[systemd-devel] Random branch in github.com/systemd/systemd
František Šumšal
frantisek at sumsal.cz
Thu Jan 2 16:30:44 UTC 2020
On 1/2/20 5:13 PM, Mike Gilbert wrote:
> On Thu, Jan 2, 2020 at 9:08 AM Lennart Poettering
> <lennart at poettering.net> wrote:
>>> If possible, it would probably be wise to restrict access for pushing
>>> new branches like this.
>>
>> Hmm, how would we do that? Any suggestion? Happy to restrict that, but
>> not sure how to do that...
>
> I thought maybe there was a setting in github for it, or maybe
> something to do with permissions?
>
> I don't manage any multi-user github repos myself, so I don't have any
> tangible advice.
This is actually kinda hard, as there is (right now) no configuration option
to restrict creation of new branches.
In theory, we could 'abuse' branch protection rules[0] (which currently protect
the master branch against force pushes), but the branch pattern is not flexible
enough to manage that, precisely the `File.fnmatch()` function[1] it uses internally
doesn't have any negation logic to include all branches except for `master`.
I guess we could do something like this[2], which would cover most of the branch
names, in combination with some protection rule (either 'Require pull request
reviews before merging' or 'Restrict who can push to matching branches'), but
it's not perfect.
[0] https://help.github.com/en/github/administering-a-repository/configuring-protected-branches
[1] https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch
[2] https://stackoverflow.com/questions/55053460/github-branch-name-pattern-negation/55057727#55057727
--
PGP Key ID: 0xFB738CE27B634E4B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200102/2fb0bbe7/attachment.sig>
More information about the systemd-devel
mailing list