Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .github/workflows/block-releases.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Preview or update Pulumi block-releases ruleset

on:
push:
branches:
- main
paths:
- "pulumi/github/block-releases/**/*"
pull_request:
branches:
- main
paths:
- "pulumi/github/block-releases/**/*"
workflow_dispatch:

env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_STACK_NAME: mashehu/block-releases/nf-core
PULUMI_WORKING_DIRECTORY: pulumi/github/block-releases

jobs:
pulumi:
name: Pulumi
runs-on: ubuntu-latest
steps:
- name: Turnstyle
if: ${{ github.event_name == 'push' }}
uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5

- name: Install Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.13"

- name: Install uv
uses: astral-sh/setup-uv@v5

- name: PR preview
if: ${{ github.event_name == 'pull_request' }}
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6
with:
command: preview
stack-name: ${{ env.PULUMI_STACK_NAME }}
work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }}

- name: Apply infrastructure update
if: ${{ github.event_name == 'push' }}
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6
with:
command: up
stack-name: ${{ env.PULUMI_STACK_NAME }}
work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }}
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@

pulumi/github/block-releases/__pycache__
4 changes: 4 additions & 0 deletions pulumi/github/block-releases/Pulumi.nf-core.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
environment:
- block-releases/nf-core
config:
github:owner: nf-core
7 changes: 7 additions & 0 deletions pulumi/github/block-releases/Pulumi.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
name: block-releases
runtime:
name: python
options:
toolchain: uv
virtualenv: .venv
description: Block release tags on all nf-core repos with dev as default branch
51 changes: 51 additions & 0 deletions pulumi/github/block-releases/__main__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
import pulumi
import pulumi_github as github
from github import Auth, Github

github_config = pulumi.Config("github")
token = github_config.require("token")
owner = github_config.get("owner") or "nf-core"
config = pulumi.Config()
repos_filter = config.get("repos") # optional comma-separated list of repos

# Fetch all non-archived repos in the org with dev as default branch
gh = Github(auth=Auth.Token(token))
org = gh.get_organization(owner)
dev_repos = [
repo.name
for repo in org.get_repos(type="all")
if repo.default_branch == "dev" and not repo.archived
]

if repos_filter:
allowed = {r.strip() for r in repos_filter.split(",")}
dev_repos = [r for r in dev_repos if r in allowed]

pulumi.log.info(f"Found {len(dev_repos)} repos with dev as default branch")

for repo_name in dev_repos:
github.RepositoryRuleset(
f"{repo_name}-block-releases",
name="block-releases",
repository=repo_name,
target="tag",
enforcement="active",
conditions=github.RepositoryRulesetConditionsArgs(
ref_name=github.RepositoryRulesetConditionsRefNameArgs(
includes=["~ALL"],
excludes=[],
),
),
bypass_actors=[
github.RepositoryRulesetBypassActorArgs(
actor_id=1,
actor_type="OrganizationAdmin",
bypass_mode="always",
),
],
rules=github.RepositoryRulesetRulesArgs(
creation=True,
deletion=True,
non_fast_forward=True,
),
)
10 changes: 10 additions & 0 deletions pulumi/github/block-releases/pyproject.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[project]
name = "github-block-releases"
version = "0.1.0"
description = "Block release tags on all nf-core repos with dev as default branch"
requires-python = ">=3.12"
dependencies = [
"pulumi>=3.173.0",
"pulumi-github>=6.7.2",
"PyGithub>=2.0",
]
727 changes: 727 additions & 0 deletions pulumi/github/block-releases/uv.lock

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions uv.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading