Add capability-development branch protection CI#327

Merged

amit-momin merged 5 commits intomainfrom

cre/add-capability-development-branch-protection-ci

Mar 26, 2026

Contributor

amit-momin commented Mar 25, 2026

No description provided.


          Add capability-development branch protection ci

changeset-bot bot commented Mar 25, 2026 •

edited

Loading

⚠️ No Changeset found

Latest commit: d508e43

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

github-actions bot commented Mar 25, 2026 •

edited

Loading

The latest Buf updates on your PR. Results from workflow Regenerate Protobuf Files / buf (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
`✅ passed`	`✅ passed`	`✅ passed`	`⏩ skipped`	Mar 26, 2026, 5:15 PM

amit-momin changed the base branch from main to capabilities-development

March 25, 2026 17:03

app-token-issuer-engops bot temporarily deployed to publish

March 25, 2026 17:03

Inactive

app-token-issuer-engops bot deployed to publish

March 25, 2026 17:03

Active

app-token-issuer-engops bot temporarily deployed to publish

March 25, 2026 17:03

Inactive

amit-momin changed the base branch from capabilities-development to main

March 25, 2026 17:10

amit-momin force-pushed the cre/add-capability-development-branch-protection-ci branch from 359eb9d to 4396356 Compare

March 25, 2026 17:14


          Upgraded checkout action to major version tag

64301fe

amit-momin force-pushed the cre/add-capability-development-branch-protection-ci branch 4 times, most recently from 377d01d to 64301fe Compare

March 25, 2026 18:48

amit-momin marked this pull request as ready for review

March 25, 2026 18:48

amit-momin requested review from a team as code owners

March 25, 2026 18:48

product-security-plaid-production bot requested review from ChrisAmora and DylanTinianov

March 25, 2026 18:49

amit-momin changed the title ~~Add capability-development branch protection ci~~ Add capability-development branch protection CI


          Updated validation to only occur when target branch is main

3f6b3c2

chainchad reviewed

View reviewed changes

.github/workflows/cre-branch-protection.yml Show resolved Hide resolved

.github/workflows/cre-branch-protection.yml Outdated

+                      run: |
+                        git fetch origin "${TARGET_BRANCH}" --quiet 2>/dev/null || true
+                        CRE_CHANGED=$(git diff --name-only "origin/${TARGET_BRANCH}" -- cre/)

chainchad Mar 25, 2026

Suggested change

      
                      CRE_CHANGED=$(git diff --name-only "origin/${TARGET_BRANCH}" -- cre/)
          
                      CRE_CHANGED=$(git diff --name-only "origin/${TARGET_BRANCH}...HEAD" -- cre/)

A little more precise

.github/workflows/cre-branch-protection.yml Outdated

Comment on lines +7 to +13

+              permissions:
+                contents: read
+              jobs:
+                check-cre-target-branch:
+                  runs-on: ubuntu-latest
+                  steps:

chainchad Mar 25, 2026

Suggested change

      
            permissions:
          
              contents: read
          
            jobs:
          
              check-cre-target-branch:
          
                runs-on: ubuntu-latest
          
                steps:
          
            permissions: {}
          
            jobs:
          
              check-cre-target-branch:
          
                permissions:
          
                  contents: read
          
                runs-on: ubuntu-latest
          
                steps:

It's better to scope perms to just the job and "blank out" default perms.

.github/workflows/cre-branch-protection.yml Outdated


		CRE_CHANGED=$(git diff --name-only "origin/${TARGET_BRANCH}" -- cre/)

		if [ -z "$CRE_CHANGED" ]; then

chainchad Mar 25, 2026

Suggested change

      
                      if [ -z "$CRE_CHANGED" ]; then
          
                      if [[ -z "$CRE_CHANGED" ]]; then

Nit, but with bash it's always safer to use [[ for test/conditionals.

.github/workflows/cre-branch-protection.yml Outdated

Comment on lines +35 to +38

+                        if [ "$TARGET_BRANCH" != "main" ]; then
+                          echo "PR targets '${TARGET_BRANCH}', not 'main'. CRE changes are allowed."
+                          exit 0
+                        fi

chainchad Mar 25, 2026

Should you just filter on on.pull_request.branches: [main]?


          Addressed feedback

a72b2e4

amit-momin force-pushed the cre/add-capability-development-branch-protection-ci branch 3 times, most recently from 721414a to a72b2e4 Compare

March 25, 2026 19:18

chainchad approved these changes

View reviewed changes

chainchad left a comment

LGTM! I would change all [ to [[ for the remaining bash conditionals but can be done in a follow-up or future.

ilija42 approved these changes

View reviewed changes

cedric-cordenier approved these changes

View reviewed changes

amit-momin enabled auto-merge (squash)

March 26, 2026 17:15


          Merge branch 'main' into cre/add-capability-development-branch-protec…

d508e43

…tion-ci

amit-momin merged commit 93f52c3 into main

22 checks passed

amit-momin deleted the cre/add-capability-development-branch-protection-ci branch

March 26, 2026 17:16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet