Chore: enable branch protection eclipse-tractusx.github.io main branch #43
Conversation
This comment has been minimized.
This comment has been minimized.
FaGru3n
changed the title
|
@eclipse-tractusx/eclipsefdn-security will this modified for the hole org? just want to enable this for eclipse-tractusx.github.io
|
There was a problem hiding this comment.
I think 2 reviews should be fine.
Our Code Reviews sections proposes a two step approach anyways. A "business" review and another one from a committer, that is anyway needed.
otterdog/eclipse-tractusx.jsonnet
Outdated
| branch_protection_rules: [ | ||
| orgs.newBranchProtectionRule('main') { | ||
| dismisses_stale_reviews: true, | ||
| required_approving_review_count: 2, |
There was a problem hiding this comment.
I would highly vote for 1 required approving reviewer. 2 would be very hard for small teams. But maybe we can recommend 2 reviewers (in a TRG?) but enforce 1 reviewer.
There was a problem hiding this comment.
As this PR is not introduceing branch protection and required review count to the GH Org but to the eclipse-tractusx/eclipse-tractusx.github.io repo only, I would like to require 2 reviewers. For this repository enough stakeholders should be available doing reviews.
Maybe we should also think about to introcude .github/CODEOWNERS (for eclipse-tractusx/eclipse-tractusx.github.io). Code owners are automatically assigned to new PRs:
https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
There was a problem hiding this comment.
I think the idea of a .github/CODEOWNERS file would be pretty useful. This would also solve the problem of Issues and PRs not associated. We could divide it for every section (like KIT etc.).
no, the setting will only be used for the repo you defined it for, see also the summary:
btw. a required_approving_review_count of 2 is the default, so you dont have to specify it, unless you want to set it to a different value. btw. other projects defined some custom branch protection rules that can then be easily applied for a repo like that: https://github.com/eclipse-set/.eclipsefdn/blob/main/otterdog/eclipse-set.jsonnet#L3 Maybe of interest for tractus-x as well. |
that was my intention 1 vote from "business" and 1 from a committer after reading the discussion with @carslen and @mhellmeier @SebastianBezold we have:
and with the hint from @netomi i would clear this section that we can use the default setting for branch protection. Think will wait for a project lead vote, because of the idea with "business" votes.. 😃 @ participants, thanks for your feedback. |
|
@FaGru3n lets do it. it will also be very good for proper coop |
|
@FaGru3n sounds good. Thumbs up |
Diff for b500deb:Printing local diff for configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json'
Actions are indicated with the following symbols:
+ create
! modify
! forced update
- delete
Organization eclipse-tractusx[id=eclipse-tractusx]
there have been 41 validation infos, enable verbose output with '-v' to to display them.
+ add branch_protection_rule[pattern="main", repository="eclipse-tractusx.github.io"] {
+ allows_deletions = false
+ allows_force_pushes = false
+ blocks_creations = false
+ bypass_force_push_allowances = []
+ bypass_pull_request_allowances = []
+ dismisses_stale_reviews = true
+ is_admin_enforced = false
+ lock_allows_fetch_and_merge = false
+ lock_branch = false
+ pattern = "main"
+ require_last_push_approval = false
+ required_approving_review_count = "2"
+ required_status_checks = [
+ "eclipse-eca-validation:eclipsefdn/eca"
+ ],
+ requires_code_owner_reviews = false
+ requires_commit_signatures = false
+ requires_conversation_resolution = false
+ requires_deployments = false
+ requires_linear_history = false
+ requires_pull_request = true
+ requires_status_checks = true
+ requires_strict_status_checks = false
+ restricts_pushes = false
+ restricts_review_dismissals = false
+ }
Plan: 1 to add, 0 to change, 0 to delete.Showing diff to a canonical version of the configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json'
Organization eclipse-tractusx[id=eclipse-tractusx] |
|
FYI:
|
|
we have:
|
|
let me know when you have agreed on a number of approvals. |
|
@FaGru3n we might set it to 1 for other repos, but for this repo i think 2 reviewers are fine 👍 |
|
Looks like this has been stabilized, lets get this merged, you can easily change if needed ofc. |
|
change is live. |
Description
fixes eclipse-tractusx/eclipse-tractusx.github.io#515
FYI:
@stephanbcbauer @mhellmeier @Siegfriedk @danielmiehle
Pre-review checks
Please ensure to do as many of the following checks as possible, before asking for committer review: