Hi folks, including geb folks.
ASF infra are trying to align branch protection (stopping force
pushing or deletion) across ASF projects. This is only for permanent
version branches and release branches, not PR and temporary
feature/spike branches. This is deemed baseline best practice for
security reasons but in particular seems like a good thing as more
AI-enabled workflows might hit our repos.
I have already done this for the "asf-site" branch in groovy-website.
I plan to update the "groovy" repo by updating .asf.yml as follows:
rulesets:
- name: "Default branch protection"
type: branch
branches:
includes:
- "~DEFAULT_BRANCH"
- "GROOVY_*_X"
- "REL_BRANCH_*"
- "REL-BRANCH-*"
restrict_deletion: true
restrict_force_push: true
The "REL*" branches are legacy ones from codehaus days but we might as
well just cover them all.
And "groovy-geb" with:
rulesets:
- name: "Default branch protection"
type: branch
branches:
includes:
- "~DEFAULT_BRANCH"
- "GEB_*_X"
restrict_deletion: true
restrict_force_push: true
Let me know if you see any problems with this.
Cheers, Paul.
