Add branch protections (#250)

Co-authored-by: Yethal <nosuchemail@email.com>

github/branch-protections/README.md

@@ -0,0 +1,12 @@
+# Branch Protections
+
+### Definition
+
+Do you have hundreds or thousands of GitHub repositories in your organization? Are you tired of manually managing their branch protection rules? Don't! Let nushell do it for you!
+
+### Setup
+1. Replace placeholder data in .nu script with your own (or remove the appropriate fields if you don't need to i.e push to repo from action)
+1. Create a repo in your organization account to store the github action
+1. Push both the attached script and the github action to the repo
+### Possible future improvements
+* Instead of cron run the script on repository creation event (once org level actions become a thing in GitHub)

github/branch-protections/branch-protections.nu

@@ -0,0 +1,42 @@
+!/usr/bin/env nu
+let protections = {
+    required_status_checks: {
+        strict: true
+        checks: [
+            {
+                context: 'YOUR CHECK HERE'
+                app_id: YOUR APP ID HERE
+            }
+        ]
+    }
+    required_pull_request_reviews: {
+        dismiss_stale_reviews: true
+        require_code_owner_reviews: true
+        bypass_pull_request_allowances: {
+            apps: [
+                YOUR APP HERE
+            ]
+        }
+    }
+    restrictions: {
+        users: []
+        teams: []
+        apps: [
+           YOUR APP HERE
+        ]
+    }
+    enforce_admins: true
+    required_linear_history: true
+    require_conversation_resolution: true
+    allow_deletions: false
+    allow_force_pushes: false
+}
+gh api $"orgs/($env.OWNER)/repos"
+|from json
+|select name default_branch
+|each {|repo|
+    echo $"Setting branch restrictions for ($repo.name)"
+    $protections
+    |to json
+    |gh api -X PUT $"repos/($env.OWNER)/($repo.name)/branches/($repo.default_branch)/protection" --input -
+}

github/branch-protections/branch-protections.yml

@@ -0,0 +1,25 @@
+---
+name: Add branch protections to all repositories
+'on':
+  schedule:
+    - cron: '0 * * * *'
+  workflow_dispatch:
+
+defaults:
+  run:
+    shell: nu {0}
+
+jobs:
+  set-branch-restrictions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Setup Nu
+        uses: hustcer/setup-nu@main
+        with:
+          version: '0.63.0'
+      - run: ./branch-protections.nu
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OWNER: ${{ github.repository_owner }}