diff --git a/api/generated_model_protected_ref.go b/api/generated_model_protected_ref.go index 0193862..de243b0 100644 --- a/api/generated_model_protected_ref.go +++ b/api/generated_model_protected_ref.go @@ -17,4 +17,6 @@ type ProtectedRef struct { Pattern string `yaml:"pattern" json:"pattern" validate:"regexp=^(?!refs\\/(heads|tags)\\/).*$"` // list of users, teams or apps for whom this protection does not apply Exemptions []string `yaml:"exemptions,omitempty" json:"exemptions,omitempty"` + // list of teams for whom this protection does not apply + ExemptionsRoles []string `yaml:"exemptionsRoles,omitempty" json:"exemptionsRoles,omitempty"` } diff --git a/api/openapi-v3-spec.yaml b/api/openapi-v3-spec.yaml index e08c501..53da354 100644 --- a/api/openapi-v3-spec.yaml +++ b/api/openapi-v3-spec.yaml @@ -2338,6 +2338,12 @@ components: items: type: string description: 'A user, team or app identifier. Teams are identified by leading @. prefix, apps are identified by app: prefix.' + exemptionsRoles: + description: list of teams for whom this protection does not apply + type: array + items: + type: string + description: 'A team identifier. Teams are identified by leading @. prefix' ErrorDto: type: object properties: diff --git a/internal/service/repositories/repositories.go b/internal/service/repositories/repositories.go index 582159e..0def6da 100644 --- a/internal/service/repositories/repositories.go +++ b/internal/service/repositories/repositories.go @@ -717,11 +717,22 @@ func (s *Impl) expandProtectedRefsExemptionLists(ctx context.Context, pr []opena return pr } for i, protectedRef := range pr { + protectedRef.ExemptionsRoles = s.filterTeams(protectedRef.Exemptions) protectedRef.Exemptions = s.expandUserGroups(ctx, protectedRef.Exemptions) pr[i] = protectedRef } return pr +} +func (s *Impl) filterTeams(exemptions []string) []string { + var filteredTeams = make([]string, 0) + for _, exemption := range exemptions { + isGroup, _, _ := util.ParseGroupOwnerAndGroupName(exemption) + if isGroup { + filteredTeams = append(filteredTeams, exemption) + } + } + return filteredTeams } func sliceContains[T comparable](haystack []T, needle T) bool { diff --git a/test/resources/acceptance-expected/repositories.json b/test/resources/acceptance-expected/repositories.json index 5e920d5..7b784ca 100644 --- a/test/resources/acceptance-expected/repositories.json +++ b/test/resources/acceptance-expected/repositories.json @@ -59,6 +59,9 @@ "some-other-user", "a-very-special-user" ], + "exemptionsRoles": [ + "@some-owner.users" + ], "pattern": ":MAINLINE:" } ] diff --git a/test/resources/acceptance-expected/repository-expanded-groups.json b/test/resources/acceptance-expected/repository-expanded-groups.json index b610a03..80bdf1f 100644 --- a/test/resources/acceptance-expected/repository-expanded-groups.json +++ b/test/resources/acceptance-expected/repository-expanded-groups.json @@ -45,6 +45,9 @@ "some-other-user", "a-very-special-user" ], + "exemptionsRoles": [ + "@some-owner.users" + ], "pattern": ":MAINLINE:" } ]