cac06c2ac7
Universal: Auto Version Bump / Version Bump (push) Successful in 12s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: PR Check / Require Docs Update (pull_request) Has been skipped
Universal: PR Check / Wiki Update Reminder (pull_request) Has been skipped
PR RC Release / Build RC Release (pull_request) Successful in 4s
Universal: PR Check / Validate PR (pull_request) Successful in 14s
Branch Cleanup / Delete merged branch (pull_request) Successful in 2s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Generic: Project CI / Lint & Validate (pull_request) Successful in 1m3s
Universal: PR Check / Secret Scan (pull_request) Successful in 1m42s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Extend org-level branch protection to support per-user allowlists (resolved from username OR email) and an "allow Actions bot" toggle, alongside the existing team allowlists, for all five categories (push, merge, force-push, delete, approvals). - models/git/org_protected_branch.go: add WhitelistUserIDs, MergeWhitelistUserIDs, ForcePushAllowlistUserIDs, DeleteAllowlistUserIDs, ApprovalsWhitelistUserIDs ([]int64) plus WhitelistActionsUser, MergeWhitelistActionsUser, ForcePushAllowlistActionsUser, DeleteAllowlistActionsUser (bool); copy all 9 into ProtectedBranch in ToProtectedBranch(). - models/migrations/v1_27/v368.go: migration 367 adds the 9 columns. - modules/structs/org_branch.go: add *Usernames []string and *ActionsUser bool to Create/Edit options and the response, matching repo-level json names. - routers/api/v1/org/branch_protection.go: resolveUserIDs (username then email, dedupe, 422 on unknown); wire into Create + Edit and toAPIOrgBranchProtection. - models/git/protected_branch_merge.go: add mergeAllowFlag and merge the four Actions-user flags most-restrictively (org can now express them); deploy-key flags stay repo-only pass-through. - models/git/protected_branch_merge_test.go: mergeAllowFlag truth table, user-ID intersection, deploy-key pass-through. - regenerate swagger v1 + openapi3 specs. Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT
132 lines
8.4 KiB
Go
132 lines
8.4 KiB
Go
// Copyright 2026 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package structs
|
|
|
|
import "time"
|
|
|
|
// OrgBranchProtection represents an org-level branch protection ruleset
|
|
type OrgBranchProtection struct {
|
|
ID int64 `json:"id"`
|
|
OrgID int64 `json:"org_id"`
|
|
RuleName string `json:"rule_name"`
|
|
Priority int64 `json:"priority"`
|
|
EnablePush bool `json:"enable_push"`
|
|
EnablePushWhitelist bool `json:"enable_push_whitelist"`
|
|
PushWhitelistTeams []string `json:"push_whitelist_teams"`
|
|
PushWhitelistUsernames []string `json:"push_whitelist_usernames"`
|
|
PushWhitelistActionsUser bool `json:"push_whitelist_actions_user"`
|
|
EnableForcePush bool `json:"enable_force_push"`
|
|
EnableForcePushAllowlist bool `json:"enable_force_push_allowlist"`
|
|
ForcePushAllowlistTeams []string `json:"force_push_allowlist_teams"`
|
|
ForcePushAllowlistUsernames []string `json:"force_push_allowlist_usernames"`
|
|
ForcePushAllowlistActionsUser bool `json:"force_push_allowlist_actions_user"`
|
|
EnableDelete bool `json:"enable_delete"`
|
|
EnableDeleteAllowlist bool `json:"enable_delete_allowlist"`
|
|
DeleteAllowlistTeams []string `json:"delete_allowlist_teams"`
|
|
DeleteAllowlistUsernames []string `json:"delete_allowlist_usernames"`
|
|
DeleteAllowlistActionsUser bool `json:"delete_allowlist_actions_user"`
|
|
EnableMergeWhitelist bool `json:"enable_merge_whitelist"`
|
|
MergeWhitelistTeams []string `json:"merge_whitelist_teams"`
|
|
MergeWhitelistUsernames []string `json:"merge_whitelist_usernames"`
|
|
MergeWhitelistActionsUser bool `json:"merge_whitelist_actions_user"`
|
|
EnableStatusCheck bool `json:"enable_status_check"`
|
|
StatusCheckContexts []string `json:"status_check_contexts"`
|
|
RequiredApprovals int64 `json:"required_approvals"`
|
|
EnableApprovalsWhitelist bool `json:"enable_approvals_whitelist"`
|
|
ApprovalsWhitelistTeams []string `json:"approvals_whitelist_teams"`
|
|
ApprovalsWhitelistUsernames []string `json:"approvals_whitelist_username"`
|
|
BlockOnRejectedReviews bool `json:"block_on_rejected_reviews"`
|
|
BlockOnOfficialReviewRequests bool `json:"block_on_official_review_requests"`
|
|
BlockOnOutdatedBranch bool `json:"block_on_outdated_branch"`
|
|
DismissStaleApprovals bool `json:"dismiss_stale_approvals"`
|
|
IgnoreStaleApprovals bool `json:"ignore_stale_approvals"`
|
|
RequireSignedCommits bool `json:"require_signed_commits"`
|
|
ProtectedFilePatterns string `json:"protected_file_patterns"`
|
|
UnprotectedFilePatterns string `json:"unprotected_file_patterns"`
|
|
BlockAdminMergeOverride bool `json:"block_admin_merge_override"`
|
|
// swagger:strfmt date-time
|
|
Created time.Time `json:"created_at"`
|
|
// swagger:strfmt date-time
|
|
Updated time.Time `json:"updated_at"`
|
|
}
|
|
|
|
// CreateOrgBranchProtectionOption options for creating an org-level branch protection
|
|
type CreateOrgBranchProtectionOption struct {
|
|
RuleName string `json:"rule_name" binding:"Required"`
|
|
Priority int64 `json:"priority"`
|
|
EnablePush bool `json:"enable_push"`
|
|
EnablePushWhitelist bool `json:"enable_push_whitelist"`
|
|
PushWhitelistTeams []string `json:"push_whitelist_teams"`
|
|
PushWhitelistUsernames []string `json:"push_whitelist_usernames"`
|
|
PushWhitelistActionsUser bool `json:"push_whitelist_actions_user"`
|
|
EnableForcePush bool `json:"enable_force_push"`
|
|
EnableForcePushAllowlist bool `json:"enable_force_push_allowlist"`
|
|
ForcePushAllowlistTeams []string `json:"force_push_allowlist_teams"`
|
|
ForcePushAllowlistUsernames []string `json:"force_push_allowlist_usernames"`
|
|
ForcePushAllowlistActionsUser bool `json:"force_push_allowlist_actions_user"`
|
|
EnableDelete bool `json:"enable_delete"`
|
|
EnableDeleteAllowlist bool `json:"enable_delete_allowlist"`
|
|
DeleteAllowlistTeams []string `json:"delete_allowlist_teams"`
|
|
DeleteAllowlistUsernames []string `json:"delete_allowlist_usernames"`
|
|
DeleteAllowlistActionsUser bool `json:"delete_allowlist_actions_user"`
|
|
EnableMergeWhitelist bool `json:"enable_merge_whitelist"`
|
|
MergeWhitelistTeams []string `json:"merge_whitelist_teams"`
|
|
MergeWhitelistUsernames []string `json:"merge_whitelist_usernames"`
|
|
MergeWhitelistActionsUser bool `json:"merge_whitelist_actions_user"`
|
|
EnableStatusCheck bool `json:"enable_status_check"`
|
|
StatusCheckContexts []string `json:"status_check_contexts"`
|
|
RequiredApprovals int64 `json:"required_approvals"`
|
|
