Merge pull request #1 from SpringQL/ci/release-workflow-test

add branch protection toggling

Author: kazuk

.github/workflows/release.yml

@@ -26,6 +26,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           ref: main
+          token: ${{ secrets.GHPAT_FOR_PUSH_RELEASE }}
 
       - name: Show initial git status 
         run: |
@@ -87,8 +88,6 @@ jobs:
       - name: git tag
         run: |
           git tag "v${RELEASE_VERSION}"
-          git tag "springql@${RELASE_VERSION}"
-          git tag "springql-core@${RELASE_VERSION}"
 
       - name: Show final git status 
         run: |
@@ -97,13 +96,25 @@ jobs:
           git status -v >> $GITHUB_STEP_SUMMARY
           echo '```' >> $GITHUB_STEP_SUMMARY
 
+      - name: Turn off enforce admin
+        env: 
+          GITHUB_TOKEN: ${{ secrets.GHPAT_FOR_PUSH_RELEASE }}
+        run: |
+          source .github/workflows/scripts/github-branch-protection.bash
+          enforce_admins_off
+
       - name: git push
         run: |
-          git remote set-url origin https://github-actions:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}
-          git push -v origin main
-          git push -v origin "v${RELEASE_VERSION}"
-          git push -v origin "springql@${RELEASE_VERSION}"
-          git push -v origin "springql-core@${RELEASE_VERSION}"
+          git remote set-url origin "https://github-actions:${{ secrets.GHPAT_FOR_PUSH_RELEASE }}@github.com/${GITHUB_REPOSITORY}"
+          git push -v --force origin main
+          git push -v --force origin "v${RELEASE_VERSION}"
+
+      - name: Turn on enforce admin
+        env: 
+          GITHUB_TOKEN: ${{ secrets.GHPAT_FOR_PUSH_RELEASE }}
+        run: |
+          source .github/workflows/scripts/github-branch-protection.bash
+          enforce_admins_on
 
       - name: cargo publish
         run: |

.github/workflows/scripts/github-branch-protection.bash

@@ -0,0 +1,39 @@
+function get_current_branch_protection_setting() {
+    gh api --method GET repos/${OWNER}/${REPO}/branches/${BRANCH}/protection | jq '
+    {
+        required_status_checks: null,
+        restrictions: { 
+            users: .restrictions.users | [.[].login],
+            teams: .restrictions.teams | [.[].slug],
+            apps: .restrictions.apps | [.[].slug]
+        },
+        enforce_admins: .enforce_admins.enabled ,
+        required_pull_request_reviews: {
+        dismiss_stale_reviews: .required_pull_request_reviews.dismiss_stale_reviews,
+        require_code_owner_reviews: .required_pull_request_reviews.require_code_owner_reviews,
+        required_approving_review_count: .required_pull_request_reviews.required_approving_review_count
+        },
+        required_linear_history: .required_linear_history.enabled,
+        required_signatures: .required_signatures.enabled,
+        allow_force_pushes: .allow_force_pushes.enabled,
+        allow_deletions: .allow_deletions.enabled,
+        block_reations: .block_creations.enabled,
+        required_conversation_resolution: .required_conversation_resolution.enabled
+    }'
+}
+
+function apply_branch_protection_setting() {
+    gh api --method PUT -H "Accept: application/vnd.github+json" --input - repos/${OWNER}/${REPO}/branches/${BRANCH}/protection
+}
+
+function enfore_admins_off() {
+    get_current_branch_protection_setting | jq '.enforce_admins = false' | apply_branch_protection_setting
+}
+
+export -f enfore_admins_off
+
+function enfore_admins_on() {
+    get_current_branch_protection_setting | jq '.enforce_admins = true' | apply_branch_protection_setting
+}
+
+export -f enfore_admins_on