search

RMI-PACTA / pacta.data.preparation

The goal of {pacta.data.preparation} is to prepare and format all input datasets required to run the PACTA for investors tools.
https://rmi-pacta.github.io/pacta.data.preparation/
Other
1 stars 0 forks source link

security: add branch protections to prevent accidental pushes to `main` #14

Closed jdhoffa closed 4 months ago

jdhoffa commented 5 months ago

This shouldn't be possible for anyone (even admins).

Originally posted by @cjyetman in https://github.com/RMI-PACTA/pacta.data.preparation/issues/309#issuecomment-1997177376

cjyetman commented 5 months ago

and figure out how to make it actually work, e.g. prevent any accidental by-passing of those protections

for clarification, branch protection on main is in place but I was still able to accidentally push directly to main from my local machine

AlexAxthelm commented 5 months ago

Found this just now (emphasis added):

By default, the restrictions of a branch protection rule don't apply to people with admin permissions to the repository or custom roles with the "bypass branch protections" permission.

https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches

I'll be setting up a demo repo to explore rulesets later today.

AlexAxthelm commented 5 months ago

Related: https://github.com/RMI-PACTA/actions/pull/71

cjyetman commented 4 months ago

this repo currently has:

Screenshot 2024-04-29 at 11 49 49 Screenshot 2024-04-29 at 11 49 56
jdhoffa commented 4 months ago

Confirming that this works (even for admins)

Screenshot 2024-04-29 at 11 57 04