[GNC-dev] Enabling github branch protection rules? Re: [Gnucash/gnucash] po/de.po: fix translation bug (#627)

John Ralls jralls at ceridwen.us
Wed Jan 8 20:58:04 EST 2020 

I think so, as long as you pull before anyone pushes something to code and that blows away your merge. Of course if someone then pushes to code before you get the merge pushed you'll have a bit of cleanup work before you're able to push.

Regards,
John Ralls


> On Jan 8, 2020, at 12:26 PM, Derek Atkins <derek at ihtfp.com> wrote:
> 
> I am curious what would happen if you merge in github, then pull, then
> push to code?  Would "the right thing" happen?
> 
> -derek
> 
> Christian Stimming <christian at cstimming.de> writes:
> 
>> Am Freitag, 3. Januar 2020, 23:19:13 CET schrieb John Ralls:
>>> Christian,
>>> 
>>> Well, it does disable the merge button. "applies to administrators" has to
>>> be checked too for it to apply to you, me, and Geert. Unfortunately it also
>>> applies to pushes from code:
>> 
>> Oh well. Ok, thanks for testing. I was just wondering whether all these fancy 
>> new workflow enforcements would allow us to enforce our particular workflow, 
>> but apparently this is not supported. After this discussion I am now fully 
>> aware of not using the github website merge button again, so I think we can 
>> safely leave things as it is. Thanks!
>> 
>> Regards,
>> Christian
>> 
>>> 
>>> Counting objects: 16, done.
>>> Delta compression using up to 16 threads.
>>> Compressing objects: 100% (16/16), done.
>>> Writing objects: 100% (16/16), 1.58 KiB | 0 bytes/s, done.
>>> Total 16 (delta 12), reused 0 (delta 0)
>>> remote: *** Mirror changes to origin (usually github)...
>>> remote: remote: error: GH006: Protected branch update failed for
>>> refs/heads/maint. remote: remote: error: At least 2 approving reviews are
>>> required by reviewers with write access. remote: To
>>> ssh://github.com/Gnucash/gnucash.git
>>> remote:    d409d009f..b5fdcfcb5  origin/maint -> origin/maint
>>> remote:  ! [remote rejected]     maint -> maint (protected branch hook
>>> declined) remote: error: failed to push some refs to
>>> 'ssh://git@github.com/Gnucash/gnucash.git' To
>>> ssh://code.gnucash.org/gnucash
>>>   b5fdcfc..c9998a8  maint -> maint
>>> 
>>> That could probably be worked around by making code a maintainer and
>>> reducing your privs to regular developer. Geert and I would still get the
>>> merge button but we know better than to use it.
>>> 
>>> Regards,
>>> John Ralls
>>> 
>>>> On Jan 3, 2020, at 12:57 PM, Christian Stimming <christian at cstimming.de>
>>>> wrote:
>>>> 
>>>> John,
>>>> 
>>>> thanks a lot for testing. Well, that's unfortunate. However, maybe some of
>>>> the other rules would help us to avoid this better?
>>>> https://github.com/Gnucash/gnucash/settings/branch_protection_rules/new
>>>> How about activating "Require pull request reviews before merging" with
>>>> maybe "2"? Again, I'm not sure whether code-gnucash-user can still push
>>>> the commits. Could you give it a try? Thanks a lot.
>>>> 
>>>> Regards,
>>>> Christian
>>>> 
>>>> Am Freitag, 3. Januar 2020, 00:15:02 CET schrieb John Ralls:
>>>>> Christian,
>>>>> 
>>>>> Just tried it as a test (the user id is code-gnucash-user). It doesn't
>>>>> prevent merging from the web page.
>>>>> 
>>>>> Regards,
>>>>> John Ralls
>>>>> 
>>>>>> On Jan 2, 2020, at 1:11 PM, Christian Stimming <christian at cstimming.de>
>>>>>> wrote:
>>>>>> 
>>>>>> Dear developers,
>>>>>> 
>>>>>> yesterday I accidentally used the web interface of github to merge a
>>>>>> pull
>>>>>> request, but we don't want this, because the merge (or any other commit)
>>>>>> on
>>>>>> github is going to be overwritten by the next push from
>>>>>> code.gnucash.org.
>>>>>> 
>>>>>> I was wondering whether we could enable the github "Protect matching
>>>>>> branches" rules
>>>>>> https://github.com/Gnucash/gnucash/settings/branch_protection_rules/new
>>>>>> There's a rule "Restrict who can push to matching branches", which we
>>>>>> could
>>>>>> restrict to the user that pushes from code.gnucash.org. This should
>>>>>> prevent
>>>>>> any such accidental merges from github's web interface, shouldn't it?
>>>>>> However, this needs to be enabled by somebody who immediately can check
>>>>>> that the push from code still works. Anybody there care to take a look?
>>>>>> Thanks a lot!
>>>>>> 
>>>>>> Regards,
>>>>>> 
>>>>>> Christian
>>>>>> 
>>>>>> Am Donnerstag, 2. Januar 2020, 11:42:12 CET schrieb Frank H. 
>> Ellenberger:
>>>>>>> Never use githubs webinterface for merging for any gnucash project!
>>>>>>> Because code.gnucash.org is canonical, the merge got overwritten by the
>>>>>>> next push.
>>>>>> 
>>>>>> _______________________________________________
>>>>>> gnucash-devel mailing list
>>>>>> gnucash-devel at gnucash.org
>>>>>> https://lists.gnucash.org/mailman/listinfo/gnucash-devel
>> 
>> 
>> 
>> 
>> _______________________________________________
>> gnucash-devel mailing list
>> gnucash-devel at gnucash.org
>> https://lists.gnucash.org/mailman/listinfo/gnucash-devel
>> 
>> 
> 
> -- 
>       Derek Atkins                 617-623-3745
>       derek at ihtfp.com             www.ihtfp.com
>       Computer and Internet Security Consultant

More information about the gnucash-devel mailing list