From d8da637f1e7c4fc47c787dd67086d83191d21805 Mon Sep 17 00:00:00 2001
From: Houssem Ben Ali <hbenali@exoplatform.com>
Date: Thu, 24 Sep 2020 13:55:06 +0200
Subject: [PATCH 1/3] Add Meeds branch push protection

---
 github/lock-Meeds-branches.sh | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100755 github/lock-Meeds-branches.sh

diff --git a/github/lock-Meeds-branches.sh b/github/lock-Meeds-branches.sh
new file mode 100755
index 00000000..93d784c0
--- /dev/null
+++ b/github/lock-Meeds-branches.sh
@@ -0,0 +1,23 @@
+#/bin/bash -eu
+
+[ ${OPERATION} = "LOCK" ] && review_count=6 || review_count=1
+
+echo "Operation \"${OPERATION}\" will be performed..."
+
+echo "Getting Meeds-io repositories..."
+items=$(curl -f -XGET -L "https://api.github.com/orgs/meeds-io/repos" \
+    --header 'Accept: application/vnd.github.v3+json' \
+    --header "Authorization: Bearer ${GIT_TOKEN}" | jq -r '.[] | @base64')
+echo "Done. Performing action..."
+for row in ${items}; do
+    _jq() {
+        echo ${row} | base64 --decode | jq -r ${1}
+    }
+    item="$(_jq '.name')/branches/$(_jq '.default_branch')"
+    echo $item | sed 's|branches/||g'
+    curl -f -XPATCH -L "https://api.github.com/repos/meeds-io/$item/protection/required_pull_request_reviews" \
+        --header 'Accept: application/vnd.github.luke-cage-preview+json' \
+        --header "Authorization: Bearer ${GIT_TOKEN}" \
+        --header 'Content-Type: application/json' \
+        -d "{\"required_approving_review_count\": ${review_count}}"
+done

From 2895b5f694910930999d0eb1ff8214c42e2d2c1a Mon Sep 17 00:00:00 2001
From: Houssem Ben Ali <hbenali@exoplatform.com>
Date: Thu, 24 Sep 2020 17:08:59 +0200
Subject: [PATCH 2/3] Read from catalog

---
 github/lock-Meeds-branches.sh | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/github/lock-Meeds-branches.sh b/github/lock-Meeds-branches.sh
index 93d784c0..9bbf1479 100755
--- a/github/lock-Meeds-branches.sh
+++ b/github/lock-Meeds-branches.sh
@@ -1,21 +1,30 @@
 #/bin/bash -eu
 
 [ ${OPERATION} = "LOCK" ] && review_count=6 || review_count=1
+[[ "${TASK_ID}" =~ ^[0-9]+ ]] || exit 1
 
 echo "Operation \"${OPERATION}\" will be performed..."
 
-echo "Getting Meeds-io repositories..."
-items=$(curl -f -XGET -L "https://api.github.com/orgs/meeds-io/repos" \
-    --header 'Accept: application/vnd.github.v3+json' \
-    --header "Authorization: Bearer ${GIT_TOKEN}" | jq -r '.[] | @base64')
+#echo "Getting Meeds-io repositories..."
+#items=$(curl -f -XGET -L "https://api.github.com/orgs/meeds-io/repos" \
+ #   --header 'Accept: application/vnd.github.v3+json' \
+  #  --header "Authorization: Bearer ${GIT_TOKEN}" | jq -r '.[] | @base64')
+
+items=$(curl -H "Authorization: token ${GIT_TOKEN}" \
+  -H 'Accept: application/vnd.github.v3.raw' \
+  -L "https://api.github.com/repos/exoplatform/swf-release-manager-catalog/contents/exo-platform/${TASK_ID}.json" | jq -r '.[] | @base64')
+
+
 echo "Done. Performing action..."
 for row in ${items}; do
     _jq() {
         echo ${row} | base64 --decode | jq -r ${1}
     }
-    item="$(_jq '.name')/branches/$(_jq '.default_branch')"
-    echo $item | sed 's|branches/||g'
-    curl -f -XPATCH -L "https://api.github.com/repos/meeds-io/$item/protection/required_pull_request_reviews" \
+    item="$(_jq '.name')/branches/$(_jq '.release.branch')"
+    org="$(_jq '.git_organization')"
+    [ $org = "juzu" ] && continue
+    echo "$org/$item" | sed 's|/branches/|:|g'
+    curl -f -XPATCH -L "https://api.github.com/repos/$org/$item/protection/required_pull_request_reviews" \
         --header 'Accept: application/vnd.github.luke-cage-preview+json' \
         --header "Authorization: Bearer ${GIT_TOKEN}" \
         --header 'Content-Type: application/json' \

