Looks right to me! On Wed, May 13, 2026 at 9:51 AM Paul King <[email protected]> wrote:
> Hi folks, including geb folks. > > ASF infra are trying to align branch protection (stopping force > pushing or deletion) across ASF projects. This is only for permanent > version branches and release branches, not PR and temporary > feature/spike branches. This is deemed baseline best practice for > security reasons but in particular seems like a good thing as more > AI-enabled workflows might hit our repos. > > I have already done this for the "asf-site" branch in groovy-website. > I plan to update the "groovy" repo by updating .asf.yml as follows: > > rulesets: > - name: "Default branch protection" > type: branch > branches: > includes: > - "~DEFAULT_BRANCH" > - "GROOVY_*_X" > - "REL_BRANCH_*" > - "REL-BRANCH-*" > restrict_deletion: true > restrict_force_push: true > > The "REL*" branches are legacy ones from codehaus days but we might as > well just cover them all. > > And "groovy-geb" with: > > rulesets: > - name: "Default branch protection" > type: branch > branches: > includes: > - "~DEFAULT_BRANCH" > - "GEB_*_X" > restrict_deletion: true > restrict_force_push: true > > Let me know if you see any problems with this. > > Cheers, Paul. >
