Repository Settings

There are several settings to utilize the features provided by the project template. Although some of them are not strictly required, it is highly recommended finish these one-time jobs so as to benefit on the whole development lifecycle.

Branch protection

  1. Navigate to the Branch protection rules settings.

  2. Ensure a rule for the default main branch.

  3. Enable Require a pull request before merging with Require approvals and Dismiss stale pull request approvals when new commits are pushed enabled.

  4. Enable Require status checks to pass before merging and set ci and commitlint as required status checks.

  1. Navigate to the Repository settings and the Protected branches section.

  2. Ensure the default main branch is protected with Maintainers for Allowed to merge, No one for Allowed to push and merge and Allowed to force push disabled.

Tag protection

  1. Navigate to the Protected tags settings.

  2. Create a rule for tag name pattern v*.

  1. Navigate to the Repository settings and the Protected tags section.

  2. Add a rule with wildcard v* for Tag and Maintainers for Allowed to create.

Squash merge

  1. Navigate to the General settings and the Pull Requests section.

  2. Disable Allow merge commits and Allow rebase merging.

  3. Enable Allow squash merging and set Pull request title as Default commit message.

  1. Navigate to the Merge requests settings.

  2. Set Fast-forward merge for the Merge method.

  3. Set Require for the Squash commits when merging.

  4. Enable Pipelines must succeed in the Merge checks.

Pages

  1. Navigate to the GitHub Pages settings.

  2. Set GitHub Actions as Source.

Nothing need to do for GitLab Pages.

Package publish

  1. Navigate to the Actions secrets and variables settings.

  2. Set the variable PDM_PUBLISH_REPO, the repository (package index) URL to upload the package which defaults to https://pypi.org, the official PyPI.

  3. Set the variable PDM_PUBLISH_USERNAME, the username to authenticate to the repository (package index) which defaults to __token__, used for API token.

  4. Set the secret PDM_PUBLISH_PASSWORD, the password to authenticate to the repository (package index).

  1. Navigate to the CI/CD settings and the Variables section.

  2. Set the variable PDM_PUBLISH_REPO, the repository (package index) URL to upload the package, default to https://pypi.org, the official PyPI.

  3. Set the variable PDM_PUBLISH_USERNAME, the username to authenticate to the repository (package index), default to __token__, used for API token.

  4. Set the variable PDM_PUBLISH_PASSWORD with the Mask variable option for security, the password to authenticate to the repository (package index).

Renovate and semantic-release

There are two approaches, either with GitHub App or with personal access token (classic). GitHub App is the more recommended way to avoid the issues and pull requests tied to a particular user.

  1. Register a GitHub App with permission listed here and Repository administration: write permission as mentioned here.

  2. Generate a private key, and download the private key as a .pem file.

  3. Navigate to the Actions secrets and variables settings.

  4. Set App ID of the GitHub App as variable BOT_APP_ID.

  5. Set the content of the private key as secret BOT_PRIVATE_KEY.

  1. Create a personal access token (classic) with workflow scope.

  2. Navigate to the Actions secrets and variables settings and set the token as a secret PAT.

Note

You can set the scope of the variables and secrets to Repository or Organization according to actual requirements.

Either Group access tokens, Project access tokens or Personal access tokens can be used. The group or project access tokens are more recommended to avoid the issues and merge requests tied to particular user.

  1. Create a group access token, project access token or personal access token with Maintainer role and api, write_repository scope.

  2. Navigate to the CI/CD settings and the Variables section. Set the token as variable PAT with the Mask variable option for security.

  3. Navigate to the Pipeline schedules. Create a new schedule with */15 0-3 * * 1 as Interval Pattern and mark it as Activated.

Note

Although optional, creating a personal access token (classic) on GitHub is strongly recommended. This token only needs read-only access and will increase the rate limit for Renovate to fetch dependencies and changelogs from github.com. It can be from any account and should be set as the variable GITHUB_COM_TOKEN with the Mask variable option for security. For more information on setting this up, see Renovate’s documentation.