This is a service that listens to GitHub organization events. When a new repository is created the service will automatically enable branch protection on the default branch. It will then notify the repository creator of the enabled branch protections with a @mention
by creating an issue within the repository.
Create a GitHub webhook in your organization by following the documentation. Note that this needs to be created at the organization level.
- For Payload URL
- Allow external ingress traffic on port 9000 to the host where this service will be running. It should look similar to:
http://webhooks.example.com:9000/hooks/branch-protection
- Allow external ingress traffic on port 9000 to the host where this service will be running. It should look similar to:
- Set Content type to application/json
- Set the webhook secret to any value (make note of this value, it will be used later)
- On the radio dial under Which events would you like to trigger this webhook?
- Select Let me select individual events
- Select Repositories
- Follow the documentation to create a PAT for use with this webhook service. Make note of the token value as it will be used later.
This service uses a lightweight webhook server called webhook. It's possible to install webhook as a native Linux service, please refer to that repository on details for installing that way. However, in this example we will be containerizing this webhook service.
- Install Docker on the host that will be running the branch protection web service.
Other container runtimes should work with this service as well.
On the host where the port 9000 firewall rule is applied run the command below, making sure to substitute the values used in the Create GitHub Webhook section.
docker run -d \
-e WEBHOOK_SECRET=<webhook_secret> \
-e GH_TOKEN=<github_pat> \
-p 9000:9000 \
ahromis/auto-branch-protect:latest
Once the service is running then create a new repo under your organization.
This example runs on the HTTP protocol. For production use this should be run using HTTPS. Enabling HTTPS for this web service can be accomplished by enabling HTTPS for the webhook project by following the documentation or by using a TLS enabled load balancer in front of this service.
If enabling HTTPS by using the webhook project this repository will need to be forked, modified accordingly, and the container image will need to be rebuilt.