Skip to content

Add concourse github org to org automation#1545

Open
stephanme wants to merge 4 commits into
mainfrom
concourse-org
Open

Add concourse github org to org automation#1545
stephanme wants to merge 4 commits into
mainfrom
concourse-org

Conversation

@stephanme

@stephanme stephanme commented Jul 2, 2026

Copy link
Copy Markdown
Member

Concourse wg definition taken from #1540

TODOs:

  • fill concourse repos in orgs.yml, ideally with a peribolos dump
  • grant org automation workflow sufficient access in concourse org to manage repos and teams, hopefully this works with the CF org automation github app
  • review concourse sections in generated org.out.yml and branchprotection.out.yml

- concourse wg definition taken from #1540
@stephanme

Copy link
Copy Markdown
Member Author

@taylorsilva : Can you install the github app "CF Foundation Community Automation" (https://github.com/apps/cf-foundation-community-automation) into your concourse org and grant it the following permissions to all repos (these are the permissions granted in the cloudfoundry org):

  • Read access to metadata
  • Read and write access to administration, checks, code, commit statuses, environments, issues, members, organization administration, organization user blocking, and pull requests
  • Admin access to organization projects and repository projects

This should enable the CFF org automation to manage the concourse org. I would test it then by running the Dump Github Organization Settings workflow.

@taylorsilva

Copy link
Copy Markdown
Contributor

I've installed the app into the Concourse org. I think because I'm not part of the CF org here yet I can't run the workflow though. Can you kick it off and I'll check the output. Feel free to ping me here again.

- copied from org dump #1557
@stephanme

Copy link
Copy Markdown
Member Author

Result of concourse org dump: #1557 (note that it just the concourse org).

I copied the repos part over into orgs.yaml of this PR.

Resulting orgs.out.yml is attached. This is the input for peribolos and describes how the concourse org will look like after the org automation did its job. Please review carefully.

@stephanme

Copy link
Copy Markdown
Member Author

orgs.out.yml

@stephanme

Copy link
Copy Markdown
Member Author

branchprotection.out.yml

@stephanme stephanme marked this pull request as ready for review July 9, 2026 12:06
Comment on lines 57 to 60
- name: Ivan Chalukov
github: IvanChalukov
- name: Kump3r
github: Kump3r

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ivan and Kalin should be under the approvers section now since the following PR's were approved and merged:

Comment thread orgs/branchprotection.yml
Comment on lines +710 to +711
concourse:
repos: {}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is left blank, as-is, what happens to all the rules we currently have in place across our repos? Will the automation force some defaults onto all of our repo's?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at branchprotection.out.yml from your comment, it looks like defaults are applied. Looking at just one repo as an example:

        concourse:
          allow_deletions: false
          allow_disabled_policies: true
          allow_force_pushes: false
          enforce_admins: true
          include:
          - ^master$
          - ^v[0-9]*$
          protect: true
          required_pull_request_reviews:
            bypass_pull_request_allowances:
              teams:
              - wg-concourse-bots
            dismiss_stale_reviews: true
            require_code_owner_reviews: true
            required_approving_review_count: 1

It's missing protecting our release/* branches, and the required status checks we have set in that repo too for PRs. Is it also possible to protect tags as well in this list?

It seems that we should populate this field with all of our custom rules across our repos. How should we collaborate on this? Should I update it and paste the file here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Status: Inbox

Development

Successfully merging this pull request may close these issues.

2 participants