From 85cbed8a25e48db619e72de45642284ed4d40af5 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Tue, 12 May 2020 16:37:08 +0200
Subject: [PATCH 01/14] Manage GitHub settings via Probot

---
 moduleroot/.github/settings.yml | 36 +++++++++++++++++++++++++++++++++
 moduleroot/CODEOWNERS           |  3 +++
 2 files changed, 39 insertions(+)
 create mode 100644 moduleroot/.github/settings.yml
 create mode 100644 moduleroot/CODEOWNERS

diff --git a/moduleroot/.github/settings.yml b/moduleroot/.github/settings.yml
new file mode 100644
index 00000000..2f71cec6
--- /dev/null
+++ b/moduleroot/.github/settings.yml
@@ -0,0 +1,36 @@
+repository:
+  private: false
+  has_issues: true
+  has_projects: false
+  has_wiki: false
+  has_downloads: true
+  default_branch: master
+  allow_squash_merge: true
+  allow_merge_commit: true
+  allow_rebase_merge: true
+  delete_branch_on_merge: true
+  archived: false
+
+branches:
+  - name: master
+    protection:
+      required_pull_request_reviews:
+        required_approving_review_count: 1
+        dismiss_stale_reviews: true
+        require_code_owner_reviews: true
+      required_status_checks:
+        strict: true
+        contexts: ['continuous-integration/travis-ci']
+      enforce_admins: true
+      restrictions: null
+      required_signatures: true
+  - name: modulesync
+    protection:
+      required_pull_request_reviews: null
+      required_status_checks:
+        strict: true
+        contexts: ['continuous-integration/travis-ci']
+      enforce_admins: true
+      restrictions: null
+      required_signatures: true
+
diff --git a/moduleroot/CODEOWNERS b/moduleroot/CODEOWNERS
new file mode 100644
index 00000000..8e07e90c
--- /dev/null
+++ b/moduleroot/CODEOWNERS
@@ -0,0 +1,3 @@
+.github/settings.yml @voxpupuli/project-maintainers
+
+* @voxpupuli/collaborators

From 2cee4c24439e17614e2a21577fa8b652571ea0a4 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Wed, 13 May 2020 01:11:43 +0200
Subject: [PATCH 02/14] Migrate to .erb templates

---
 config_defaults.yml                       | 35 +++++++++++++++
 moduleroot/.github/settings.yml           | 36 ----------------
 moduleroot/.github/settings.yml.erb       | 52 +++++++++++++++++++++++
 moduleroot/{CODEOWNERS => CODEOWNERS.erb} |  0
 4 files changed, 87 insertions(+), 36 deletions(-)
 delete mode 100644 moduleroot/.github/settings.yml
 create mode 100644 moduleroot/.github/settings.yml.erb
 rename moduleroot/{CODEOWNERS => CODEOWNERS.erb} (100%)

diff --git a/config_defaults.yml b/config_defaults.yml
index a5ae25de..c2e78882 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -1,4 +1,39 @@
 ---
+.github/settings.yml:
+  repository:
+    private: false
+    has_issues: true
+    has_projects: false
+    has_wiki: false
+    has_downloads: true
+    default_branch: master
+    allow_squash_merge: true
+    allow_merge_commit: true
+    allow_rebase_merge: true
+    delete_branch_on_merge: true
+    archived: false
+  branches:
+    - name: master
+      protection:
+        required_pull_request_reviews:
+          required_approving_review_count: 1
+          dismiss_stale_reviews: true
+          require_code_owner_reviews: true
+        required_status_checks:
+          strict: true
+          contexts: ['continuous-integration/travis-ci']
+        enforce_admins: ~
+        restrictions: ~
+        required_signatures: true
+    - name: modulesync
+      protection:
+        required_pull_request_reviews: ~
+        required_status_checks:
+          strict: true
+          contexts: ['continuous-integration/travis-ci']
+        enforce_admins: ~
+        restrictions: ~
+        required_signatures: true
 .travis.yml:
   before_install:
     - yes | gem update --system
diff --git a/moduleroot/.github/settings.yml b/moduleroot/.github/settings.yml
deleted file mode 100644
index 2f71cec6..00000000
--- a/moduleroot/.github/settings.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-repository:
-  private: false
-  has_issues: true
-  has_projects: false
-  has_wiki: false
-  has_downloads: true
-  default_branch: master
-  allow_squash_merge: true
-  allow_merge_commit: true
-  allow_rebase_merge: true
-  delete_branch_on_merge: true
-  archived: false
-
-branches:
-  - name: master
-    protection:
-      required_pull_request_reviews:
-        required_approving_review_count: 1
-        dismiss_stale_reviews: true
-        require_code_owner_reviews: true
-      required_status_checks:
-        strict: true
-        contexts: ['continuous-integration/travis-ci']
-      enforce_admins: true
-      restrictions: null
-      required_signatures: true
-  - name: modulesync
-    protection:
-      required_pull_request_reviews: null
-      required_status_checks:
-        strict: true
-        contexts: ['continuous-integration/travis-ci']
-      enforce_admins: true
-      restrictions: null
-      required_signatures: true
-
diff --git a/moduleroot/.github/settings.yml.erb b/moduleroot/.github/settings.yml.erb
new file mode 100644
index 00000000..97fef187
--- /dev/null
+++ b/moduleroot/.github/settings.yml.erb
@@ -0,0 +1,52 @@
+<% if @configs['repository'] -%>
+repository:
+<%   @configs['repository'].each do |key, value| -%>
+  <%= key %>: <%= value %>
+<%   end -%>
+<% end -%>
+<% if @configs['labels'] -%>
+
+labels:
+<%   @configs['labels'].each do |label| -%>
+  - name: <%= label['name'] %>
+<%     label.keys.each do |k| -%>
+<%       next if k == 'name' -%>
+    <%= k %>: <%= label[k] %>
+<%     end -%>
+<%   end -%>
+<% end -%>
+<% if @configs['branches'] -%>
+
+branches:
+<%   @configs['branches'].each do |branch| -%>
+  - name: <%= branch['name'] %>
+<%     branch.keys.each do |k| -%>
+<%       next if k == 'name' -%>
+    <%= k %>:
+<%       if branch[k].has_key?('required_pull_request_reviews') -%>
+<%         if branch[k]['required_pull_request_reviews'].nil? -%>
+      required_pull_request_reviews: null
+<%         else -%>
+      required_pull_request_reviews:
+        required_approving_review_count: <%= branch[k]['required_pull_request_reviews']['required_approving_review_count'] %>
+        dismiss_stale_reviews: <%= branch[k]['required_pull_request_reviews']['dismiss_stale_reviews'] %>
+        require_code_owner_reviews: <%= branch[k]['required_pull_request_reviews']['require_code_owner_reviews'] %>
+<%         end -%>
+<%       end -%>
+<%       if branch[k].has_key?('required_status_checks') -%>
+      required_status_checks:
+        strict: <%= branch[k]['required_status_checks']['strict'] %>
+        contexts: <%= branch[k]['required_status_checks']['contexts'] %>
+<%       end -%>
+<%       if branch[k].has_key?('enforce_admins') -%>
+      enforce_admins: <%= branch[k]['enforce_admins'] || 'null' %>
+<%       end -%>
+<%       if branch[k].has_key?('restrictions') -%>
+      restrictions: <%= branch[k]['restrictions'] || 'null' %>
+<%       end -%>
+<%       if branch[k].has_key?('required_signatures') -%>
+      required_signatures: <%= branch[k]['required_signatures'] %>
+<%       end -%>
+<%     end -%>
+<%   end -%>
+<% end -%>
diff --git a/moduleroot/CODEOWNERS b/moduleroot/CODEOWNERS.erb
similarity index 100%
rename from moduleroot/CODEOWNERS
rename to moduleroot/CODEOWNERS.erb

From e141442dda80cee7c3fadd1a90251025c564c117 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Wed, 13 May 2020 11:25:03 +0200
Subject: [PATCH 03/14] Omit configuration of required_pull_request_reviews,
 required_status_checks, enforce_admins and restrictions

