@mattab opened this Pull Request on March 5th 2016 Member

This is a new simple command that automates setting, for all repository for which there is admin access, the master branch as protected, which means "git forced pushes" will be disabled. This prevents someone mistakenly rewriting the git history.

As more people get write access to more repositories, it becomes more important to follow best practises for git repository security. One can run this tool regularly to ensure all our one's repos are protected.

@sgiehl commented on March 5th 2016 Member

Not directly related to this PR but shouldn't we maybe move scripts like that to an "internal" plugin that would be linked as a submodule but would not available on marketplace?

I don't see any sense in having them in this repo.

@tsteur commented on March 6th 2016 Member

I was just about to comment the same. This should be definitely not in Piwik repo. Maybe you can add this to plugin lifecycle etc? Run the command once to change them all and make sure new repos will have a protected branch automatically.

@mattab commented on March 31st 2016 Member

It would be useful to extend this command to also force the users who are allowed to push to given branches (ie. lead developers / product owners only would be allowed to merge a given PR). https://github.com/blog/2137-protected-branches-improvements

This Pull Request was closed on March 6th 2016
Powered by GitHub Issue Mirror