From 379d87de037bee3c79a5c658387b6c3ae678b5fc Mon Sep 17 00:00:00 2001
From: Karl Rister <krister@redhat.com>
Date: Mon, 3 Mar 2025 10:39:30 -0600
Subject: [PATCH 1/3] add branch protection ruleset files for the default and
 release branches

---
 .github/rulesets/branches/default-branch.json | 50 +++++++++++++++++++
 .github/rulesets/branches/releases.json       | 38 ++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 .github/rulesets/branches/default-branch.json
 create mode 100644 .github/rulesets/branches/releases.json

diff --git a/.github/rulesets/branches/default-branch.json b/.github/rulesets/branches/default-branch.json
new file mode 100644
index 0000000..0b6bf79
--- /dev/null
+++ b/.github/rulesets/branches/default-branch.json
@@ -0,0 +1,50 @@
+{
+  "id": 3929385,
+  "name": "default-branch",
+  "target": "branch",
+  "source_type": "Repository",
+  "source": "perftool-incubator/tool-sysstat",
+  "enforcement": "active",
+  "conditions": {
+    "ref_name": {
+      "exclude": [],
+      "include": [
+        "~DEFAULT_BRANCH"
+      ]
+    }
+  },
+  "rules": [
+    {
+      "type": "deletion"
+    },
+    {
+      "type": "non_fast_forward"
+    },
+    {
+      "type": "pull_request",
+      "parameters": {
+        "required_approving_review_count": 1,
+        "dismiss_stale_reviews_on_push": true,
+        "require_code_owner_review": false,
+        "require_last_push_approval": false,
+        "required_review_thread_resolution": true,
+        "allowed_merge_methods": [
+          "merge"
+        ]
+      }
+    },
+    {
+      "type": "required_status_checks",
+      "parameters": {
+        "strict_required_status_checks_policy": true,
+        "do_not_enforce_on_create": false,
+        "required_status_checks": [
+          {
+            "context": "call-tool-crucible-ci / tool-crucible-ci-complete"
+          }
+        ]
+      }
+    }
+  ],
+  "bypass_actors": []
+}
\ No newline at end of file
diff --git a/.github/rulesets/branches/releases.json b/.github/rulesets/branches/releases.json
new file mode 100644
index 0000000..e79e1f6
--- /dev/null
+++ b/.github/rulesets/branches/releases.json
@@ -0,0 +1,38 @@
+{
+  "id": 3929373,
+  "name": "releases",
+  "target": "branch",
+  "source_type": "Repository",
+  "source": "perftool-incubator/tool-sysstat",
+  "enforcement": "active",
+  "conditions": {
+    "ref_name": {
+      "exclude": [],
+      "include": [
+        "refs/heads/20[2-9][0-9]\\.[1234]"
+      ]
+    }
+  },
+  "rules": [
+    {
+      "type": "deletion"
+    },
+    {
+      "type": "non_fast_forward"
+    },
+    {
+      "type": "pull_request",
+      "parameters": {
+        "required_approving_review_count": 1,
+        "dismiss_stale_reviews_on_push": true,
+        "require_code_owner_review": false,
+        "require_last_push_approval": false,
+        "required_review_thread_resolution": true,
+        "allowed_merge_methods": [
+          "merge"
+        ]
+      }
+    }
+  ],
+  "bypass_actors": []
+}
\ No newline at end of file

From 9ba6c51af800ab97a26671711c0cac44ccc94045 Mon Sep 17 00:00:00 2001
From: Karl Rister <krister@redhat.com>
Date: Mon, 3 Mar 2025 10:39:56 -0600
Subject: [PATCH 2/3] add a README.md documenting the purpose of the GitHub
 ruleset storage

---
 .github/rulesets/README.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .github/rulesets/README.md

diff --git a/.github/rulesets/README.md b/.github/rulesets/README.md
new file mode 100644
index 0000000..49036d3
--- /dev/null
+++ b/.github/rulesets/README.md
@@ -0,0 +1 @@
+The files stored here are for documentation / tracking purposes only.  They must be loaded into the GitHub web GUI to be "active" -- there presence here does not result in any behavioral changes by GitHub.

From bcf0afce3345f9615d6a115fb7b3d7cbf7ef1b8e Mon Sep 17 00:00:00 2001
From: Karl Rister <krister@redhat.com>
Date: Mon, 3 Mar 2025 10:40:46 -0600
Subject: [PATCH 3/3] update the GitHub workflows to ensure that changes to
 GitHub rulesets result in the invocation of the faux workflows

---
 .github/workflows/crucible-ci.yaml      | 1 +
 .github/workflows/crucible-merged.yaml  | 1 +
 .github/workflows/faux-crucible-ci.yaml | 1 +
 3 files changed, 3 insertions(+)

diff --git a/.github/workflows/crucible-ci.yaml b/.github/workflows/crucible-ci.yaml
index 199b5a0..28c1592 100644
--- a/.github/workflows/crucible-ci.yaml
+++ b/.github/workflows/crucible-ci.yaml
@@ -6,6 +6,7 @@ on:
     paths-ignore:
       - LICENSE
       - '**.md'
+      - '.github/rulesets/**'
       - .github/workflows/run-crucible-tracking.yaml
       - .github/workflows/crucible-merged.yaml
       - .github/workflows/faux-crucible-ci.yaml
diff --git a/.github/workflows/crucible-merged.yaml b/.github/workflows/crucible-merged.yaml
index e74fdd0..43ee023 100644
--- a/.github/workflows/crucible-merged.yaml
+++ b/.github/workflows/crucible-merged.yaml
@@ -7,6 +7,7 @@ on:
     paths-ignore:
       - LICENSE
       - '**.md'
+      - '.github/rulesets/**'
       - .github/workflows/run-crucible-tracking.yaml
       - .github/workflows/faux-crucible-ci.yaml
       - 'docs/**'
diff --git a/.github/workflows/faux-crucible-ci.yaml b/.github/workflows/faux-crucible-ci.yaml
index b99dad7..cb1f09d 100644
--- a/.github/workflows/faux-crucible-ci.yaml
+++ b/.github/workflows/faux-crucible-ci.yaml
@@ -6,6 +6,7 @@ on:
     paths:
       - LICENSE
       - '**.md'
+      - '.github/rulesets/**'
       - .github/workflows/run-crucible-tracking.yaml
       - .github/workflows/crucible-merged.yaml
       - .github/workflows/faux-crucible-ci.yaml