Otterdog v0.8.0

Added

• Added validation for setting gh_pages_source_path of a repository to check for allowed values.
• Added a playground and visualization of the default settings for a project to the dashboard. (#293)
• Added support for overriding default settings in the otterdog config from a file .otterdog-defaults.json.
• Added support for setting required_merge_queue in repository rulesets. (#282)
• Added support for setting target in repository rulesets.
• Added support for parameter --repo-filter for plan and apply operations. (#275)
• Added support for tags for deployment policies in environments. (#268)
• Added support for custom properties. (#256)
• Added validation for setting forked_repository of a repository to match the expected format <owner>/<repo>.
• Added operation review-permissions to review requested permissions updates from GitHub apps for an organization. (#260)
• Added operation uninstall-app to uninstall a GitHub app for an organization.
• Added operation local-apply to apply change based on two local configurations. (#257)
• Added policy macos_large_runners to control whether MacOS large runners are permitted to use in an organization. (#251)
• Added operation install-app to install a GitHub app for an organization. (#250)
• Added option --no-diff and --force to the push-config operation to disable showing diffs and interactive approvals. (#246)

Changed

• Do not include settings whose values is null in the plan operation output when a resource is added.
• Include model_only settings in the plan operation output when a resource is added.
• Converted status check related settings of a Ruleset into an embedded model object similar to merge queue settings.
• Display changes in list properties using sequence comparison.
• Converted pull request related settings of a Ruleset into an embedded model object similar to merge queue settings.
• Use jsonata instead of jq for querying json objects.
• Use ghproxy by default as transparent cache / proxy when accessing the GitHub API from the webapp. (#274)
• Changed parameter --update-filter for various operations from a python regular expression to a shell pattern format.
• Changed operation import to mask webhook urls in a similar way as in the previous configuration if present.
• Added a retry logic for calls to https://api.github.com to gracefully handle intermittent connection problems.
• Changed ApplyChangesTask to use a local-apply operation rather than an apply operation. (#257)
• Changed operation fetch-config to include 2 additional parameters suffix and ref to fetch a config from a specific git reference.
• Changed operation push-config to always show a diff of the local changes compared to the current remote configuration prior to execution. (#246)

Fixed

• Fixed throttling of comments generated when checking if the configuration is in sync with the live settings.
• Fixed creation of a Ruleset if no merge queue is specified.
• Ensured that validation for a Ruleset fails if any parameter of required_pull_request is missing as they are required.
• Creating a repo with gh_pages_build_type: "disabled" is now working again after changes on GitHub side.
• Avoided unnecessary GitHub API calls when getting the default_branch or id of a repository.
• Detect errors during an automatic apply operation and add a corresponding comment to the pull request.
• Support showing dialog windows when using operation web-login.
• Fixed showing changes to dummy secret values when performing a local-plan operation. (#245)
• Added proper error handling in case no base_template is defined in the otterdog configuration file. (#247)

Otterdog v0.7.0

Added

• Added support for disabling default code security configurations. (#234)
• Added support for configuring default code scanning setup of a repository. (#198)
• Added operation open-pr to automatically create a PR for local changes. (#230)
• Added author information from git when pushing config changes with push-config. (#228)

Changed

• Deprecated organization settings dependabot_alerts_enabled_for_new_repositories,
  dependabot_security_updates_enabled_for_new_repositories and dependency_graph_enabled_for_new_repositories.
• Deprecated organization setting has_repository_projects.

Fixed

• Fixed updating the configuration of a project when its base template changed. (#221)
• Fixed updating configuration when the github_id of a project changed. (#235)

Otterdog v0.6.0

Added

• Added support for oauth authentication using GitHub. (#202)
• Added support for auto-merging of PRs under certain conditions. (#110)
• Added handling for settings that require access to the Web UI. (#208)
• Added support for repository setting private_vulnerability_reporting_enabled. (#205)
• Added a graphql based query interface to the dashboard. (#204)

Changed

• Reduced the number of automatic checks that are performed every time a PR gets updated. (#217)
• Support auto-merge also for project leads and admins. (#216)
• Do not enable auto-merge for PRs that also touch files other than the configuration. (#220)
• Use scoped commands for interaction via pull requests. (#211)

Fixed

• Use pagination when retrieving all branches of a repository.

