Write-guard

Enforce file level write access for monorepos

Usage

Write-guard is designed to enforce file level write access for monorepos that have protected default branches (usually main or master) with

Restrict push enabled
Require status checks to pass before merging enabled.

⚠️ If these are not enforced, file level write access cannot be enforced by write-guard.

Setup

you will need to define a write-guard.yaml in the root of your repository, eg.:

roles:
  - edit-all:
    - team/admins
    - permission/admin
    - user/geritol
access:
  **:
    - role/edit-all
  security/**:
    - team/security

You need to run write-guard on your pull requests eg.:

# .github/workflows/write-guard.yaml

name: Pull Request

on:
  pull_request:
    branches: [master]

jobs:
  write-guard:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
        with:
          ref: master # Important!
          # write-guard needs to run on your master branch to prevent
          # the possibility of pr openers self grant edit permissions
          #
          # the action will retrieve files changed in the current pr
          # and validate write access based on the master branches
          # write-guard.yaml
      - name: write-guard
        uses: geritol/write-guard@v0.4.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Name		Name	Last commit message	Last commit date
Latest commit History 38 Commits
.github/workflows		.github/workflows
.husky		.husky
dist		dist
src		src
.env.example		.env.example
.eslintrc		.eslintrc
.gitignore		.gitignore
.nvmrc		.nvmrc
.nycrc		.nycrc
.prettierrc		.prettierrc
LICENSE		LICENSE
README.md		README.md
action.yml		action.yml
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json

License

geritol/write-guard

Folders and files

Latest commit

History

Repository files navigation

Write-guard

Usage

Setup

About

Topics

Resources

License

Stars

Watchers

Forks

Languages