The Engineering Workflow team enabled a hook in July which asked people to provide a reason for directly pushing to hg.mozilla.org. Since it was enabled, we have seen the number of direct pushes decrease to a few per week.
Enabling developers to use standard tools to land reviewed code through a secure pipeline also allows us to enable new workflow capabilities such as running static analyzers, linters, and code formatting tools, while making hg.mozilla.org more secure by reducing the number of people who can access it directly. It also paves the way for decommissioning mozilla-inbound, which will simplify our tree management and reduce infrastructure costs. On Nov 14, 2019, we intend to change the permissions associated with Level 3 access to revoke direct push access to hg.mozilla.org on mozilla-inbound, mozilla-central, mozilla-beta, mozilla-release and esr repos. If you do need a patch landed outside the Phabricator/Lando pipeline such as in the case of bustage, please use the #checkin-needed process https://wiki.mozilla.org/Sheriffing/How_To/Landing_checkin-needed_patches and contact the sheriffs in #sheriffs in Slack or IRC to land your patch. Specific teams will retain direct access to hg.mozilla.org (now called Level 4) such as Sheriffs and Release Management. We expect everyone else to use the Phabricator/Lando pipeline, but exceptions may be granted for special situations with director-level approval. If this applies to you, please follow up with your manager. The Engineering Workflow team is committed to supporting and improving the productivity of developers working on Firefox. If you have questions or need help with tooling, please reach out to us in the #phabricator Slack channel. Kim _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
