Document and backup rulesets

[joselsegura]

Description

Add a directory with the export of the existing rule sets in order to serve as reference for other repositories and as documentation for the future.

Type of change

• Documentation update

Testing steps

N/A

[ikerreyes]

Can you document which is each of the bypass actors?

[joselsegura]

Can you document which is each of the bypass actors?

What do you mean? I explained it briefly in the README, what more info is needed about the actors?

[ikerreyes]

Can you document which is each of the bypass actors?

What do you mean? I explained it briefly in the README, what more info is needed about the actors?

I meant which ID corresponds to which one. If we get an email whatever saying that we need to drop some app and onboard another, it is easier to check which one is each. I guess they are in the same order, in which case it does not matter much.

[coderabbitai]

Summary by CodeRabbit

• Documentation

  • Added documentation describing GitHub branch protection implementation through rulesets, including configuration guidance, enforcement details, and important import considerations.

• Chores

  • Added three branch protection ruleset configuration files defining pull request approval requirements, code owner reviews, status check enforcement, merge method restrictions, and bypass configurations.

Walkthrough

Added documentation and configuration files for GitHub branch protection rulesets. A README.md file explains three ruleset JSON configurations that enforce branch protection policies: prodsec_branch_protection.json for production security controls, min_obsint_reviewers.json for minimum review requirements, and status_checks.json for required status check validation.

Changes

Cohort / File(s)	Summary
GitHub Rulesets Documentation github-rulesets/README.md	Comprehensive documentation describing GitHub ruleset implementation, listing exported ruleset files, enumerating key enforcement behaviors (branch deletion, force-push blocking, review requirements, stale review dismissal, merge methods), documenting actor IDs for bypass configuration, and noting that status checks are repository-specific.
GitHub Rulesets Configuration github-rulesets/prodsec_branch_protection.json, github-rulesets/min_obsint_reviewers.json, github-rulesets/status_checks.json	Three active branch protection ruleset configurations targeting the default branch: prodsec policy enforces deletion/force-push blocking with 1 approval and last-push requirement; min_obsint policy requires 2 approvals with code owner review; status_checks policy requires Linters status check with zero approval requirements. All include integration bypass actors configured in exempt mode.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding documentation and backups of GitHub rulesets to the repository.
Description check	✅ Passed	The description is directly related to the changeset, explaining the purpose of adding a rulesets directory as reference and documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

github-rulesets/README.md (1)

17-17: Optional: Consider simplifying phrasing.

The phrase "in order to" can be simplified to "to" for more concise writing.

✍️ Suggested simplification

Line 17:

-It has a bypass for both RedHat Konflux and our own bots in order to allow the auto-merge for
+It has a bypass for both RedHat Konflux and our own bots to allow the auto-merge for

Line 32:

-It has a bypass for both RedHat Konflux and our own bots in order to allow the auto-merge for
+It has a bypass for both RedHat Konflux and our own bots to allow the auto-merge for

Also applies to: 32-32

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@github-rulesets/README.md` at line 17, Replace the verbose phrase "in order
to" with the simpler "to" in the README occurrences; specifically update the
sentence starting "It has a bypass for both RedHat Konflux and our own bots in
order to allow the auto-merge for" and the other line containing "in order to"
(line with similar phrasing) so they read "...bots to allow the auto-merge for"
and the analogous simplified form.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@github-rulesets/README.md`:
- Line 17: Replace the verbose phrase "in order to" with the simpler "to" in the
README occurrences; specifically update the sentence starting "It has a bypass
for both RedHat Konflux and our own bots in order to allow the auto-merge for"
and the other line containing "in order to" (line with similar phrasing) so they
read "...bots to allow the auto-merge for" and the analogous simplified form.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 2d38e6f0-2394-4cde-b210-4c60b7bbcc13

📥 Commits

Reviewing files that changed from the base of the PR and between ef3d884 and 1db1ae8.

📒 Files selected for processing (4)

• github-rulesets/README.md
• github-rulesets/min_obsint_reviewers.json
• github-rulesets/prodsec_branch_protection.json
• github-rulesets/status_checks.json