Locking down the master branch

[larsbergstrom]

We already have disabled force-push to master and prevent it from being deleted in servo/servo.

I'd like to propose:

1. No "require status checks before merging", since the CI handles that. Same as today.

2. DO add "restrict who can push" and make it exclusively bors-servo. Different from today.

I am assuming that by adding the restriction to push, it will also disable the Big Green Button for everybody. I'm attaching a screenshot of the options we have available:

cc @metajack @edunham

Might also be interesting to @alexcrichton @brson

[highfive]

cc @aneeshusa

[larsbergstrom]

Oh, one icky bit is that you can't remove the "organization and repository administrators." So it'd be @bors-servo + servo/Administrators. Currently, that's only six of us, which is much better, but still not as small as would be ideal.

[metajack]

That seems to drastically reduce the surface area, even if we can't disable administrators. +1 from me.

[alexcrichton]

@larsbergstrom thanks for the heads up! This is actually exactly what we have on rust-lang/rust right now, and we're also sad that we can't turn off our own push access :)

[KiChjang]

I would not want @bors-servo to be the only account with push access because occasionally we may need the larsbors.

[larsbergstrom]

@KiChjang fortunately, I have the @bors-servo password and can pretend to be a robot with the best of 'em :-)

[larsbergstrom]

@edunham pointed out that we should probably do this for all the repos in homu's cfg.toml that we run the autolander on.

[larsbergstrom]

OK, after chatting with @edunham I've rolled this out for servo/servo. We can follow up on the other repositories.

[wafflespeanut]

That big green button was truly itching (and scary!) 😄

[aneeshusa]

It looks like there is an experimental GitHub API we could use to enforce some of these permissions automatically (via Homu? via cron?).

[notriddle]

That API doesn't let you do anything you can't do from the UI anyway.

[aneeshusa]

@notriddle right, but being able to do it via an API is nice for two reasons:

• we can add it to our script to setup homu on a repository (note, WIP) for new repositories
• we can check the API every so often to ensure compliance for existing repositories

We use tons of repos, so automating settings like these is a time-saver (and also useful for auditing and consistency).

[edunham]

branch protection etc tracking issue is over at #17626

[nox]

This has been done after I pushed a rustup on master in a moment of complete confusion. Teehee.