EnableApprovalsWhitelist bool `json:"enable_approvals_whitelist"`
|
|
ApprovalsWhitelistTeams []string `json:"approvals_whitelist_teams"`
|
|
ApprovalsWhitelistUsernames []string `json:"approvals_whitelist_username"`
|
|
BlockOnRejectedReviews bool `json:"block_on_rejected_reviews"`
|
|
BlockOnOfficialReviewRequests bool `json:"block_on_official_review_requests"`
|
|
BlockOnOutdatedBranch bool `json:"block_on_outdated_branch"`
|
|
DismissStaleApprovals bool `json:"dismiss_stale_approvals"`
|
|
IgnoreStaleApprovals bool `json:"ignore_stale_approvals"`
|
|
RequireSignedCommits bool `json:"require_signed_commits"`
|
|
ProtectedFilePatterns string `json:"protected_file_patterns"`
|
|
UnprotectedFilePatterns string `json:"unprotected_file_patterns"`
|
|
BlockAdminMergeOverride bool `json:"block_admin_merge_override"`
|
|
}
|
|
|
|
// EditOrgBranchProtectionOption options for editing an org-level branch protection
|
|
type EditOrgBranchProtectionOption struct {
|
|
Priority *int64 `json:"priority"`
|
|
EnablePush *bool `json:"enable_push"`
|
|
EnablePushWhitelist *bool `json:"enable_push_whitelist"`
|
|
PushWhitelistTeams []string `json:"push_whitelist_teams"`
|
|
PushWhitelistUsernames []string `json:"push_whitelist_usernames"`
|
|
PushWhitelistActionsUser *bool `json:"push_whitelist_actions_user"`
|
|
EnableForcePush *bool `json:"enable_force_push"`
|
|
EnableForcePushAllowlist *bool `json:"enable_force_push_allowlist"`
|
|
ForcePushAllowlistTeams []string `json:"force_push_allowlist_teams"`
|
|
ForcePushAllowlistUsernames []string `json:"force_push_allowlist_usernames"`
|
|
ForcePushAllowlistActionsUser *bool `json:"force_push_allowlist_actions_user"`
|
|
EnableDelete *bool `json:"enable_delete"`
|
|
EnableDeleteAllowlist *bool `json:"enable_delete_allowlist"`
|
|
DeleteAllowlistTeams []string `json:"delete_allowlist_teams"`
|
|
DeleteAllowlistUsernames []string `json:"delete_allowlist_usernames"`
|
|
DeleteAllowlistActionsUser *bool `json:"delete_allowlist_actions_user"`
|
|
EnableMergeWhitelist *bool `json:"enable_merge_whitelist"`
|
|
MergeWhitelistTeams []string `json:"merge_whitelist_teams"`
|
|
MergeWhitelistUsernames []string `json:"merge_whitelist_usernames"`
|
|
MergeWhitelistActionsUser *bool `json:"merge_whitelist_actions_user"`
|
|
EnableStatusCheck *bool `json:"enable_status_check"`
|
|
StatusCheckContexts []string `json:"status_check_contexts"`
|
|
RequiredApprovals *int64 `json:"required_approvals"`
|
|
EnableApprovalsWhitelist *bool `json:"enable_approvals_whitelist"`
|
|
ApprovalsWhitelistTeams []string `json:"approvals_whitelist_teams"`
|
|
ApprovalsWhitelistUsernames []string `json:"approvals_whitelist_username"`
|
|
BlockOnRejectedReviews *bool `json:"block_on_rejected_reviews"`
|
|
BlockOnOfficialReviewRequests *bool `json:"block_on_official_review_requests"`
|
|
BlockOnOutdatedBranch *bool `json:"block_on_outdated_branch"`
|
|
DismissStaleApprovals *bool `json:"dismiss_stale_approvals"`
|
|
IgnoreStaleApprovals *bool `json:"ignore_stale_approvals"`
|
|
RequireSignedCommits *bool `json:"require_signed_commits"`
|
|
ProtectedFilePatterns *string `json:"protected_file_patterns"`
|
|
UnprotectedFilePatterns *string `json:"unprotected_file_patterns"`
|
|
BlockAdminMergeOverride *bool `json:"block_admin_merge_override"`
|
|
}
|