---
 config_defaults.yml | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/config_defaults.yml b/config_defaults.yml
index c2e78882..6c35ce87 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -15,24 +15,9 @@
   branches:
     - name: master
       protection:
-        required_pull_request_reviews:
-          required_approving_review_count: 1
-          dismiss_stale_reviews: true
-          require_code_owner_reviews: true
-        required_status_checks:
-          strict: true
-          contexts: ['continuous-integration/travis-ci']
-        enforce_admins: ~
-        restrictions: ~
         required_signatures: true
     - name: modulesync
       protection:
-        required_pull_request_reviews: ~
-        required_status_checks:
-          strict: true
-          contexts: ['continuous-integration/travis-ci']
-        enforce_admins: ~
-        restrictions: ~
         required_signatures: true
 .travis.yml:
   before_install:

From ce9f1e3c975acc43d949fe13b9eeec281a6dda15 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Wed, 13 May 2020 11:29:15 +0200
Subject: [PATCH 04/14] Refactor settings.yml.erb in favor of to_yaml()

---
 moduleroot/.github/settings.yml.erb | 53 +----------------------------
 1 file changed, 1 insertion(+), 52 deletions(-)

diff --git a/moduleroot/.github/settings.yml.erb b/moduleroot/.github/settings.yml.erb
index 97fef187..e162814b 100644
--- a/moduleroot/.github/settings.yml.erb
+++ b/moduleroot/.github/settings.yml.erb
@@ -1,52 +1 @@
-<% if @configs['repository'] -%>
-repository:
-<%   @configs['repository'].each do |key, value| -%>
-  <%= key %>: <%= value %>
-<%   end -%>
-<% end -%>
-<% if @configs['labels'] -%>
-
-labels:
-<%   @configs['labels'].each do |label| -%>
-  - name: <%= label['name'] %>
-<%     label.keys.each do |k| -%>
-<%       next if k == 'name' -%>
-    <%= k %>: <%= label[k] %>
-<%     end -%>
-<%   end -%>
-<% end -%>
-<% if @configs['branches'] -%>
-
-branches:
-<%   @configs['branches'].each do |branch| -%>
-  - name: <%= branch['name'] %>
-<%     branch.keys.each do |k| -%>
-<%       next if k == 'name' -%>
-    <%= k %>:
-<%       if branch[k].has_key?('required_pull_request_reviews') -%>
-<%         if branch[k]['required_pull_request_reviews'].nil? -%>
-      required_pull_request_reviews: null
-<%         else -%>
-      required_pull_request_reviews:
-        required_approving_review_count: <%= branch[k]['required_pull_request_reviews']['required_approving_review_count'] %>
-        dismiss_stale_reviews: <%= branch[k]['required_pull_request_reviews']['dismiss_stale_reviews'] %>
-        require_code_owner_reviews: <%= branch[k]['required_pull_request_reviews']['require_code_owner_reviews'] %>
-<%         end -%>
-<%       end -%>
-<%       if branch[k].has_key?('required_status_checks') -%>
-      required_status_checks:
-        strict: <%= branch[k]['required_status_checks']['strict'] %>
-        contexts: <%= branch[k]['required_status_checks']['contexts'] %>
-<%       end -%>
-<%       if branch[k].has_key?('enforce_admins') -%>
-      enforce_admins: <%= branch[k]['enforce_admins'] || 'null' %>
-<%       end -%>
-<%       if branch[k].has_key?('restrictions') -%>
-      restrictions: <%= branch[k]['restrictions'] || 'null' %>
-<%       end -%>
-<%       if branch[k].has_key?('required_signatures') -%>
-      required_signatures: <%= branch[k]['required_signatures'] %>
-<%       end -%>
-<%     end -%>
-<%   end -%>
-<% end -%>
+<%= @configs.slice('repository', 'labels', 'milestones', 'collaborators', 'teams', 'branches').to_yaml %>

From d3a317105e16b16a77c417ba1414679535614d5c Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Wed, 13 May 2020 12:31:31 +0200
Subject: [PATCH 05/14] Add required parameters

