Skip to content

[INFRA] Set up default rulesets for default and release branches#898

Open
asf-gitbox-commits wants to merge 1 commit into
masterfrom
infrastructure-ruleset-bot/default-branch-protection
Open

[INFRA] Set up default rulesets for default and release branches#898
asf-gitbox-commits wants to merge 1 commit into
masterfrom
infrastructure-ruleset-bot/default-branch-protection

Conversation

@asf-gitbox-commits
Copy link
Copy Markdown

@asf-gitbox-commits asf-gitbox-commits commented May 15, 2026

This Pull Request enables the repository to conform with the "sane default security settings" of the Apache Software Foundation by configuring a default branch ruleset that protects the default branch and any release branches.

Note that ~DEFAULT_BRANCH is a GitHub symbolic link to the current default branch (HEAD) of the repository and does not need changing.
If the managing project does not wish to set up these defaults, please close this Pull Request. Alternatively, the project may merge this Pull Request to apply the changes immediately.

If no action is taken, this Pull Request will be automatically merged by the Apache Infrastructure team on 2026-06-14 (30 days from now).

For any further information, please reach us on Slack or at: users@infra.apache.org

tomaswolf
tomaswolf reviewed May 16, 2026
View reviewed changes
Comment thread .asf.yaml
includes:
- "~DEFAULT_BRANCH"
- "release/*"
- "rel/*"
Copy link
Copy Markdown
Member

@tomaswolf tomaswolf May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't have "release/*" or "rel/*" branches. If we did branches for releases (which will come once we publish 3.0.0), I think I'd rather name them "rel_*". Currently we just tag releases.

But in any case that can be done once we do have release branches. At this point adding these two patterns is YAGNI.

Comment thread .asf.yaml
- "rel/*"
excludes: []
bypass_teams:
- root
Copy link
Copy Markdown
Member

@tomaswolf tomaswolf May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who is this team "root"? Is there a team for PMC members? I'd like to have at least someone in the Apache MINA PMC to have the rights to bypass these restrictions.

Comment thread .asf.yaml
bypass_teams:
- root
restrict_deletion: true
restrict_force_push: true
Copy link
Copy Markdown
Member

@tomaswolf tomaswolf May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This just restricts force pushes, right? Direct fast-forward pushes are still possible?

Comment thread .asf.yaml
excludes: []
bypass_teams:
- root
restrict_deletion: true
Copy link
Copy Markdown
Member

@tomaswolf tomaswolf May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If someone creates a "rel" or "release" branch by mistake, how can I then remove that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomaswolf tomaswolf tomaswolf left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asf-gitbox-commits @tomaswolf