Disable enforcing branch-protection for admins

[plowin]

• This disables the following branch-protection rule for the repos haproxy-boshrelease and pcap-release

  Do not allow bypassing the above settings
  The above settings will apply to administrators and custom roles with the “bypass branch protections” permission

• As we have mandatory tests, this setting prevents our bot CFN-CI to push a PR to the main branches. Instead, we get this error when trying to push via the job shipit

  remote: error: GH006: Protected branch update failed for refs/heads/master.        
  remote: error: 2 of 2 required status checks are expected.        
  To https://github.com/cloudfoundry/haproxy-boshrelease
   ! [remote rejected] HEAD -> master (protected branch hook declined)
  error: failed to push some refs to 'https://github.com/cloudfoundry/haproxy-boshrelease'
  failed with non-rebase error
  

• Allowing this CI user to bypass PR creation is not sufficient
• We suggest to soften these rules and avoid more manual work by piping the respective changes during a relase through a PR/review-process

[plowin]

FYI @ameowlia as WG-lead

[stephanme]

There is an option to bypass mandatory PR reviews and WG bots are exempted from reviews. There seems to be no option for bypassing status checks, probably because they are normally automatic and are supposed to be green. But you would need a PR (a branch) in addition to get status check results.

If you really need to bypass status checks, then disabling branch protection for admins might be your only option. The side effect is that WG leads and TOC members can commit directly to the main branch of your projects. In ARD WG this led once to unnecessary additional effort.

[plowin]

Correct, we would accept this risk and can also move back if needed.

Also, we have unit/acceptance tests for the master branch. I think we will catch accidents caused from unintended admin-merges.

[ameowlia]

🙏 I will do my best not to push to your branches.