From 356877275b8629929488eabc052a4ee5fece19ae Mon Sep 17 00:00:00 2001
From: Houssem Ben Ali <hbenali@exoplatform.com>
Date: Fri, 25 Sep 2020 09:59:37 +0200
Subject: [PATCH 3/3] Remove stable/x.x.x restriction

---
 github/lock-Meeds-branches.sh    | 32 -------------------------
 github/lock-releases-branches.sh | 40 ++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 32 deletions(-)
 delete mode 100755 github/lock-Meeds-branches.sh
 create mode 100755 github/lock-releases-branches.sh

diff --git a/github/lock-Meeds-branches.sh b/github/lock-Meeds-branches.sh
deleted file mode 100755
index 9bbf1479..00000000
--- a/github/lock-Meeds-branches.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#/bin/bash -eu
-
-[ ${OPERATION} = "LOCK" ] && review_count=6 || review_count=1
-[[ "${TASK_ID}" =~ ^[0-9]+ ]] || exit 1
-
-echo "Operation \"${OPERATION}\" will be performed..."
-
-#echo "Getting Meeds-io repositories..."
-#items=$(curl -f -XGET -L "https://api.github.com/orgs/meeds-io/repos" \
- #   --header 'Accept: application/vnd.github.v3+json' \
-  #  --header "Authorization: Bearer ${GIT_TOKEN}" | jq -r '.[] | @base64')
-
-items=$(curl -H "Authorization: token ${GIT_TOKEN}" \
-  -H 'Accept: application/vnd.github.v3.raw' \
-  -L "https://api.github.com/repos/exoplatform/swf-release-manager-catalog/contents/exo-platform/${TASK_ID}.json" | jq -r '.[] | @base64')
-
-
-echo "Done. Performing action..."
-for row in ${items}; do
-    _jq() {
-        echo ${row} | base64 --decode | jq -r ${1}
-    }
-    item="$(_jq '.name')/branches/$(_jq '.release.branch')"
-    org="$(_jq '.git_organization')"
-    [ $org = "juzu" ] && continue
-    echo "$org/$item" | sed 's|/branches/|:|g'
-    curl -f -XPATCH -L "https://api.github.com/repos/$org/$item/protection/required_pull_request_reviews" \
-        --header 'Accept: application/vnd.github.luke-cage-preview+json' \
-        --header "Authorization: Bearer ${GIT_TOKEN}" \
-        --header 'Content-Type: application/json' \
-        -d "{\"required_approving_review_count\": ${review_count}}"
-done
diff --git a/github/lock-releases-branches.sh b/github/lock-releases-branches.sh
new file mode 100755
index 00000000..b41a67f6
--- /dev/null
+++ b/github/lock-releases-branches.sh
@@ -0,0 +1,40 @@
+#!/bin/bash -eu
+
+[ ${OPERATION} = "LOCK" ] && review_count=6 || review_count=1
+[[ "${TASK_ID}" =~ ^[0-9]+$ ]] || exit 1
+
+echo "Operation \"${OPERATION}\" will be performed..."
+
+#echo "Getting Meeds-io repositories..."
+#items=$(curl -f -XGET -L "https://api.github.com/orgs/meeds-io/repos" \
+#   --header 'Accept: application/vnd.github.v3+json' \
+#  --header "Authorization: Bearer ${GIT_TOKEN}" | jq -r '.[] | @base64')
+
+echo "Parsing releases branch from catalog..."
+items=$(curl -H "Authorization: token ${GIT_TOKEN}" \
+  -H 'Accept: application/vnd.github.v3.raw' \
+  -L "https://api.github.com/repos/exoplatform/swf-release-manager-catalog/contents/exo-platform/${TASK_ID}.json" | jq -r '.[] | @base64')
+
+echo "Done. Performing action..."
+for row in ${items}; do
+  _jq() {
+    echo ${row} | base64 --decode | jq -r ${1}
+  }
+  item="$(_jq '.name')/branches/$(_jq '.release.branch')"
+  org="$(_jq '.git_organization')"
+  [ $org = "juzu" ] && continue
+  echo "$org/$item" | sed 's|/branches/|:|g'
+  if [ ${OPERATION} = "UNLOCK" ] && [[ "$(_jq '.release.branch')" =~ ^stable/[0-9]+(.[0-9]+)?.x$ ]]; then
+    set +e
+    curl -f -XDELETE -L "https://api.github.com/repos/$org/$item/protection" \
+      --header 'Accept: application/vnd.github.luke-cage-preview+json' \
+      --header "Authorization: Bearer ${GIT_TOKEN}"
+    set -e
+  else
+    curl -f -XPATCH -L "https://api.github.com/repos/$org/$item/protection/required_pull_request_reviews" \
+      --header 'Accept: application/vnd.github.luke-cage-preview+json' \
+      --header "Authorization: Bearer ${GIT_TOKEN}" \
+      --header 'Content-Type: application/json' \
+      -d "{\"required_approving_review_count\": ${review_count}}"
+  fi
+done