Open toddysm opened 1 year ago
If a code owner created the PR, is that one approval? I am assuming only approvals from code owners count.
That is correct @TerryHowe - only codeowners count. And no, this is in addition to the person who submitted the PR as far as I know. We can have a relaxed policy and ask for 2 codeowner approvals only.
Few comments:
release/*
does not apply to libraries. Besides, we have a special branch named v1
.It is worth noting that "require branches to be up to date before merging" somehow conflicts with "dismiss stale PR approvals when new commits are pushed".
I am confused with that you mean with "release doesn't apply to libraries". Is this about the branch name of is it because we do not "release" libraries? Also, it will be good to be consistent with the branch names across all ORAS projects. Also, see some comments from https://github.com/oras-project/oras/issues/862#issuecomment-1476499235 they apply here too.
This issue is stale because it has been open for 60 days with no activity. Remove the stale label or comment to prevent it from being closed in 30 days.
To improve the security of the ORAS project we need to enforce the branch policies for this repository. I propose that we enforce the policies as follows:
main
andrelease/*
branches:Please add your comments and proposals for additional changes to this issue.