githubCheckBranchProtection¶
Check branch protection of a GitHub branch
Prerequisites¶
You need to create a personal access token within GitHub and add this to the Jenkins credentials store.
Please see GitHub documentation for details about creating the personal access token.
Parameters¶
Overview¶
| Name | Mandatory | Additional information |
|---|---|---|
| owner | yes | |
| repository | yes | |
| script | yes |  reference to Jenkins main pipeline script |
| token | yes |   pass via ENV, Vault or Jenkins credentials (githubTokenCredentialsId) |
| apiUrl | no | |
| branch | no | |
| requireEnforceAdmins | no | |
| requiredApprovingReviewCount | no | |
| requiredChecks | no | |
| verbose | no | activates debug output |
Details¶
apiUrl¶
Set the GitHub API url.
| Scope | Details |
|---|---|
| Aliases | githubApiUrl |
| Type | string |
| Mandatory | no |
| Default | https://api.github.com |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
branch¶
The name of the branch for which the protection settings should be checked.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | master |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
owner¶
Name of the GitHub organization.
| Scope | Details |
|---|---|
| Aliases | githubOrg |
| Type | string |
| Mandatory | yes |
| Default | $PIPER_owner (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: github/owner |
repository¶
Name of the GitHub repository.
| Scope | Details |
|---|---|
| Aliases | githubRepo |
| Type | string |
| Mandatory | yes |
| Default | $PIPER_repository (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: github/repository |
requireEnforceAdmins¶
Check if 'Include Administrators' option is set in the GitHub repository configuration.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
requiredApprovingReviewCount¶
Check if 'Require pull request reviews before merging' option is set with at least the defined number of reviewers in the GitHub repository configuration.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | int |
| Mandatory | no |
| Default | 0 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
requiredChecks¶
List of checks which have to be set to 'required' in the GitHub repository configuration.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_requiredChecks (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
script¶
Jenkins-specific: Used for proper environment setup.
The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this parameter, as in script: this. This allows the function to access the commonPipelineEnvironment for retrieving, e.g. configuration parameters.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | Jenkins Script |
| Mandatory | yes |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
token¶
GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.
| Scope | Details |
|---|---|
| Aliases | - githubToken- access_token |
| Type | string |
| Mandatory | yes |
| Default | $PIPER_token (if set) |
| Secret | yes |
| Configuration scope |
|
| Resource references | Jenkins credential id: id: githubTokenCredentialsIdVault paths:
|
verbose¶
verbose output
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
githubTokenCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Configuration scope |
|
Description¶
This step allows you to check if certain branch protection rules are fulfilled.
It can for example be used to verify if certain status checks are mandatory. This can be helpful to decide if a certain check needs to be performed again after merging a pull request.
Usage¶
We recommend to define values of step parameters via config.yml file. In this case, calling the step is reduced to one simple line.
Calling the step can be done either via the Jenkins library step or on the command line.
Jenkins Pipeline¶
library('piper-lib-os') githubCheckBranchProtection script: this
Command Line¶
piper githubCheckBranchProtection