feat(environment): add prevent_self_review support#641
Open
gdams wants to merge 1 commit into
Open
Conversation
Adds support for the 'prevent_self_review' setting on deployment environments, which prevents the user who triggered a deployment from approving it themselves when required reviewers are configured. The field is a top-level boolean on the Environment API payload, so it flows through the default from/to provider mappings without additional transformation logic. Changes: - new 'prevent_self_review: bool' field on Environment model - default value 'false' in the libsonnet template - schema: new boolean property on environment.json - tests updated to cover the new field
Member
|
LGTM, can you add an entry to the |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds support for the
prevent_self_reviewsetting on deployment environments.When enabled, this prevents the user who triggered a deployment from being able to approve their own deployment when required reviewers are configured — a common compliance requirement for production environments.
API
The field is a top-level boolean on GitHub's Environment API payload (
prevent_self_review), so it flows through otterdog's default from/to provider mappings without any extra transformation logic.Example
Changes
otterdog/models/environment.py— newprevent_self_review: boolfield.examples/template/otterdog-defaults.libsonnet— defaultprevent_self_review: falseonnewEnvironment.otterdog/resources/schemas/environment.json— new boolean property.tests/models/test_environment.py+github-environment.json+otterdog-environment.json— updated to cover the new field.Follow-ups (not in this PR)
Custom GitHub App deployment protection rules (managed via
/repos/{owner}/{repo}/environments/{env}/deployment_protection_rules) require separate endpoints and a more complex model. Intentionally left as a separate change.Testing
poetry run pytest tests/→ 243 passed, 2 skipped, 0 failurespoetry run mypy otterdog→ cleanpoetry run ruff check/ruff format --check→ clean