From 408ab282ec9dd83378816bdd370ac364fa253708 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Sun, 2 Feb 2025 12:02:50 -0800 Subject: [PATCH 1/2] Move from branch protections to rule sets --- .github/repository-settings.md | 94 ++++++++++++++++++++-------------- 1 file changed, 55 insertions(+), 39 deletions(-) diff --git a/.github/repository-settings.md b/.github/repository-settings.md index cf7f6bb86d01..c04cd8d3a4c0 100644 --- a/.github/repository-settings.md +++ b/.github/repository-settings.md @@ -23,45 +23,59 @@ settings](https://github.com/open-telemetry/community/blob/main/docs/how-to-conf Read repository contents and packages permissions - Allow GitHub Actions to create and approve pull requests: UNCHECKED -## Branch protections - -The order of branch protection rules -[can be important](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/managing-a-branch-protection-rule#about-branch-protection-rules). -The branch protection rules below should be added before the `**/**` branch protection rule -(this may require deleting the `**/**` rule and recreating it at the end). - -### `main` - -- Require branches to be up to date before merging: UNCHECKED - - (PR jobs take too long, and leaving this unchecked has not been a significant problem) - -- Status checks that are required: - - - EasyCLA - - required-status-check - -### `release/*` - -Same settings as above for [`main`](#main). - -### `cloudfoundry` - -Same settings as above for [`main`](#main), -except for the `required-status-check` required status check. - -### `renovate/**/**` and `opentelemetrybot/**/**` - -Same settings as -for [`dependabot/**/**`](https://github.com/open-telemetry/community/blob/main/docs/how-to-configure-new-repository.md#branch-protection-rule-dependabot) - -### `gh-pages` - -- Everything UNCHECKED - - (This branch is currently only used for directly pushing benchmarking results from the - [Nightly overhead benchmark](https://github.com/open-telemetry/opentelemetry-java-instrumentation/actions/workflows/nightly-benchmark-overhead.yml) - job) +## Rules > Rulesets + +### `main` and release branches + +- Targeted branches: + - `main` + - `release/*` + - `v0.*` + - `v1.*` +- Branch rules + - Restrict deletions: CHECKED + - Require linear history: CHECKED + - Require a pull request before merging: CHECKED + - Required approvals: 1 + - Require review from Code Owners: CHECKED + - Allowed merge methods: Squash + - Require status checks to pass + - EasyCLA + - `required-status-check` + - Block force pushes: CHECKED + +### `cloudfoundry` branch + +- Targeted branches: + - `cloudfoundry` +- Branch rules + - Restrict deletions: CHECKED + - Require linear history: CHECKED + - Require a pull request before merging: CHECKED + - Required approvals: 1 + - Require review from Code Owners: CHECKED + - Allowed merge methods: Squash + - Require status checks to pass + - EasyCLA + - Block force pushes: CHECKED + +### `gh-pages` branch + +- Targeted branches: + - `gh-pages` +- Branch rules + - Restrict deletions: CHECKED + - Require linear history: CHECKED + - Block force pushes: CHECKED + +### Restrict branch creation + +- Targeted branches + - Exclude: + - `release/*` + - `renovate/**/**` + - `opentelemetrybot/**/**` +- Restrict creations: CHECKED ## Code security and analysis @@ -85,3 +99,5 @@ for [`dependabot/**/**`](https://github.com/open-telemetry/community/blob/main/d ### Organization secrets - `OPENTELEMETRYBOT_GITHUB_TOKEN` +- `OTELBOT_CLIENT_ID` +- `OTELBOT_PRIVATE_KEY` From fdf3bc520a770f523f997e4fad0e04bce0de005f Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Mon, 3 Feb 2025 12:28:53 -0800 Subject: [PATCH 2/2] Tags too --- .github/repository-settings.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/repository-settings.md b/.github/repository-settings.md index c04cd8d3a4c0..35e8cfa8635a 100644 --- a/.github/repository-settings.md +++ b/.github/repository-settings.md @@ -77,6 +77,13 @@ settings](https://github.com/open-telemetry/community/blob/main/docs/how-to-conf - `opentelemetrybot/**/**` - Restrict creations: CHECKED +### Restrict updating tags + +- Targeted tags + - All tags +- Restrict updates: CHECKED +- Restrict deletions: CHECKED + ## Code security and analysis - Secret scanning: Enabled