tenseleyflow/shithub / c8ddb9c

+type BranchProtectionRule struct {

+	ID                   int64

+	RepoID               int64

+	Pattern              string

+	PreventForcePush     bool

+	PreventDeletion      bool

+	RequirePrForPush     bool

+	AllowedPusherUserIds []int64

+	RequireSignedCommits bool

+	StatusChecksRequired []string

+	CreatedAt            pgtype.Timestamptz

+	UpdatedAt            pgtype.Timestamptz

+	CreatedByUserID      pgtype.Int8

+}

+

+type BranchProtectionRule struct {

+	ID                   int64

+	RepoID               int64

+	Pattern              string

+	PreventForcePush     bool

+	PreventDeletion      bool

+	RequirePrForPush     bool

+	AllowedPusherUserIds []int64

+	RequireSignedCommits bool

+	StatusChecksRequired []string

+	CreatedAt            pgtype.Timestamptz

+	UpdatedAt            pgtype.Timestamptz

+	CreatedByUserID      pgtype.Int8

+}

+

+-- SPDX-License-Identifier: AGPL-3.0-or-later

+--

+-- Branch protection rules. Each rule is one (repo, glob pattern) tuple

+-- with a set of bool/array fields the pre-receive hook checks. Pattern

+-- matching is glob-style (filepath.Match: `*`, `?`, `[abc]`) — matches

+-- GitHub's UX and is easy to author.

+--

+-- Some columns are placeholders for later sprints:

+--   require_signed_commits   — post-MVP signing surface

+--   require_pr_for_push      — post-MVP "no direct push" enforcement

+--   status_checks_required   — S24 ships the check engine

+--

+-- The pre-receive hook ignores those columns until their owning sprint

+-- wires real enforcement; the schema is forward-compatible.

+

+-- +goose Up

+CREATE TABLE branch_protection_rules (

+    id                          bigserial   PRIMARY KEY,

+    repo_id                     bigint      NOT NULL REFERENCES repos(id) ON DELETE CASCADE,

+    pattern                     text        NOT NULL,

+    prevent_force_push          boolean     NOT NULL DEFAULT true,

+    prevent_deletion            boolean     NOT NULL DEFAULT true,

+    require_pr_for_push         boolean     NOT NULL DEFAULT false,

+    allowed_pusher_user_ids     bigint[]    NOT NULL DEFAULT '{}',

+    require_signed_commits      boolean     NOT NULL DEFAULT false,

+    status_checks_required      text[]      NOT NULL DEFAULT '{}',

+    created_at                  timestamptz NOT NULL DEFAULT now(),

+    updated_at                  timestamptz NOT NULL DEFAULT now(),

+    created_by_user_id          bigint      REFERENCES users(id) ON DELETE SET NULL,

+

+    CONSTRAINT branch_protection_rules_pattern_length CHECK (char_length(pattern) BETWEEN 1 AND 200)

+);

+

+CREATE INDEX branch_protection_rules_repo_idx ON branch_protection_rules (repo_id, pattern);

+

+CREATE TRIGGER set_updated_at BEFORE UPDATE ON branch_protection_rules

+    FOR EACH ROW EXECUTE FUNCTION tg_set_updated_at();

+

+-- +goose Down

+DROP TABLE IF EXISTS branch_protection_rules;

+-- SPDX-License-Identifier: AGPL-3.0-or-later

+

+-- name: ListBranchProtectionRules :many

+SELECT id, repo_id, pattern,

+       prevent_force_push, prevent_deletion, require_pr_for_push,

+       allowed_pusher_user_ids,

+       require_signed_commits, status_checks_required,

+       created_at, updated_at, created_by_user_id

+FROM branch_protection_rules

+WHERE repo_id = $1

+ORDER BY pattern;

+

+-- name: GetBranchProtectionRule :one

+SELECT id, repo_id, pattern,

+       prevent_force_push, prevent_deletion, require_pr_for_push,

+       allowed_pusher_user_ids,

+       require_signed_commits, status_checks_required,

+       created_at, updated_at, created_by_user_id

+FROM branch_protection_rules

+WHERE id = $1;

+

+-- name: UpsertBranchProtectionRule :one

+INSERT INTO branch_protection_rules (

+    repo_id, pattern,

+    prevent_force_push, prevent_deletion, require_pr_for_push,

+    allowed_pusher_user_ids, created_by_user_id

+) VALUES (

+    $1, $2, $3, $4, $5, $6, sqlc.narg(created_by_user_id)::bigint

+)

+RETURNING id;

+

+-- name: UpdateBranchProtectionRule :exec

+UPDATE branch_protection_rules

+SET pattern = $2,

+    prevent_force_push = $3,

+    prevent_deletion = $4,

+    require_pr_for_push = $5,

+    allowed_pusher_user_ids = $6

+WHERE id = $1;

+

+-- name: DeleteBranchProtectionRule :exec

+DELETE FROM branch_protection_rules WHERE id = $1;

+

+-- name: UpdateRepoDefaultBranch :exec

+-- Used by the default-branch settings handler. The on-disk HEAD update

+-- is a separate step done via `git symbolic-ref` from the orchestrator.

+UPDATE repos SET default_branch = $2, updated_at = now() WHERE id = $1;

+// Code generated by sqlc. DO NOT EDIT.

+// versions:

+//   sqlc v1.31.1

+// source: branch_protection.sql

+

+package reposdb

+

+import (

+	"context"

+

+	"github.com/jackc/pgx/v5/pgtype"

+)

+

+const deleteBranchProtectionRule = `-- name: DeleteBranchProtectionRule :exec

+DELETE FROM branch_protection_rules WHERE id = $1

+`

+

+func (q *Queries) DeleteBranchProtectionRule(ctx context.Context, db DBTX, id int64) error {

+	_, err := db.Exec(ctx, deleteBranchProtectionRule, id)

+	return err

+}

+

+const getBranchProtectionRule = `-- name: GetBranchProtectionRule :one

+SELECT id, repo_id, pattern,

+       prevent_force_push, prevent_deletion, require_pr_for_push,

+       allowed_pusher_user_ids,

+       require_signed_commits, status_checks_required,

+       created_at, updated_at, created_by_user_id

+FROM branch_protection_rules

+WHERE id = $1

+`

+

+func (q *Queries) GetBranchProtectionRule(ctx context.Context, db DBTX, id int64) (BranchProtectionRule, error) {

+	row := db.QueryRow(ctx, getBranchProtectionRule, id)

+	var i BranchProtectionRule

+	err := row.Scan(

+		&i.ID,

+		&i.RepoID,

+		&i.Pattern,

+		&i.PreventForcePush,

+		&i.PreventDeletion,

+		&i.RequirePrForPush,

+		&i.AllowedPusherUserIds,

+		&i.RequireSignedCommits,

+		&i.StatusChecksRequired,

+		&i.CreatedAt,

+		&i.UpdatedAt,

+		&i.CreatedByUserID,

+	)

+	return i, err

+}

+

+const listBranchProtectionRules = `-- name: ListBranchProtectionRules :many

+

+SELECT id, repo_id, pattern,

+       prevent_force_push, prevent_deletion, require_pr_for_push,

+       allowed_pusher_user_ids,

+       require_signed_commits, status_checks_required,

+       created_at, updated_at, created_by_user_id

+FROM branch_protection_rules

+WHERE repo_id = $1

+ORDER BY pattern

+`

+

+// SPDX-License-Identifier: AGPL-3.0-or-later

+func (q *Queries) ListBranchProtectionRules(ctx context.Context, db DBTX, repoID int64) ([]BranchProtectionRule, error) {

+	rows, err := db.Query(ctx, listBranchProtectionRules, repoID)

+	if err != nil {

+		return nil, err

+	}

+	defer rows.Close()

+	items := []BranchProtectionRule{}

+	for rows.Next() {

+		var i BranchProtectionRule

+		if err := rows.Scan(

+			&i.ID,

+			&i.RepoID,

+			&i.Pattern,

+			&i.PreventForcePush,

+			&i.PreventDeletion,

+			&i.RequirePrForPush,

+			&i.AllowedPusherUserIds,

+			&i.RequireSignedCommits,

+			&i.StatusChecksRequired,

+			&i.CreatedAt,

+			&i.UpdatedAt,

+			&i.CreatedByUserID,

+		); err != nil {

+			return nil, err

+		}

+		items = append(items, i)

+	}

+	if err := rows.Err(); err != nil {

+		return nil, err

+	}

+	return items, nil

+}

+

+const updateBranchProtectionRule = `-- name: UpdateBranchProtectionRule :exec

+UPDATE branch_protection_rules

+SET pattern = $2,

+    prevent_force_push = $3,

+    prevent_deletion = $4,

+    require_pr_for_push = $5,

+    allowed_pusher_user_ids = $6

+WHERE id = $1

+`

+

+type UpdateBranchProtectionRuleParams struct {

+	ID                   int64

+	Pattern              string

+	PreventForcePush     bool

+	PreventDeletion      bool

+	RequirePrForPush     bool

+	AllowedPusherUserIds []int64

+}

+

+func (q *Queries) UpdateBranchProtectionRule(ctx context.Context, db DBTX, arg UpdateBranchProtectionRuleParams) error {

+	_, err := db.Exec(ctx, updateBranchProtectionRule,

+		arg.ID,

+		arg.Pattern,

+		arg.PreventForcePush,

+		arg.PreventDeletion,

+		arg.RequirePrForPush,

+		arg.AllowedPusherUserIds,

+	)

+	return err

+}

+

+const updateRepoDefaultBranch = `-- name: UpdateRepoDefaultBranch :exec

+UPDATE repos SET default_branch = $2, updated_at = now() WHERE id = $1

+`

+

+type UpdateRepoDefaultBranchParams struct {

+	ID            int64

+	DefaultBranch string

+}

+

+// Used by the default-branch settings handler. The on-disk HEAD update

+// is a separate step done via `git symbolic-ref` from the orchestrator.

+func (q *Queries) UpdateRepoDefaultBranch(ctx context.Context, db DBTX, arg UpdateRepoDefaultBranchParams) error {

+	_, err := db.Exec(ctx, updateRepoDefaultBranch, arg.ID, arg.DefaultBranch)

+	return err

+}

+

+const upsertBranchProtectionRule = `-- name: UpsertBranchProtectionRule :one

+INSERT INTO branch_protection_rules (

+    repo_id, pattern,

+    prevent_force_push, prevent_deletion, require_pr_for_push,

+    allowed_pusher_user_ids, created_by_user_id

+) VALUES (

+    $1, $2, $3, $4, $5, $6, $7::bigint

+)

+RETURNING id

+`

+

+type UpsertBranchProtectionRuleParams struct {

+	RepoID               int64

+	Pattern              string

+	PreventForcePush     bool

+	PreventDeletion      bool

+	RequirePrForPush     bool

+	AllowedPusherUserIds []int64

+	CreatedByUserID      pgtype.Int8

+}

+

+func (q *Queries) UpsertBranchProtectionRule(ctx context.Context, db DBTX, arg UpsertBranchProtectionRuleParams) (int64, error) {

+	row := db.QueryRow(ctx, upsertBranchProtectionRule,

+		arg.RepoID,

+		arg.Pattern,

+		arg.PreventForcePush,

+		arg.PreventDeletion,

+		arg.RequirePrForPush,

+		arg.AllowedPusherUserIds,

+		arg.CreatedByUserID,

+	)

+	var id int64

+	err := row.Scan(&id)

+	return id, err

+}

+type BranchProtectionRule struct {

+	ID                   int64

+	RepoID               int64

+	Pattern              string

+	PreventForcePush     bool

+	PreventDeletion      bool

+	RequirePrForPush     bool

+	AllowedPusherUserIds []int64

+	RequireSignedCommits bool

+	StatusChecksRequired []string

+	CreatedAt            pgtype.Timestamptz

+	UpdatedAt            pgtype.Timestamptz

+	CreatedByUserID      pgtype.Int8

+}

+

+	DeleteBranchProtectionRule(ctx context.Context, db DBTX, id int64) error

+	GetBranchProtectionRule(ctx context.Context, db DBTX, id int64) (BranchProtectionRule, error)

+	// SPDX-License-Identifier: AGPL-3.0-or-later

+	ListBranchProtectionRules(ctx context.Context, db DBTX, repoID int64) ([]BranchProtectionRule, error)

+	UpdateBranchProtectionRule(ctx context.Context, db DBTX, arg UpdateBranchProtectionRuleParams) error

+	// Used by the default-branch settings handler. The on-disk HEAD update

+	// is a separate step done via `git symbolic-ref` from the orchestrator.

+	UpdateRepoDefaultBranch(ctx context.Context, db DBTX, arg UpdateRepoDefaultBranchParams) error

+	UpsertBranchProtectionRule(ctx context.Context, db DBTX, arg UpsertBranchProtectionRuleParams) (int64, error)

+type BranchProtectionRule struct {

+	ID                   int64

+	RepoID               int64

+	Pattern              string

+	PreventForcePush     bool

+	PreventDeletion      bool

+	RequirePrForPush     bool

+	AllowedPusherUserIds []int64

+	RequireSignedCommits bool

+	StatusChecksRequired []string

+	CreatedAt            pgtype.Timestamptz

+	UpdatedAt            pgtype.Timestamptz

+	CreatedByUserID      pgtype.Int8

+}

+

+type BranchProtectionRule struct {

+	ID                   int64

+	RepoID               int64

+	Pattern              string

+	PreventForcePush     bool

+	PreventDeletion      bool

+	RequirePrForPush     bool

+	AllowedPusherUserIds []int64

+	RequireSignedCommits bool

+	StatusChecksRequired []string

+	CreatedAt            pgtype.Timestamptz

+	UpdatedAt            pgtype.Timestamptz

+	CreatedByUserID      pgtype.Int8

+}

+