Feature/output current admin enabled (#25)

* add current-status output * rename enforce_admins in enforce-admins for consistency * rename current-status to initial-status * make inputs and outputs all POSIX-compliant
benjefferies · Sep 18, 2021 · 2b60c2b · 2b60c2b
1 parent e581b37
commit 2b60c2b
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 11 deletions.
diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
@@ -33,7 +33,7 @@ jobs:
       uses: benjefferies/branch-protection-bot@master
       if: always()
       with:
-        access-token: ${{ secrets.ACCESS_TOKEN }}
+        access_token: ${{ secrets.ACCESS_TOKEN }}
         enforce_admins: false
     - name: Test empty commit
       run: |
@@ -46,10 +46,10 @@ jobs:
       uses: benjefferies/branch-protection-bot@master
       if: always()
       with:
-        access-token: ${{ secrets.ACCESS_TOKEN }}
+        access_token: ${{ secrets.ACCESS_TOKEN }}
     - name: Force enable "include administrators" branch protection
       uses: benjefferies/branch-protection-bot@master
       if: always()
       with:
-        access-token: ${{ secrets.ACCESS_TOKEN }}
+        access_token: ${{ secrets.ACCESS_TOKEN }}
         enforce_admins: true
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # Branch Protection Bot
-A bot tool to temporarily disable and re-enable "Include administrators" option in branch protection
+A bot tool to temporarily disable and re-enable `Include administrators` option in branch protection
 
 Github doesn't have a way to give a Bot access to override the branch protection, specifically if you [include administrators](https://github.com/isaacs/github/issues/1390).
 The only possible solution is to disable the `include administrators` option. This increases risk of accidental pushes to master from administrators (I've done it a few times).
@@ -26,7 +26,7 @@ docker run -e ACCESS_TOKEN=abc123 -e BRANCH=master -e REPO=branch-protection-bot
   uses: benjefferies/branch-protection-bot@master
   if: always()
   with:
-    access-token: ${{ secrets.ACCESS_TOKEN }}
+    access_token: ${{ secrets.ACCESS_TOKEN }}
     branch: ${{ github.event.repository.default_branch }}
     
 - name: Deploy
@@ -38,15 +38,15 @@ docker run -e ACCESS_TOKEN=abc123 -e BRANCH=master -e REPO=branch-protection-bot
   uses: benjefferies/branch-protection-bot@master
   if: always()  # Force to always run this step to ensure "include administrators" is always turned back on
   with:
-    access-token: ${{ secrets.ACCESS_TOKEN }}
+    access_token: ${{ secrets.ACCESS_TOKEN }}
     owner: benjefferies
     repo: branch-protection-bot
     branch: ${{ github.event.repository.default_branch }}
 ```
 
 #### Inputs
 
-##### `access-token`
+##### `access_token`
 
 **Required** Github access token. https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line. Requires full repository access scope
 
@@ -68,7 +68,37 @@ Number of times to retry before exiting. Default `5`.
 
 ##### `enforce_admins`
 
-If you want to pin the state of "Include administrators" for a step in the workflow.
+If you want to pin the state of `Include administrators` for a step in the workflow.
+
+#### Outputs
+
+##### `initial_status`
+
+Output the current branch protection status of `Include administrators` prior to any change.
+You can retrieve it from any next step in your job using: `${{ steps.disable_include_admins.outputs.initial_status }}`.
+This would help you to restore the initial setting this way:
+
+```yaml
+steps:
+    - name: "Temporarily disable 'include administrators' default branch protection"
+    id: disable_include_admins
+    uses: benjefferies/branch-protection-bot@master
+    if: always()
+    with:
+        access_token: ${{ secrets.ACCESS_TOKEN }}
+        branch: ${{ github.event.repository.default_branch }}
+        enforce_admins: false
+
+    - ...
+
+    - name: "Restore 'include administrators' default branch protection"
+    uses: benjefferies/branch-protection-bot@master
+    if: always() # Force to always run this step to ensure "include administrators" is always turned back on
+    with:
+        access_token: ${{ secrets.ACCESS_TOKEN }}
+        branch: ${{ github.event.repository.default_branch }}
+        enforce_admins: ${{ steps.disable_include_admins.outputs.initial_status }}
+```
 
 ## Github repository settings
 The Bot account must be an administrator.
diff --git a/action.yml b/action.yml
@@ -6,7 +6,7 @@ branding:
   color: blue
   icon: unlock
 inputs:
-  access-token:
+  access_token:
     description: 'Github access token. https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line'
     required: true
   owner:
@@ -26,12 +26,15 @@ inputs:
   enforce_admins:
     description: 'Flag to explicitly enable or disable "Include administrators"'
     required: false
+outputs:
+  initial_status:
+    description: "Output the current branch protection status of 'Include administrators' prior to any change"
 
 runs:
   using: 'docker'
   image: 'Dockerfile'
   env:
-    ACCESS_TOKEN: ${{ inputs.access-token }}
+    ACCESS_TOKEN: ${{ inputs.access_token }}
     OWNER: ${{ inputs.owner }}
     REPO: ${{ inputs.repo }}
     BRANCH: ${{ inputs.branch }}

diff --git a/run.py b/run.py
@@ -21,6 +21,8 @@ def toggle_enforce_admin(options):
     print(f"Getting branch protection settings for {owner}/{repo_name}")
     protection = get_protection(access_token, branch_name, owner, repo_name)
     print(f"Enforce admins branch protection enabled? {protection.enforce_admins.enabled}")
+    # save the current status for use later on if desired
+    print(f"::set-output name=initial_status::{protection.enforce_admins.enabled}")
     print(f"Setting enforce admins branch protection to {enforce_admins if enforce_admins is not None else not protection.enforce_admins.enabled}")
     for i in range(retries):
         try:
@@ -76,6 +78,6 @@ def disable(protection):
     p.add_argument('--github_repository', env_var='GITHUB_REPOSITORY', required=False, default='', help='Owner and repo. For example benjefferies/branch-protection-bot for https://github.com/benjefferies/branch-protection-bot')
     p.add_argument('-b', '--branch', env_var='BRANCH', default='master', help='Branch name')
     p.add_argument('--retries', env_var='RETRIES', default=5, help='Number of times to retry before exiting')
-    p.add_argument('--enforce_admins', env_var='ENFORCE_ADMINS', default=None, help='Flag to explicitly enable or disable "Include administrators"')
+    p.add_argument('--enforce-admins', env_var='ENFORCE_ADMINS', default=None, help='Flag to explicitly enable or disable "Include administrators"')
 
     toggle_enforce_admin(p.parse_args())