Otterdog v0.5.0

Note

This version includes lots of additions and changes related to the GitHub App mode which are not
covered in the changelog.

Added

• Added automatic handling of configuration changes by acting as a GitHub App.
• Support adding wildcards to Webhook urls to hide sensitive parts. (#84)

Changed

• Removed jsonnetfile.json and jsonnetfile.lock.json files in the config repo.

Otterdog v0.4.0

Added

• Support running otterdog as a GitHub app. (#16)
• Added operation install-deps in order to install required runtime dependencies (firefox browser).

Changed

• Include changes to secret values in Webhooks and Secret resources in plan operations. (#168)
• Improve coercing of organization-level settings for repository settings. (#161)
• Coerce repository workflow settings from organization workflow settings that are more restrictive. (#135)

Fixed

• Correctly coerce workflow setting actions_can_approve_pull_request_reviews and add a validation rule. (#166)

Otterdog v0.3.0

Added

• Added support for creating new repositories as fork. (#153)
• Added support for action variables on organizational and repository level. (#150)
• Added operation list-members to display the amount of members for an organization.
• Added support for repository rulesets. (#53)
• Added support for workflow settings of a repository. (#113)
• Added possibility to define custom hooks in the default configuration when adding new resource. (#106)
• Added validation for repos hosting the organization site, i.e. .github.io. (#83)
• Added validation for secrets and webhooks to issue a warning if a value is provided that does not use a credential provider.
• Added operation delete-file to delete files in a repo of an organization.
• Added support for workflow settings for an organization. (#62)
• Added operation list-apps to display current app installations for an organization. (#101)
• Added validation for secrets to not start with restricted prefix "GITHUB_". (#100)
• Added operation dispatch-workflow to dispatch a workflow in a specified repository.
• Added flag --update-filter for plan, local-plan and apply operations to only update matching webhooks / secrets. (#90)
• Added support for github-pages configuration for a repository. (#59)
• Added support for blocks_creations and restricts_pushes settings for a branch protection rule. (#87)
• Added support for custom validation rules that are retrieved together with the default configuration.
• Added support for dependabot_security_updates_enabled setting for a repository. (#69)
• Added support for configuring discussions on organization and repository level. (#67)
• Added support for shell autocompletion. (#65)

Removed

• Removed organization setting default_workflow_permissions which is now part of the workflow settings.
• Removed organization setting members_can_create_pages which is a read-only setting.
• Removed organization setting organization_projects_enabled which encodes the same information as has_organization_projects.

Changed

• Updated library aiohttp-client-cache to v0.10.0 to support conditional requests natively. (#139)
• Support renaming the current default_branch if the new branch does not exist yet. (#76)
• Use async io for to speed up retrieval of current resources from GitHub. (#114)
• Changed Operation canonical-diff to ignore ordering of keys.
• Support setting a non-existing branch as source branch for GitHub Pages deployment. (#96)
• Renamed branch protection rule property required_approving_reviews to requires_pull_request which is more consistent with its semantics.
• Exclude temporary private fork repositories created for security advisories. (#66)
• Adding a retry mechanism for generating a totp when signing in via the GitHub Web UI due to a recent change that a totp can not be reused anymore.

Fixed

• Apply repository workflow settings when creating a new repository. (#130)
• Added validation for the maximum number of supported topics defined for a repository. (#129)
• Prevent sync-template operation to fail in some cases due to cached responses. (#125)
• Made creating of repositories from a template more resilient to errors. (#124)
• Do not take push_restrictions into account for diff calculation when restricts_pushes is disabled. (#121)
• Made retrieval of organization setting readers_can_create_discussions optional as it's not available for empty organizations. (#116)
• Fixed resetting apply operation when running it on multiple organizations at the same time.
• Fixed retrieving repository secrets for temporary private clone repositories.

Otterdog v0.2.0

Added

• Added new operation web-login to open a browser window logged in to an organization.
• Added support for organization level secrets. (#52)
• Added support for repository level secrets. (#52)
• Added support for repository level environments. (#58)
• Added new operation show-live to show the current live resources of an organization.
• Added support for changing the webhook url by introducing an additional field aliases.
• Added support for repository webhooks. (#56)
• Added support for requires_deployment and required_deployment_environment settings for branch protection rules. (#29)
• Added support for auto_init setting for repositories: when enabled, repositories will get initialized with a README.md upon creation.
• Added support to post process some content initialized from a template repo using setting post_process_template_content.
• Added support to delete resources that are missing in definition (must be explicitly enabled with flag --delete-resources). (#49)
• Added support for renaming of repositories by introducing an additional field aliases. (#43)
• Added support for overriding the config_repo setting per organization. (#48)
• Added new operation canonical-diff to show differences of the current configuration compared to a canonical version. (#45)
• Added new operation sync-template to synchronize the contents of repositories created from a template. (#41)
• Added support for topics setting for repositories. (#44)

Changed

• Changed import operation to sync secrets from existing configurations.
• Changed format to specify actors in branch protection rules, using a '@' prefix to denote users and teams, and not prefix for apps.
• Deprecated setting team_discussions_allowed which has been removed from the GitHub Web UI. (#54)
• Changed indentation for import operation.
• Skipping organization webhooks with a dummy secret during processing.
• Simplified setting base_template and support a per-organization override. (#39)
• Operation import will create a backup of the existing definition for an organization if it already exists.
• Non-existing users and teams will now trigger a warning message rather a failure during the execution of an apply operation. (#51)
• Prevent printing of credential data when trace mode is enabled. (#47)
• Switching to module click for command line parsing.
• Updated module playwright to version 1.33.0.
• Updated module requests to version 2.30.0.

Fixed

• Fixed selector for logging out a user when accessing the GitHub Web UI after some changes to the Web UI.

Otterdog v0.1.0

Sunrise release

Added

• Added support for default_workflow_permissions setting for organizations. (#36)
• Added support for security_managers setting for organizations. (#35)
• Added support for is_template and template_repository setting for repository settings. (#34)
• Added flag --update-webhooks for apply / plan / local-plan operations to force updates of webhooks with secrets. (#21)
• Added support for secret_scanning_push_protection setting for repository settings. (#33)
• Added support for extending list-based properties, e.g. required_status_checks for branch protection rules.
• Added operation local-plan to output changes that will be applied by based on another local config.
• Added flag --pull-request for fetch-config operation to fetch the config from a specific pull request.
• Added support for required_status_checks setting for branch protection rules. (#5)
• Added flag --message for push-config operation to specify the commit message.
• Added support for pre-defined repositories in the default configuration. (#23)
• Added option --no-web-ui for import operation as well. (#20)
• Added request caching for REST api calls. (#18)
• Added support for bypass_force_push_allowances setting for branch protection rules. (#5)
• Added support for bypass_pull_request_allowances setting for branch protection rules. (#5)
• Added support for review_dismissal_allowances setting for branch protection rules. (#5)
• Added support for push_restrictions setting for branch protection rules. (#5)
• Added option --no-web-ui to skip processing settings accessed via the GitHub Web UI. (#12)

Changed

• Changed settings for branch protection rules from camel case to snake case notation. (#37)
• Removed prefix organization_ from settings organization_projects_enabled and members_can_change_project_visibility for organizations. (#38)
• Switch to go-jsonnet and use released version v0.20.0 in the container image. (#25)
• Use released version v0.5.1 of jsonnet-bundler in the container image. (#24)
• Update some repo settings after creation as they are not taken correctly into account during creation by GitHub.
• Added special handling for web_commit_signoff_required: if changed organization wide, it will implicitly change the same setting on repo level.
• Removed restricts_pushes setting from branch protection rules as it is implicitly set based on setting push_restrictions.