diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..bfcc077d --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,14 @@ +# CODEOWNERS reference: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +# These owners will be the default owners for everything in +# the repo. Unless a later match takes precedence, +# the following users/teams will be requested for +# review when someone opens a pull request. +# +# Maintainers +# - Stephen Augustus (@justaugustus) +* @uwu-tools/gh-jira-issue-sync-maintainers + +# Enforces admin protections for repo configuration via probot settings app. +# ref: https://github.com/probot/settings#security-implications +.github/settings.yml @uwu-tools/gh-jira-issue-sync-admins diff --git a/.github/settings.yml b/.github/settings.yml new file mode 100644 index 00000000..32973ada --- /dev/null +++ b/.github/settings.yml @@ -0,0 +1,75 @@ +repository: + # See https://developer.github.com/v3/repos/#edit for all available settings. + + # The name of the repository. Changing this will rename the repository + name: gh-jira-issue-sync + + # A short description of the repository that will show up on GitHub + description: A tool for synchronizing issue tracking from GitHub to JIRA + + # A URL with more information about the repository + homepage: https://pkg.go.dev/github.com/uwu-tools/gh-jira-issue-sync + + # Updates the default branch for this repository. + default_branch: main + + # Either `true` to enable automated security fixes, or `false` to disable + # automated security fixes. + enable_automated_security_fixes: true + + # Either `true` to enable vulnerability alerts, or `false` to disable + # vulnerability alerts. + enable_vulnerability_alerts: true + +# See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options +teams: + - name: gh-jira-issue-sync-admins + # The permission to grant the team. Can be one of: + # * `pull` - can pull, but not push to or administer this repository. + # * `push` - can pull and push, but not administer this repository. + # * `admin` - can pull, push and administer this repository. + # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions. + permission: admin + + - name: gh-jira-issue-sync-maintainers + permission: maintain + +# Collaborators: give specific users access to this repository. +# See https://docs.github.com/en/rest/reference/collaborators for available options +collaborators: [] + +branches: + - name: main + # https://docs.github.com/en/rest/reference/repos#update-branch-protection + # Branch Protection settings. Set to null to disable + protection: + # Required. Require at least one approving review on a pull request, before merging. Set to null to disable. + required_pull_request_reviews: + # The number of approvals required. (1-6) + required_approving_review_count: 1 + # Dismiss approved reviews automatically when a new commit is pushed. + dismiss_stale_reviews: true + # Blocks merge until code owners have reviewed. + require_code_owner_reviews: true + # Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories. + dismissal_restrictions: + users: [] + teams: [] + # Required. Require status checks to pass before merging. Set to null to disable + required_status_checks: + # Required. Require branches to be up to date before merging. + strict: true + checks: + - context: build + - context: verify + - context: test + # Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable. + # TODO(settings): Set to true once there are additional maintainers + enforce_admins: false + # Prevent merge commits from being pushed to matching branches + required_linear_history: true + # Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable. + restrictions: + apps: [] + users: [] + teams: []