REST API v3: wildcard branch protection

Is it possible to GET/SET wildcard branch protection using the API?  Querying does not seem to work with wildcards at least, although branches being matched are individually shown as being protected, it doesn’t seem possible to tell the difference between ones matching a wildcard, and those with specific settings.

13 Likes

Hi @beiriannydd,

Thanks for being here and for asking this question. At this time, this isn’t supported. However, we’re always working to improve, and we consider every suggestion we receive. I’ve logged this in our internal feature request list. Though I can’t guarantee anything or share a timeline for this, I can tell you that it’s been shared with the appropriate teams for consideration.

Please let me know if you have any other questions.

Cheers!

2 Likes

Thanks @nadiajoyce . A use case here would be using the terraform github provider. 

https://github.com/terraform-providers/terraform-provider-github/issues/164

2 Likes

Unfortunate that the api support didn’t come in advance of or with the ux support… makes it hard to take advantage of when programatically creating the repositories on behalf of someone who wont have rights to create the restrictions.  Hopefully it will be coming in the not too distant future.

1 Like

This would be a great feature for organizations which have multiple repos and branches.

2 Likes

@nadiajoyce - Is there any update on potentially enabling this feature?  This is a significant painpoint for migrating my Organization (130+ repos) to GitHub.  As is, I’m stuck configuring this manually for each repo as we have a hard requirement for wildcard branch protection.  It would be great to be able to automate this.  

5 Likes

+1 for this being a real nuisance and gap in the octokit APIs.  It makes no sense that these can be created, edited and deleted manually using the UI, but there is no programmatic mechanism for doing so.

Can you please explain the technical details regarding why this is difficult or hasn’t been implemented?

Hello, I know this question is related to the Rest API v3 and you may have to stick with it but there is a mutation available using the octokit GraphQL API V4. It supports actual pattern such as release/* or hotfix/*.

See example below:

const { graphql } = require('@octokit/graphql');

const octoql = graphql.defaults({
      headers: {
        authorization: `token ${process.env.GITHUB_TOKEN}`
      }
});

octoql(
          `
            mutation($input: CreateBranchProtectionRuleInput!) {
              createBranchProtectionRule(input: $input) {
                branchProtectionRule {
                  id
                }
              }
            }
          `,
          {
            input: {
              repositoryId: repo.data.node_id,
              pattern: "release/*",
              dismissesStaleReviews: true,
              requiresApprovingReviews: true,
              requiredApprovingReviewCount: 1,
              isAdminEnforced: true,
              requiresStatusChecks: null
            }
          }
        );

You can get the repositoryId using the Rest API or the GraphQL API.

Hope this helps.

For anyone trying to work GraphQL into a cURL call / shell script (like I was), after a lot of pain I eventually found success with something like this.  You’ll have to rework it for the protections you need, and obviously replace the ‘xxxxxxx’ values with your actual hex IDs.  Hopefully this helps someone, I wasn’t able to find examples of this anywhere. 

function generate_gh_wildcard_branch_post_data() {
local repo_node_id="xxxxxxxxxxxxxxxxxxxxxxxx"
local pattern="release/*"
local admin_team_node_id="xxxxxxxxxxxxxxxxxxxxxxxxx"
local write_team_node_id="xxxxxxxxxxxxxxxxxxxxxxxxx"
cat <<EOF
{"query": "mutation CreateBranchProtectionRule { createBranchProtectionRule(input:{repositoryId:\"$repo_node_id\" pattern:\"$pattern\" requiresApprovingReviews: true requiredApprovingReviewCount: 2 requiresCodeOwnerReviews: true restrictsPushes: true pushActorIds: [\"$admin_team_node_id\" \"$write_team_node_id\"] dismissesStaleReviews: true}) { clientMutationId } }"}
EOF
}

function github_add_wildcard_branch_protection {
  local payload="$(generate_gh_wildcard_branch_post_data)"
  curl -ks -X POST \
    -H 'Content-Type: application/json' \
    -H "Authorization: bearer $GITHUB_TOKEN" \
    --data "$payload" \
    $GITHUB_GRAPHQL_API
}

Is there any update on this being added to the GitHub Rest API? GitLab solved this issue over 2 years ago and this is a pretty large pain point for our organization in having to update hundreds of repositories manually so they all have the same branch protection rules. For reference we don’t have time/skillset to implement the GraphQL solution and believe this should be supported in the Rest API since it’s possible through the normal web UI.