Closed jnsgruk closed 10 months ago
jnsgruk
commented
10 months ago @merlijn-sebrechts might be worth adjusting the protected branch settings so they only apply to candidate :)
In fact - I need to push a change here and can't - I'll wait on the branch not being protected.
merlijn-sebrechts
commented
10 months ago Oh, wow, you should not be allowed to create new branches on this repo :scream:
jnsgruk
commented
10 months ago Hah, okay well feel free to close this, and I'll open from a fork - would you prefer that?
merlijn-sebrechts
commented
10 months ago Yes, create a fork please.
I modified the permissions, so it should now suggest to create a fork when you edit using the web ui and disallow you from creating a new branch. Can you check this?
merlijn-sebrechts
commented
10 months ago Snapcrafters had "maintainer" permissions instead of "write" permissions. As a result, they could bypass some branch protection features and access some settings of the repos.
To give some context, because this might seem draconian:
Creating new branches is a common way to steal repository secrets and gain unauthorized access to a repository. I locked this down specifically to prevent such attacks. We also use an Environment locked to the candidate branch as a second layer of defense against stealing these secrets.
Permissions and security for GitHub actions and Secrets is quite difficult to get right, and it's made worse by
As we just saw, these permissions are hard to get right, and we were "saved" right now by the fact we had two layers of defense (Disallow creating new branches + Using Environments for secrets). As a result, I think we need to keep it like this. This protects us against both configuration errors (like this one) and actual GitHub vulnerabilities. People have been able to find many vulnerabilities in GitHub actions, and I want to avoid such a vulnerability giving people access to our large userbase.
Replacement for #87 - the branch randomly became protected, so I was unable to push more commits :man_shrugging: