Prerequisites

• Protected branches in private repositories are only available in GitHub Team and Enterprise plans
• Managing branch protection rules requires admin permissions or a custom role
• Configuring the app requires committing a YAML file to your default branch
• Overriding a failed deployment requires admin permissions
  • An option to bypass directly from the pull request as a non-admin user is coming soon

Installation

The Nunnda app is available to install from the GitHub Marketplace.

1. Depending on your chosen plan Click 'Install it for free' (or 'Try free for 14 days' or 'Buy with GitHub').
   

   

2. Choose to install in your personal account or an organization you are an owner of.
   

   

3. Select all or some repositories you want the app to work with.
   

   

4. Follow the OAuth flow to authorize the installation as your personal user.
   

   

5. Once complete you will be redirected to the Limmnock app domain to see a success message.
   

   

Configuration

Single config file

Nunnda needs to know which is your default i.e. protected branch and which is the deployment workflow you want to monitor. These need to be configured in a YAML file located at <project-root>/.github/nunnda.yml. The default branch is called deploy_branch and the workflow file is named deploy_file.

deploy_branch:
  name: main
deploy_file:
  path: .github/workflows/deployment.yml

This is the only file Nunnda can read in your repository. See Single File Permissions below.

Branch protection rules

For each repository that you installed Nunnda, you need to configure a branch protection rule. Two items must be set:

• Enable 'Require a pull request before merging'
• Enable 'Require status checks to pass before merging'

Technically, pull requests are not required to create check runs, but Nunnda is designed to scan open pull requests. In future there may be an option to scan all commit SHAs in a repository.

Search for and choose 'Check Deployment Complete'. Note: a check will not show in the search box until it has been run once. It will also not show if it ran more than a week ago.

Permissions

• Write access to a single file located at .github/nunnda.yml, meaning Nunnda doesn't need to access any of the code in your repository (Note: this is missing in the GitHub documentation)
  • Read access is required to read your repository configuration e.g. default branch
  • Write access is required to allow adding a default configuration file (coming soon)
• Read and write access to checks
  • Write access is required to create check runs on open pull requests
• Read access to actions
  • Read access is required to list workflow runs for a workflow to determine the status e.g. 'complete' and conclusion e.g. 'success'
• Read access to pull requests
  • Read access is required to list open PRs, so they can be locked or unlocked
• Read access to metadata
  • Read access is not directly required by Nunnda as this is mandatory for all GitHub apps