[GNC-dev] Enabling github branch protection rules? Re: [Gnucash/gnucash] po/de.po: fix translation bug (#627)

John Ralls jralls at ceridwen.us
Fri Jan 3 17:19:13 EST 2020


Well, it does disable the merge button. "applies to administrators" has to be checked too for it to apply to you, me, and Geert. Unfortunately it also applies to pushes from code:

Counting objects: 16, done.
Delta compression using up to 16 threads.
Compressing objects: 100% (16/16), done.
Writing objects: 100% (16/16), 1.58 KiB | 0 bytes/s, done.
Total 16 (delta 12), reused 0 (delta 0)
remote: *** Mirror changes to origin (usually github)...
remote: remote: error: GH006: Protected branch update failed for refs/heads/maint.
remote: remote: error: At least 2 approving reviews are required by reviewers with write access.
remote: To ssh://github.com/Gnucash/gnucash.git
remote:    d409d009f..b5fdcfcb5  origin/maint -> origin/maint
remote:  ! [remote rejected]     maint -> maint (protected branch hook declined)
remote: error: failed to push some refs to 'ssh://git@github.com/Gnucash/gnucash.git'
To ssh://code.gnucash.org/gnucash
   b5fdcfc..c9998a8  maint -> maint

That could probably be worked around by making code a maintainer and reducing your privs to regular developer. Geert and I would still get the merge button but we know better than to use it.

John Ralls

> On Jan 3, 2020, at 12:57 PM, Christian Stimming <christian at cstimming.de> wrote:
> John,
> thanks a lot for testing. Well, that's unfortunate. However, maybe some of the 
> other rules would help us to avoid this better? 
> https://github.com/Gnucash/gnucash/settings/branch_protection_rules/new
> How about activating "Require pull request reviews before merging" with maybe 
> "2"? Again, I'm not sure whether code-gnucash-user can still push the commits. 
> Could you give it a try? Thanks a lot.
> Regards,
> Christian
> Am Freitag, 3. Januar 2020, 00:15:02 CET schrieb John Ralls:
>> Christian,
>> Just tried it as a test (the user id is code-gnucash-user). It doesn't
>> prevent merging from the web page.
>> Regards,
>> John Ralls
>>> On Jan 2, 2020, at 1:11 PM, Christian Stimming <christian at cstimming.de>
>>> wrote:
>>> Dear developers,
>>> yesterday I accidentally used the web interface of github to merge a pull
>>> request, but we don't want this, because the merge (or any other commit)
>>> on
>>> github is going to be overwritten by the next push from code.gnucash.org.
>>> I was wondering whether we could enable the github "Protect matching
>>> branches" rules
>>> https://github.com/Gnucash/gnucash/settings/branch_protection_rules/new
>>> There's a rule "Restrict who can push to matching branches", which we
>>> could
>>> restrict to the user that pushes from code.gnucash.org. This should
>>> prevent
>>> any such accidental merges from github's web interface, shouldn't it?
>>> However, this needs to be enabled by somebody who immediately can check
>>> that the push from code still works. Anybody there care to take a look?
>>> Thanks a lot!
>>> Regards,
>>> Christian
>>> Am Donnerstag, 2. Januar 2020, 11:42:12 CET schrieb Frank H. Ellenberger:
>>>> Never use githubs webinterface for merging for any gnucash project!
>>>> Because code.gnucash.org is canonical, the merge got overwritten by the
>>>> next push.
>>> _______________________________________________
>>> gnucash-devel mailing list
>>> gnucash-devel at gnucash.org
>>> https://lists.gnucash.org/mailman/listinfo/gnucash-devel

More information about the gnucash-devel mailing list