Skip to content

Add permissions and branch protection validation to release workflow#167

Open
stuggi wants to merge 1 commit into
openstack-k8s-operators:mainfrom
stuggi:check_perms
Open

Add permissions and branch protection validation to release workflow#167
stuggi wants to merge 1 commit into
openstack-k8s-operators:mainfrom
stuggi:check_perms

Conversation

@stuggi

@stuggi stuggi commented Feb 13, 2026

Copy link
Copy Markdown
Contributor

Add pre-flight checks to validate GitHub App has required permissions and detect branch protection rules before creating release branches.

Changes:

  • Add get_repos_list() function to eliminate code duplication
  • Add new step to check contents:write and pull_requests:write permissions
  • Validate against branch protection rules and repository rulesets
  • Detect patterns that might block new branch creation (e.g., 18.0-*)
  • Fail fast on permission errors, warn on protection rule matches
  • Run checks in both DRY_RUN and production modes

@stuggi @claude
Add permissions and branch protection validation to release workflow
1e91be7 
Add pre-flight checks to validate GitHub App has required permissions
and detect branch protection rules before creating release branches.

Changes:
- Add get_repos_list() function to eliminate code duplication
- Add new step to check contents:write and pull_requests:write permissions
- Validate against branch protection rules and repository rulesets
- Detect patterns that might block new branch creation (e.g., 18.0-*)
- Fail fast on permission errors, warn on protection rule matches
- Run checks in both DRY_RUN and production modes

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Martin Schuppert <mschuppert@redhat.com>
@openshift-ci openshift-ci Bot requested review from abays and viroel February 13, 2026 08:49
@openshift-ci

openshift-ci Bot commented Feb 13, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: stuggi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@stuggi stuggi requested review from dprince and removed request for viroel February 13, 2026 08:49
@dprince

dprince commented Feb 13, 2026

Copy link
Copy Markdown
Contributor

Why do we need to pre-check permissions like this? Can't we just try the workflow and let it fail if needed?

@stuggi

stuggi commented Feb 13, 2026

Copy link
Copy Markdown
Contributor Author

Why do we need to pre-check permissions like this? Can't we just try the workflow and let it fail if needed?

yes, we could do that. the pre check would allow it to test it in advance running the workflow in test mode.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abays abays Awaiting requested review from abays

@dprince dprince Awaiting requested review from dprince

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

approved

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stuggi @dprince