Branch Protection Rules

[fabian-hk]

I am not sure if we already have branch protection rules for the main branch because I can't configure them. My suggestion would be to set the following rules to ensure that every change to the main branch must be reviewed:

• Require a pull request before merging
  • Require approvals (Required number of approvals before merging: 1)
  • Dismiss stale pull request approvals when new commits are pushed
  • Require review from Code Owners
  • Require approval of the most recent reviewable push (I guess that would make sense, but as long as @TWal is the only code owner, this option can't be used.)
• Require conversation resolution before merging
• Do not allow bypassing the above settings

@TWal If you want, I can become a code owner in the future to help review PRs. Then we can also enforce the rule that a PR must be approved by someone other than the person who pushed the last commit (Require approval of the most recent reviewable push).

[TWal]

I added such a rule, thanks for the tips! It will only be effective once the repo becomes public though.

[fabian-hk]

@TWal In my understanding, the branch protection rules only apply to people with write access to the repo. So basically everybody in the reprosec team. Everybody not in this team can't push to the repo and, therefore, needs to fork the repo and create PRs independent of the branch protection rules.

[TWal]

Ah sorry, I meant that we need to pay GitHub to have branch protection rules on private repositories (which we don't), so they are not enforced right now, but they will be when the repo becomes public.