-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chore: enable branch protection eclipse-tractusx.github.io main branch #43
Chore: enable branch protection eclipse-tractusx.github.io main branch #43
Conversation
This comment has been minimized.
This comment has been minimized.
@eclipse-tractusx/eclipsefdn-security will this modified for the hole org? just want to enable this for eclipse-tractusx.github.io
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think 2 reviews should be fine.
Our Code Reviews sections proposes a two step approach anyways. A "business" review and another one from a committer, that is anyway needed.
otterdog/eclipse-tractusx.jsonnet
Outdated
branch_protection_rules: [ | ||
orgs.newBranchProtectionRule('main') { | ||
dismisses_stale_reviews: true, | ||
required_approving_review_count: 2, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would highly vote for 1 required approving reviewer. 2 would be very hard for small teams. But maybe we can recommend 2 reviewers (in a TRG?) but enforce 1 reviewer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As this PR is not introduceing branch protection and required review count to the GH Org but to the eclipse-tractusx/eclipse-tractusx.github.io repo only, I would like to require 2 reviewers. For this repository enough stakeholders should be available doing reviews.
Maybe we should also think about to introcude .github/CODEOWNERS
(for eclipse-tractusx/eclipse-tractusx.github.io). Code owners are automatically assigned to new PRs:
https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the idea of a .github/CODEOWNERS
file would be pretty useful. This would also solve the problem of Issues and PRs not associated. We could divide it for every section (like KIT etc.).
no, the setting will only be used for the repo you defined it for, see also the summary: btw. a required_approving_review_count of 2 is the default, so you dont have to specify it, unless you want to set it to a different value. btw. other projects defined some custom branch protection rules that can then be easily applied for a repo like that: https://github.com/eclipse-set/.eclipsefdn/blob/main/otterdog/eclipse-set.jsonnet#L3 Maybe of interest for tractus-x as well. |
that was my intention 1 vote from "business" and 1 from a committer after reading the discussion with @carslen and @mhellmeier @SebastianBezold we have:
and with the hint from @netomi i would clear this section that we can use the default setting for branch protection. Think will wait for a project lead vote, because of the idea with "business" votes.. 😃 @ participants, thanks for your feedback. |
@FaGru3n lets do it. it will also be very good for proper coop |
@FaGru3n sounds good. Thumbs up |
Diff for b500deb:Printing local diff for configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json'
Actions are indicated with the following symbols:
+ create
! modify
! forced update
- delete
Organization eclipse-tractusx[id=eclipse-tractusx]
there have been 41 validation infos, enable verbose output with '-v' to to display them.
+ add branch_protection_rule[pattern="main", repository="eclipse-tractusx.github.io"] {
+ allows_deletions = false
+ allows_force_pushes = false
+ blocks_creations = false
+ bypass_force_push_allowances = []
+ bypass_pull_request_allowances = []
+ dismisses_stale_reviews = true
+ is_admin_enforced = false
+ lock_allows_fetch_and_merge = false
+ lock_branch = false
+ pattern = "main"
+ require_last_push_approval = false
+ required_approving_review_count = "2"
+ required_status_checks = [
+ "eclipse-eca-validation:eclipsefdn/eca"
+ ],
+ requires_code_owner_reviews = false
+ requires_commit_signatures = false
+ requires_conversation_resolution = false
+ requires_deployments = false
+ requires_linear_history = false
+ requires_pull_request = true
+ requires_status_checks = true
+ requires_strict_status_checks = false
+ restricts_pushes = false
+ restricts_review_dismissals = false
+ }
Plan: 1 to add, 0 to change, 0 to delete. Showing diff to a canonical version of the configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json'
Organization eclipse-tractusx[id=eclipse-tractusx] |
FYI:
|
we have:
|
let me know when you have agreed on a number of approvals. |
@FaGru3n we might set it to 1 for other repos, but for this repo i think 2 reviewers are fine 👍 |
Looks like this has been stabilized, lets get this merged, you can easily change if needed ofc. |
change is live. |
Description
fixes eclipse-tractusx/eclipse-tractusx.github.io#515
FYI:
@stephanbcbauer @mhellmeier @Siegfriedk @danielmiehle
Pre-review checks
Please ensure to do as many of the following checks as possible, before asking for committer review: