search

carvel-dev / carvel

Carvel provides a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes. This repo contains information regarding the Carvel open-source community.
https://carvel.dev/
Apache License 2.0
373 stars 110 forks source link

Turn on two-person approval strategy for all established repos #602

Closed aaronshurley closed 1 year ago

aaronshurley commented 1 year ago

Describe the problem/challenge you have To reduce the attack surface for bad actors to get rogue code into our repositories we need to adopt a two-person approval strategy.

Describe the solution you'd like Every change MUST be agreed to by at least two developers (one of whom may be the submitter) prior to integration into the repository. Controls must be in place to ensure that a trusted engineer cannot act as a second trusted engineer on their own submission

Anything else you would like to add: We will focus on the "established" repos for this change for now:

aaronshurley commented 1 year ago

To turn on branch protection rules:

  1. In the repo, go to Settings.
  2. Go to Branches.
  3. Find the branch that you want to protect (e.g. develop) and edit its rules.
  4. Select Require a pull request before merging and set Require approvals to 1.
  5. Click Save changes.
aaronshurley commented 1 year ago

Validated that all established repos already had this enabled.