-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce branch policies on the repository #458
Comments
If a code owner created the PR, is that one approval? I am assuming only approvals from code owners count. |
That is correct @TerryHowe - only codeowners count. And no, this is in addition to the person who submitted the PR as far as I know. We can have a relaxed policy and ask for 2 codeowner approvals only. |
Few comments:
It is worth noting that "require branches to be up to date before merging" somehow conflicts with "dismiss stale PR approvals when new commits are pushed". |
I am confused with that you mean with "release doesn't apply to libraries". Is this about the branch name of is it because we do not "release" libraries? Also, it will be good to be consistent with the branch names across all ORAS projects. Also, see some comments from oras-project/oras#862 (comment) they apply here too. |
To improve the security of the ORAS project we need to enforce the branch policies for this repository. I propose that we enforce the policies as follows:
main
andrelease/*
branches:Please add your comments and proposals for additional changes to this issue.
The text was updated successfully, but these errors were encountered: