The current system roles are a mess of different branch protection rules -
many roles have none - and the ones that do have rules are very
inconsistent. In addition, it is quite difficult to manage a dozen or so
different rules, and a dozen or so status checks, among 2 dozen repos.
https://github.com/linux-system-roles/.github/pull/16 remedies that
* central management of branch protection rules, with some allowance of
per-role changes
* consistent, secure rules for all system roles repos
This solution uses the github graphql api -
https://docs.github.com/en/graphql - which is their next generation api
(the current generation api is the REST api).
One consequence is that it will be harder (for most roles, anyway) to merge
PRs - PR status checks must pass, PRs must be approved by a code owner,
admins cannot bypass these checks, et. al.
We're currently working on improving the names of the baseos ci status
checks - those will be added in the near future - for now we just have the
Fedora statuses.