Skip to content

docs: repository setup for 3-ruleset branch protection design#75

Open
hdamker wants to merge 9 commits intocamaraproject:release-automationfrom
hdamker:71-repository-setup
Open

docs: repository setup for 3-ruleset branch protection design#75
hdamker wants to merge 9 commits intocamaraproject:release-automationfrom
hdamker:71-repository-setup

Conversation

@hdamker
Copy link
Contributor

@hdamker hdamker commented Feb 17, 2026
edited
Loading

What type of PR is this?

  • documentation

What this PR does / why we need it:

Updates repository-setup.md to reflect the consolidated ruleset design:

  • Consolidates 3 rulesets into 1 combined release-snapshot-protection ruleset
  • Updates bypass actor from GitHub Actions to camara-release-automation GitHub App
  • Documents required_reviewers for the release-management_reviewers team with 2 required approvals
  • Updates CODEOWNERS guidance: legacy /CHANGELOG.md lines are removed by the onboarding campaign, RM reviewer enforcement moves to the ruleset
  • Updates verification checklist to match the single-ruleset design

The canonical ruleset has been created manually in Template_API_Repository (ID: 12904446) and this document matches it exactly.

Which issue(s) this PR fixes:

Fixes #71

Special notes for reviewers:

The JSON payload in the document was extracted from the actual ruleset in Template_API_Repository. The required_reviewers field is a beta feature in the GitHub Rulesets API but is functional and available in the UI.

Changelog input

 release-note
Define API repository setup documentation for release automation (single ruleset with GitHub App bypass and required reviewers)

Additional documentation

This section can be blank.

docs

@hdamker
Update repository-setup.md for single ruleset design (fixes camarapro…
79356d3 
…ject#71)

Consolidate 3 rulesets into 1 combined release-snapshot-protection ruleset
with GitHub App bypass, 2 required approvals, and required_reviewers for
the release-management_reviewers team. Update CODEOWNERS guidance to reflect
removal of legacy /CHANGELOG.md lines. Update verification checklist.
@hdamker hdamker mentioned this pull request Feb 17, 2026
Open
@hdamker hdamker requested a review from tanjadegroot February 17, 2026 14:26
@hdamker
Copy link
Contributor Author

hdamker commented Feb 17, 2026
edited
Loading

@tanjadegroot @Kevsy @rartych @albertoramosmonagas this documentation of the needed setup within an API Repository for the Release Automation is worth a review (the resulting file, not the changes).

Note: The setup will be done by the campaign and script described in camaraproject/project-administration#132 camaraproject/project-administration#133 (and for new repositories via the Template_API_Repository).

ReleaseTest repo to come.

Kevsy
Kevsy reviewed Feb 17, 2026
View reviewed changes
@hdamker
Clarify approval requirement wording in repository-setup.md
6b47364 
Replace ambiguous "four-eyes review" with explicit "two distinct
people must approve" per PR review feedback.
@hdamker hdamker mentioned this pull request Feb 17, 2026
Open
6 tasks
@hdamker
Keep CHANGELOG.md CODEOWNERS lines during onboarding
3c57709 
Revert D-008: keep /CHANGELOG.md and /CHANGELOG.MD lines in
CODEOWNERS to prevent unreviewed changes to the legacy changelog
file during Phase 1 migration. RM reviewer assignment on snapshot
branches is additionally enforced via ruleset required_reviewers.
@hdamker
docs: update CHANGELOG onboarding behavior for template detection
d449a4a 
Document 3-way CHANGELOG.md handling: unchanged template placeholders
are deleted, repos with real content get forward-reference notes, and
repos without CHANGELOG.md get a fresh index. Update verification
checklist accordingly.
@hdamker hdamker requested a review from Kevsy February 18, 2026 20:58
tanjadegroot
tanjadegroot approved these changes Feb 19, 2026
View reviewed changes
Copy link
Contributor

@tanjadegroot tanjadegroot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great !

/LGTM

@tanjadegroot
Copy link
Contributor

tanjadegroot commented Feb 19, 2026

One after review thought: who should apply/check the repo configuration and when ?
maybe add that in the beginning of the doc ?

@hdamker
Clarify automated application in repository-setup.md overview
2490fdf 
Replace the manual setup/verification framing with a clear statement
that the configuration is applied automatically by the onboarding
campaign and admin tooling. Add reference to Template_API_Repository
update after rollout (tooling#82).
@hdamker
Copy link
Contributor Author

hdamker commented Feb 19, 2026
edited
Loading

One after review thought: who should apply/check the repo configuration and when ?
maybe add that in the beginning of the doc ?

@tanjadegroot good point, I clarified this in 2490fdf and created new #82 for the backlog after the roll-out of release automation:

Replace the manual setup/verification framing with a clear statement
that the configuration is applied automatically by the onboarding
campaign and admin tooling. Add reference to Template_API_Repository
update after rollout (tooling#82).

Note: I will keep the PR open until the configuration and the release-automation-onboarding workflow (camaraproject/project-administration#134) is tested e2e.

@hdamker hdamker force-pushed the 71-repository-setup branch from a6820c1 to 2490fdf Compare February 19, 2026 13:22
@hdamker
Remove update rule from snapshot ruleset documentation
b422e9e 
The update rule is unnecessary and blocks PR merges for non-bypass
actors. The pull_request rule prevents direct pushes and enforces
review gates. Updated description, rules list, JSON example, and
verification checklist.
rartych
rartych approved these changes Feb 24, 2026
View reviewed changes
Copy link
Contributor

@rartych rartych left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hdamker
docs: add pointer branch protection rulesets to repository-setup
d281cf9 
Document the release-pointer-protection and pre-release-pointer-protection
rulesets that protect pointer branches created after publication. Update
intro, verification checklist, and add API payloads.

Relates to camaraproject/ReleaseManagement#393
@hdamker
Copy link
Contributor Author

hdamker commented Feb 26, 2026

Update: Added pointer branch protection rulesets to repository-setup.md (commit d281cf9).

This adds documentation for two new rulesets that protect pointer branches created after publication:

  • release-pointer-protection — fully protects release/** branches
  • pre-release-pointer-protection — protects pre-release/** branches (immutable but deletable by codeowners)

Context: camaraproject/ReleaseManagement#393, implementation in #93.

@hdamker
docs: add OrganizationAdmin bypass actor to snapshot-protection JSON …
c3600f1 
…payload

The canonical Template_API_Repository ruleset includes both
OrganizationAdmin and Integration bypass actors. The JSON payload
example was missing OrganizationAdmin.
@hdamker hdamker changed the title Update repository-setup.md for single ruleset design docs: repository setup for 3-ruleset branch protection design Mar 1, 2026
@hdamker
docs: fix snapshot bypass actor and release-plan.yaml example
93ce061 
- Add OrganizationAdmin to snapshot-protection bypass actors table
  (matches canonical ruleset and JSON payload)
- Fix release-plan.yaml example: correct field names
  (commonalities_release, identity_consent_management_release,
  target_api_version, target_api_status) and values
- Update last-updated date
@hdamker hdamker mentioned this pull request Mar 3, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tanjadegroot tanjadegroot tanjadegroot approved these changes

@rartych rartych rartych approved these changes

@Kevsy Kevsy Awaiting requested review from Kevsy Kevsy is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hdamker @tanjadegroot @Kevsy @rartych