---
 config_defaults.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/config_defaults.yml b/config_defaults.yml
index 6c35ce87..40bd2f27 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -15,9 +15,24 @@
   branches:
     - name: master
       protection:
+        required_pull_request_reviews:
+          required_approving_review_count: 1
+          dismiss_stale_reviews: true
+          require_code_owner_reviews: true
+        required_status_checks:
+          strict: true
+          contexts: []
+        enforce_admins: ~
+        restrictions: ~
         required_signatures: true
     - name: modulesync
       protection:
+        required_pull_request_reviews: ~
+        required_status_checks:
+          strict: true
+          contexts: []
+        enforce_admins: ~
+        restrictions: ~
         required_signatures: true
 .travis.yml:
   before_install:

From b03dd16649a4b896c9132600553b8ac3d391d096 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Wed, 13 May 2020 12:32:45 +0200
Subject: [PATCH 06/14] Add gsub() because we need to keep the value null

---
 config_defaults.yml                 | 10 +++++-----
 moduleroot/.github/settings.yml.erb |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/config_defaults.yml b/config_defaults.yml
index 40bd2f27..afa6fd36 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -22,17 +22,17 @@
         required_status_checks:
           strict: true
           contexts: []
-        enforce_admins: ~
-        restrictions: ~
+        enforce_admins: undef
+        restrictions: undef
         required_signatures: true
     - name: modulesync
       protection:
-        required_pull_request_reviews: ~
+        required_pull_request_reviews: undef
         required_status_checks:
           strict: true
           contexts: []
-        enforce_admins: ~
-        restrictions: ~
+        enforce_admins: undef
+        restrictions: undef
         required_signatures: true
 .travis.yml:
   before_install:
diff --git a/moduleroot/.github/settings.yml.erb b/moduleroot/.github/settings.yml.erb
index e162814b..c8c9665d 100644
--- a/moduleroot/.github/settings.yml.erb
+++ b/moduleroot/.github/settings.yml.erb
@@ -1 +1 @@
-<%= @configs.slice('repository', 'labels', 'milestones', 'collaborators', 'teams', 'branches').to_yaml %>
+<%= @configs.slice('repository', 'labels', 'milestones', 'collaborators', 'teams', 'branches').to_yaml.gsub(/undef/, 'null') %>

From 87b74d25100660535527e10202ffa9a43f629935 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Wed, 13 May 2020 12:56:08 +0200
Subject: [PATCH 07/14] Make CODEOWNERS configurable

---
 config_defaults.yml       | 4 ++++
 moduleroot/CODEOWNERS.erb | 8 +++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/config_defaults.yml b/config_defaults.yml
index afa6fd36..341f0382 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -70,6 +70,10 @@
     channels:
     - "chat.freenode.org#voxpupuli-notifications"
   user: puppet
+CODEOWNERS:
+  permissions:
+    '.github/settings.yml': '@voxpupuli/project-maintainers'
+    '*': '@voxpupuli/collaborators'
 Gemfile:
   required:
     ':test':
diff --git a/moduleroot/CODEOWNERS.erb b/moduleroot/CODEOWNERS.erb
index 8e07e90c..2e2bc792 100644
--- a/moduleroot/CODEOWNERS.erb
+++ b/moduleroot/CODEOWNERS.erb
@@ -1,3 +1,5 @@
-.github/settings.yml @voxpupuli/project-maintainers
-
-* @voxpupuli/collaborators
+<% if @configs['permissions'] -%>
+<%   @configs['permissions'].each do |key, value| -%>
+<%= key %> <%= value %>
+<%   end -%>
+<% end -%>

From aef8dea2ad675b884a7e38133a9c326810a24253 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Wed, 13 May 2020 13:05:34 +0200
Subject: [PATCH 08/14] Refactor CODEOWNERS.erb

---
 moduleroot/CODEOWNERS.erb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/moduleroot/CODEOWNERS.erb b/moduleroot/CODEOWNERS.erb
index 2e2bc792..a97f517f 100644
--- a/moduleroot/CODEOWNERS.erb
+++ b/moduleroot/CODEOWNERS.erb
@@ -1,5 +1,3 @@
-<% if @configs['permissions'] -%>
-<%   @configs['permissions'].each do |key, value| -%>
+<% @configs['permissions']&.each do |key, value| -%>
 <%= key %> <%= value %>
-<%   end -%>
 <% end -%>

