Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

root-signing: Remove unnecessary branch protections #488

Merged
merged 1 commit into from
Sep 10, 2024
Merged

root-signing: Remove unnecessary branch protections #488

merged 1 commit into from
Sep 10, 2024

Conversation

jku
Copy link
Member

@jku jku commented Sep 5, 2024
edited
Loading

ceremony branches are not used anymore in root-signing: remove the protections.

  • Currently the repository does not allow squash merges to make sure git records the future signing event history in detail when those branches are merged to main
  • The historical ceremonies can be found in git history as well -- committer info may have been lost but this is true for the ceremony branches as well so I don't think protecting them is required.

Note that "sign/*" branches are now used in a similar manner in root-signing : I will file a root-signing issue to consider branch protections for those

@jku
root-signing: Remove unnecessary branch protections
f87ad75 
ceremony branches are not used anymore: remove the protections.
* Currently the repository does not allow squash merges
  to make sure git records the signing event history in detail
* The historical ceremonies can be found in git history as well
  -- committer info may have been lost but this is true for
  the ceremony branches as well so I don't think protecting them
  is required.

Signed-off-by: Jussi Kukkonen <[email protected]>
@jku jku requested review from a team as code owners September 5, 2024 13:44
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 5, 2024

🍹 preview on sigstore-github-sync/sigstore/github-prod

Pulumi report 
  Previewing update (sigstore/github-prod)

View Live: https://app.pulumi.com/sigstore/sigstore-github-sync/github-prod/previews/08a4f830-a5bd-4610-be51-02daae0e0d05

@ Previewing update.....
pulumi:pulumi:Stack: (same)
  [urn=urn:pulumi:github-prod::sigstore-github-sync::pulumi:pulumi:Stack::sigstore-github-sync-github-prod]
  ~ github:index/repository:Repository: (update) 🔒
      [id=root-signing]
      [urn=urn:pulumi:github-prod::sigstore-github-sync::github:index/repository:Repository::root-signing]
      [provider=urn:pulumi:github-prod::sigstore-github-sync::pulumi:providers:github::default_6_2_3::dfb01c0f-bb2a-45c2-9d92-e6152b5cee06]
    ~ pages: {
        - source: {
            - branch: "main"
            - path  : "/"
          }
        - source: {
            - branch: "main"
            - path  : "/"
          }
      }
@ Previewing update....
  - github:index/branchProtection:BranchProtection: (delete)
      [id=BPR_kwDOFotDCM4DA1RR]
      [urn=urn:pulumi:github-prod::sigstore-github-sync::github:index/branchProtection:BranchProtection::root-signing-ceremony/*]
      [provider=urn:pulumi:github-prod::sigstore-github-sync::pulumi:providers:github::default_6_2_3::dfb01c0f-bb2a-45c2-9d92-e6152b5cee06]
      allowsDeletions              : false
      allowsForcePushes            : false
      enforceAdmins                : true
      lockBranch                   : false
      pattern                      : "ceremony/*"
      repositoryId                 : "MDEwOlJlcG9zaXRvcnkzNzgyMjU0MTY="
      requireConversationResolution: false
      requireSignedCommits         : false
      requiredLinearHistory        : false
      requiredPullRequestReviews   : [
          [0]: {
              dismissStaleReviews         : true
              dismissalRestrictions       : [
                  [0]: "T_kwDOBDzYIc4AYVWd"
                  [1]: "MDQ6VGVhbTQ4OTkzMDk="
              ]
              pullRequestBypassers        : []
              requireCodeOwnerReviews     : false
              requireLastPushApproval     : true
              requiredApprovingReviewCount: 1
              restrictDismissals          : true
          }
      ]
      requiredStatusChecks         : [
          [0]: {
              contexts  : [
                  [0]: "DCO"
              ]
              strict    : false
          }
      ]
      restrictPushes               : [
          [0]: {
              blocksCreations: true
              pushAllowances : [
                  [0]: "T_kwDOBDzYIc4AYVWd"
                  [1]: "MDQ6VGVhbTQ4OTkzMDk="
                  [2]: "MDQ6VXNlcjg2ODM3MzY5"
                  [3]: "U_kgDOByoNQQ"
              ]
          }
      ]
  - github:index/branchProtection:BranchProtection: (delete)
      [id=BPR_kwDOFotDCM4DA1RO]
      [urn=urn:pulumi:github-prod::sigstore-github-sync::github:index/branchProtection:BranchProtection::root-signing-test-ceremony/*]
      [provider=urn:pulumi:github-prod::sigstore-github-sync::pulumi:providers:github::default_6_2_3::dfb01c0f-bb2a-45c2-9d92-e6152b5cee06]
      allowsDeletions              : false
      allowsForcePushes            : false
      enforceAdmins                : true
      lockBranch                   : false
      pattern                      : "test-ceremony/*"
      repositoryId                 : "MDEwOlJlcG9zaXRvcnkzNzgyMjU0MTY="
      requireConversationResolution: false
      requireSignedCommits         : false
      requiredLinearHistory        : false
      requiredPullRequestReviews   : [
          [0]: {
              dismissStaleReviews         : true
              dismissalRestrictions       : [
                  [0]: "T_kwDOBDzYIc4AYVWd"
                  [1]: "MDQ6VGVhbTQ4OTkzMDk="
              ]
              pullRequestBypassers        : []
              requireCodeOwnerReviews     : false
              requireLastPushApproval     : true
              requiredApprovingReviewCount: 1
              restrictDismissals          : true
          }
      ]
      requiredStatusChecks         : [
          [0]: {
              contexts  : [
                  [0]: "DCO"
              ]
              strict    : false
          }
      ]
      restrictPushes               : [
          [0]: {
              blocksCreations: true
              pushAllowances : [
                  [0]: "T_kwDOBDzYIc4AYVWd"
                  [1]: "MDQ6VGVhbTQ4OTkzMDk="
                  [2]: "MDQ6VXNlcjg2ODM3MzY5"
                  [3]: "U_kgDOByoNQQ"
              ]
          }
      ]
Resources:
  ~ 1 to update
  - 2 to delete
  3 changes. 589 unchanged

@jku jku mentioned this pull request Sep 5, 2024
Open
@haydentherapper haydentherapper merged commit 4467ed4 into sigstore:main Sep 10, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jku @haydentherapper