Hi all,
On 5.11.2025 20:38, Piotr P. Karwasz wrote:
> As you can see, there are currently no branch protection rules on the
> main branches of Commons repositories.
>
> I’d like to propose adding branch protection rules to `master` to:
>
> - prevent force pushes (like the test above), and
> - prevent branch deletion (this may already be enforced on the GitBox
> side, but I haven’t tested).
>
> In `.asf.yaml` [1], these rules are defined as:
>
> github:
> protected_branches:
> master: { }
>
> Any objections? I think enabling this basic protection is an important
> safeguard for all Commons projects.
I’m not sure if the lack of replies means tacit agreement or if my
previous message got missed. Are there any objections to introducing the
above rules?
They only prevent deletion and force pushes on the `master` branch.
I’d also appreciate your thoughts on the additional, optional rules below:
> github:
> protected_branches:
> contexts:
> - context: build (ubuntu-latest, 25, false)
> app: github-actions
> - context: CodeQL
> app: github-advanced-security
> pull_requests:
> allow_auto_merge: true
This configuration enables GitHub’s *auto-merge* feature, allowing PRs
to be merged automatically once all required CI checks succeed.
It also prevents merging (through GitHub) PRs if any of the explicitly
listed workflows fail, but that is something you might expect from a PR.
Additional useful options include:
- allow_update_branch: adds an "Update branch" button, making it easy to
rebase a PR branch onto `master` after fixes or build updates have been
pushed.
- del_branch_on_merge: automatically deletes a PR branch after it has
been merged, removing one extra step for committers.
Piotr
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]