From 9c738c37972f07c799a09b8ef41453c017991f43 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Thu, 14 May 2020 08:25:10 +0200
Subject: [PATCH 09/14] Disable notifications for @voxpupuli/collaborators

---
 config_defaults.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/config_defaults.yml b/config_defaults.yml
index 341f0382..6c7063bc 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -73,7 +73,6 @@
 CODEOWNERS:
   permissions:
     '.github/settings.yml': '@voxpupuli/project-maintainers'
-    '*': '@voxpupuli/collaborators'
 Gemfile:
   required:
     ':test':

From e77e6f59bf048964317010b3b86956b696145df8 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Thu, 14 May 2020 10:42:10 +0200
Subject: [PATCH 10/14] Prevent new line at the end of file

---
 moduleroot/.github/settings.yml.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/moduleroot/.github/settings.yml.erb b/moduleroot/.github/settings.yml.erb
index c8c9665d..9090a96c 100644
--- a/moduleroot/.github/settings.yml.erb
+++ b/moduleroot/.github/settings.yml.erb
@@ -1 +1 @@
-<%= @configs.slice('repository', 'labels', 'milestones', 'collaborators', 'teams', 'branches').to_yaml.gsub(/undef/, 'null') %>
+<%= @configs.slice('repository', 'labels', 'milestones', 'collaborators', 'teams', 'branches').to_yaml.gsub(/undef/, 'null') -%>

From be28ac3eb093f1c8e716e70cebb735a3d250b2d5 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Thu, 14 May 2020 21:52:04 +0200
Subject: [PATCH 11/14] Disable pull request reviews for master branch

---
 config_defaults.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/config_defaults.yml b/config_defaults.yml
index 6c7063bc..37e289f4 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -15,10 +15,7 @@
   branches:
     - name: master
       protection:
-        required_pull_request_reviews:
-          required_approving_review_count: 1
-          dismiss_stale_reviews: true
-          require_code_owner_reviews: true
+        required_pull_request_reviews: undef
         required_status_checks:
           strict: true
           contexts: []

From 1336e19ba65805a1817e416893488c784290c63e Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Thu, 14 May 2020 21:52:49 +0200
Subject: [PATCH 12/14] Allow force pushes and deletions for modulesync branch

---
 config_defaults.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config_defaults.yml b/config_defaults.yml
index 37e289f4..db7460ea 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -31,6 +31,8 @@
         enforce_admins: undef
         restrictions: undef
         required_signatures: true
+        allow_force_pushes: true
+        allow_deletions: true
 .travis.yml:
   before_install:
     - yes | gem update --system

From 0378109a3e83ffb9d85ec501e78d20d08bc28eac Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Fri, 15 May 2020 12:42:17 +0200
Subject: [PATCH 13/14] Remove parameter delete_branch_on_merge, because it is
 not supported by Probot and will even untick this setting

---
 config_defaults.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/config_defaults.yml b/config_defaults.yml
index db7460ea..29ee614c 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -10,7 +10,6 @@
     allow_squash_merge: true
     allow_merge_commit: true
     allow_rebase_merge: true
-    delete_branch_on_merge: true
     archived: false
   branches:
     - name: master

From 78289bf4ae145b2d77c2af70d1f6991cfd2b334b Mon Sep 17 00:00:00 2001
From: Dennis Hoppe <github@debian-solutions.de>
Date: Tue, 19 May 2020 10:03:08 +0200
Subject: [PATCH 14/14] Do not force signed commits for master branch

---
 config_defaults.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config_defaults.yml b/config_defaults.yml
index 29ee614c..4d49534b 100644
--- a/config_defaults.yml
+++ b/config_defaults.yml
@@ -20,7 +20,7 @@
           contexts: []
         enforce_admins: undef
         restrictions: undef
-        required_signatures: true
+        required_signatures: false
     - name: modulesync
       protection:
         required_pull_request_reviews: undef