Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce branch policies on the repository #41

Open
7 tasks
toddysm opened this issue Mar 8, 2023 · 1 comment
Open
7 tasks

Enforce branch policies on the repository #41

toddysm opened this issue Mar 8, 2023 · 1 comment

Comments

@toddysm
Copy link

toddysm commented Mar 8, 2023

To improve the security of the ORAS project we need to enforce the branch policies for this repository. I propose that we enforce the policies as follows:

  • Use the following rules for main and release/* branches:
    • Require PR before merging
      • Require 3 approvals
      • Dismiss stale PR approvals when new commits are pushed
      • Require review from Code Owners
      • Require status checks to pass before merging
      • Require conversation resolution before merging
      • Require signed commits
      • Do not allow bypass the above settings

Please add your comments and proposals for additional changes to this issue.

@TerryHowe
Copy link
Member

I think 2 approvals from maintainers/owners would be good enough regardless of who submitted the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants