Implement bypass actors for rulesets based on allowed_merge_teams and merge_bots #2192
Description
Summary
When creating rulesets from branch protection configurations, we need to add bypass actors based on allowed_merge_teams and merge_bots to allow specific teams and bots to bypass the ruleset restrictions.
Current Behavior
The construct_ruleset function creates rulesets with merge queue enabled but doesn't populate the bypass_actors field. This means that teams and bots that were previously allowed to push directly via branch protections won't have equivalent bypass permissions in rulesets.
Expected Behavior
Rulesets should include bypass actors that match the behavior of branch protections:
- Teams listed in
allowed_merge_teamsshould be added as bypass actors - Bots listed in
merge_bots(e.g., Homu, rust-timer) should be added as bypass actors
Technical Details
Location: sync-team/src/github/mod.rs, function construct_ruleset (around line 951-952)
The challenge is that bypass actors require:
- Team IDs (not just team names) - requires fetching team information from GitHub API
- User IDs for bots - requires resolving bot usernames to GitHub user IDs
Implementation Notes
- Need to add API calls to fetch team IDs from team names
- Need to map bot names to their GitHub user IDs
- May need to pass
SyncGitHubcontext toconstruct_rulesetto access the GitHub API client
Related Code
The branch protection equivalent uses PushAllowanceActor:
let mut push_allowances: Vec<PushAllowanceActor> = branch_protection
.allowed_merge_teams
.iter()
.map(|team| api::PushAllowanceActor::Team(...))
.collect();