diff --git a/.github/policies/microsoft-graph-devx-content-branch-protection.yml b/.github/policies/microsoft-graph-devx-content-branch-protection.yml new file mode 100644 index 00000000..3fd13bce --- /dev/null +++ b/.github/policies/microsoft-graph-devx-content-branch-protection.yml @@ -0,0 +1,76 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# File initially created using https://github.com/MIchaelMainer/policyservicetoolkit/blob/main/branch_protection_export.ps1. + +name: microsoft-graph-devx-content-branch-protection +description: Branch protection policy for the microsoft-graph-devx-content repository +resource: repository +configuration: + branchProtectionRules: + + - branchNamePattern: master + # This branch pattern applies to the following branches as of 06/09/2023 12:03:14: + # master + + # Specifies whether this branch can be deleted. boolean + allowsDeletions: false + # Specifies whether forced pushes are allowed on this branch. boolean + allowsForcePushes: false + # Specifies whether new commits pushed to the matching branches dismiss pull request review approvals. boolean + dismissStaleReviews: true + # Specifies whether admins can overwrite branch protection. boolean + isAdminEnforced: false + # Indicates whether "Require a pull request before merging" is enabled. boolean + requiresPullRequestBeforeMerging: true + # Specifies the number of pull request reviews before merging. int (0-6). Should be null/empty if PRs are not required + requiredApprovingReviewsCount: 1 + # Require review from Code Owners. Requires requiredApprovingReviewsCount. boolean + requireCodeOwnersReview: false + # Are commits required to be signed. boolean. TODO: all contributors must have commit signing on local machines. + requiresCommitSignatures: false + # Are conversations required to be resolved before merging? boolean + requiresConversationResolution: false + # Are merge commits prohibited from being pushed to this branch. boolean + requiresLinearHistory: false + # Require branches to be up to date before merging. Requires requiredStatusChecks. boolean + requiresStrictStatusChecks: true + # Indicates whether there are restrictions on who can push. boolean. Requires whoCanPush. + restrictsPushes: false + # Restrict who can dismiss pull request reviews. boolean + restrictsReviewDismissals: false + + - branchNamePattern: dev + # This branch pattern applies to the following branches as of 06/09/2023 12:03:14: + # dev + + # Specifies whether this branch can be deleted. boolean + allowsDeletions: false + # Specifies whether forced pushes are allowed on this branch. boolean + allowsForcePushes: false + # Specifies whether new commits pushed to the matching branches dismiss pull request review approvals. boolean + dismissStaleReviews: false + # Specifies whether admins can overwrite branch protection. boolean + isAdminEnforced: false + # Indicates whether "Require a pull request before merging" is enabled. boolean + requiresPullRequestBeforeMerging: true + # Specifies the number of pull request reviews before merging. int (0-6). Should be null/empty if PRs are not required + requiredApprovingReviewsCount: 1 + # Require review from Code Owners. Requires requiredApprovingReviewsCount. boolean + requireCodeOwnersReview: false + # Are commits required to be signed. boolean. TODO: all contributors must have commit signing on local machines. + requiresCommitSignatures: false + # Are conversations required to be resolved before merging? boolean + requiresConversationResolution: false + # Are merge commits prohibited from being pushed to this branch. boolean + requiresLinearHistory: false + # Require branches to be up to date before merging. Requires requiredStatusChecks. boolean + requiresStrictStatusChecks: true + # Indicates whether there are restrictions on who can push. boolean. Requires whoCanPush. + restrictsPushes: true + # List of Apps, Users, and Teams that can push to this branch. + whoCanPush: + - msgraph-devx-api-write + # Restrict who can dismiss pull request reviews. boolean + restrictsReviewDismissals: false +