imagefs"] {
-    homepage = "",
!     topics   = [
-      "filesystem"
-      "image"
-      "tooling"
!     ]
!   }

  
!   repository[name="rules_rust"] {
-    homepage = "",
!     topics   = [
-      "bazel"
-      "tooling"
!     ]
!   }

  
!   repository[name="infrastructure"] {
!     topics = [
-      "tooling"
!     ]
!   }

  
!   repository[name="score_cpp_policies"] {
!     topics = [
-      "tooling"
!     ]
!   }

  
!   repository[name="sbom-tool"] {
-    homepage = "",
!     topics   = [
-      "tooling"
!     ]
!   }

  
!   repository[name="cicd-actions"] {
!     code_scanning_default_languages = [
-      "javascript"
-      "typescript"
+      "javascript-typescript"
!     ]
-    homepage                        = "",
!     topics                          = [
-      "ci-cd"
-      "tooling"
!     ]
!   }

  
!   repository[name="qnx_unit_tests"] {
-    homepage = "",
!     topics   = [
-      "testing"
-      "tooling"
!     ]
!   }

  
!   repository[name="mcp-servers"] {
-    homepage = "",
!     topics   = [
-      "ai"
-      "tooling"
!     ]
!   }
  
  Plan: 0 to add, 78 to change, 4 to delete.

@antonkri antonkri self-requested a review June 19, 2026 11:04
@AlexanderLanin

Copy link
Copy Markdown
Member Author

/otterdog merge

@eclipse-otterdog

Copy link
Copy Markdown
Contributor

Warning

This pull request cannot be auto-merged via /otterdog merge

  • pull request cannot be automatically merged (contains secrets, requires web UI changes, includes deletions or touches non-configuration files)

@AlexanderLanin

Copy link
Copy Markdown
Member Author

argh. @eclipse-score/eclipsefdn-security can you merge please? This deleted 3 empty test repositories

@AlexanderLanin

Copy link
Copy Markdown
Member Author

@eclipse-score/eclipsefdn-security sorry to bother you again, but can we get this merged before we end up in merge conflicts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants