Automations: preventing direct commits to preview?

[bernhold]

It would be useful to be better protect the preview branch from misuse.

We already have an automation to reject PRs opened against it.

Can we prevent direct commits as well?

The challenge with this is that the preview branch automations need to commit to preview to do their jobs. Maybe we can restrict based on which user -- if all of the automations come from a distinct (faux) user (e.g., git-automation). But I'm not yet clear that is the case. I think that direct commits to master, when they're mirrored into preview, appear under the original user's identity. Might be able to work around that if we always rebuild preview from scratch when commits are made to master.

[bernhold]

@bartlettroscoe, do you know any way to accomplish this? There are two ways things should get onto the preview branch:

1) Commits to PRs (labeled for preview) are merged by an action 2) Commits to main are merged by an action

I don't see anything in branch protections that seems likely to help here. Presumably locking the branch prevents any changes. Restricting who can push seems problematic because the commits being merged come from all kinds of people, even though the GH actions bot is the one doing the work.

Thoughts?

[markcmiller86]

I dunno if it is the same thing but I did try to submit a PR (directly on GitHub) that was a merge to preview and that got closed automagically by some of our checks.