Push to a remote repository force push mandatorily

[Benjamin-Loison]

warning

❗❗ This will force push to the remote repository. This will overwrite any changes in the remote repository! ❗❗

Source: https://docs.gitea.com/1.21/usage/repo-mirror#pushing-to-a-remote-repository

As the attacker could modify the repository files:

Enable integrated CI/CD pipelines with Forgejo Actions

is not a workaround.

For making a backup that an attacker having access to the initial repository could not disrupt.

Giving the ability to the hackable pusher to push also to a backup, make the hacked pusher able to destroy the backup except if no force push is allowed. This raises an interesting question if the synchronization is perfect, then force pushing is an issue. Can just disable force pushing for these repositories or if really want to then have to make an action that the pushing machine cannot do.

• Protected branch name pattern: main (* and ** do not seem to work for all branches but supporting all branches would be nice, need it preferably for Robust_image_source_identification_on_modern_smartphones)
• Push: Enable push

on https://codeberg.org/USER/REPOSITORY/settings/branches/edit are enough.

• All (public, private, and limited)
• repository Read and write

on https://codeberg.org/user/settings/applications are enough.

Authorization Password is enough.

For force pushing, also to backup repository, thanks to force pushing mirror behavior, just have to rename temporarily the branch to a not existing one at https://codeberg.org/USER/REPOSITORY/settings/branches/edit?rule_name=DEFAULT_BRANCH.

Related to Benjamin_Loison/nginx/issues/2.

[Benjamin-Loison]

Related to Robust_image_source_identification_on_modern_smartphones_backup.

[Benjamin-Loison]

Related to Benjamin_Loison/git/issues/69.