Add reverse sync (export) mode to apply-repo-settings action#84
Open
nsheaps wants to merge 9 commits into
Open
Add reverse sync (export) mode to apply-repo-settings action#84nsheaps wants to merge 9 commits into
nsheaps wants to merge 9 commits into
Conversation
Add a 'mode' input (apply|export). In export mode the action reads the repo's live rulesets (and managed repository keys) from the API and writes them back into settings.yml, exposing a 'changed' output. Pairs with a branch_protection_rule-triggered workflow to capture UI changes back into source control.
Triggered by: 0ea8fc7 Workflow run: https://github.com/nsheaps/github-actions/actions/runs/27160984206
…t docs Remove branch_protection_rule references from the action comments and README. The reverse-sync export is now driven by a workflow-file push (preview in the same branch) plus a weekly schedule, not the branch_protection_rule event. The action itself is event-agnostic; this is a docs/comment update only.
…testing Documents pinning a consumer workflow at the action's branch/SHA to prove changes work before merge, and the false-positive trap where GitHub silently ignores undefined inputs (so a consumer pinned to @main goes green without running new code). Captures the real apply-repo-settings mode:export case.
Add apply + export support for labels, collaborators, and teams alongside repository/rulesets. Export captures ALL repo labels and direct collaborators/ teams into settings.yml; apply creates/updates them. Non-destructive for every section (never deletes labels/rulesets or revokes access) with TODO(prune) markers to add an opt-in authoritative mode later. Default sections now include all five. Labels section replaces the github-label-sync flow.
…ossless) Export no longer replaces sections wholesale. It now builds a live-state source (full repository key set; rulesets/labels/collaborators/teams) and deep-merges it INTO settings.yml via merge_live.py (ruamel, comment-preserving): - file wins on existing scalars; live only ADDS missing keys/list-items (e.g. a new bypass actor, collaborator, or ruleset appended to the end) - nothing already in the file is removed — pending settings not yet applied to the repo survive - comments/formatting preserved; file rewritten only on real content change Repository export captures the full settable key set, not just keys already in the file.
Add 10 unit tests covering the merge semantics: target wins on existing scalars, missing keys/list-items added (rulesets/rules/bypass_actors/labels/ collaborators/teams by identity), new items appended, target-only entries never removed, comment preservation, dry-run no-write, and idempotent change detection. Wire a 'test' mise task + check.yaml Test job (python 3.12).
Triggered by: 9ebeea9 Workflow run: https://github.com/nsheaps/github-actions/actions/runs/27239848861
The repo .editorconfig mandates indent_size=2 for all files, which made editorconfig-checker fail on the new 4-space (idiomatic) Python. Add a [*.py] override so the action's Python passes the Format check.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extends the
apply-repo-settingsaction with a newmode: exportthat reverses the sync direction: instead of pushing the settings file to the repo, it reads the repo's live configuration from the GitHub API and writes it back into the settings file. This enables capturing manual changes made in the GitHub UI back into source control.Key Changes
New
modeinput parameter (applyorexport, defaults toapply)applymode: existing behavior — read settings file and apply to repoexportmode: read repo's live state and write back to settings fileExport implementation for
repositorysectionGET /repos/{owner}/{repo}.repositoryblock (preserves deliberately-omitted keys)yqdeep-merge to normalize the touched sectionExport implementation for
rulesetssectionGET /repos/{owner}/{repo}/rulesetsname,target,enforcement,conditions,bypass_actors,rules).rulesetsarray wholesaleBootstrap support for export mode
mode: export, creates it with a header comment instead of failingNew outputs
changed: export mode only —"true"if file was modified,"false"otherwisesummary: now includesmodeandchangedfields in export modeDocumentation updates
branch_protection_ruletriggerNotable Implementation Details
yqfor YAML editing andjqfor JSON transformation, ensuring consistent formattingbranches:API) is intentionally not exported — the org uses rulesetshttps://claude.ai/code/session_018dM5zNQzewT1dLqGWEU2x9