[CIG-SEISMO] Using Github Protected Branches
Tyler Esser
tjesser at ucdavis.edu
Wed Mar 14 16:08:55 PDT 2018
Talking with Louise and Lorraine, it seems that CIG's position is that
anything that protects against accidents or compromised accounts is seen as
best practices. Rene mentioned that having an admin make a mistake means
you're out of luck, but protected branches do have the option to enforce
their settings even on admins. Have the Aspect devs discussed flipping that
switch and applying the limitations to admins as well?
Tyler
On Wed, Mar 14, 2018 at 3:42 PM, Rene Gassmoeller <
rene.gassmoeller at mailbox.org> wrote:
> Hi all,
>
> let me join in on this as one of the maintainers of the ASPECT mantle
> convection code. We had the branch protection on Github enabled for our
> master branch for several years now (in addition to the automatic tester
> that tests pull requests). There are two scenarios in which this can be
> helpful:
>
> One of your project's developers (no admin, otherwise you are out of luck
> in any case) account is hacked. They have write access to the repository,
> but can not change their rights on github. Without a protected master
> branch they can force-push to that branch or more dangerously reset it and
> delete the complete project history. You would then need to restore it from
> a local copy somewhere (hopefully you have one). They can of course still
> merge bogus pull requests (unless you add the required status checks
> protection), but all of that can be reverted.
>
> The other scenario does not even need evil intentions. Let's assume you
> are in a hurry to fix a bug and you do this on the master branch (you
> should be on a feature branch, but the next seminar is in 5 minutes and you
> can create the branch later). You do not finish the fix, but want to save
> the history so you push to your personal github repo for now to create the
> pull request later. 'git push origin master'. Unfortunately you did this on
> the cluster where you cloned the repository and you cloned from the main
> repository instead of your own, so you mess up the master branch. You walk
> away and your repo is in an unusable state until you return or somebody
> notices. Every user who updated in the meantime gets an unusable version,
> and worse, they will get a conflict unless you fix up the master branch
> with a new commit (instead of reset it) and keep the messed up commit in
> there.
>
> Now I admit these cases need bad luck, but that can happen to anyone (even
> experienced admins). While we had no attempts to delete our master branch
> yet, people did accidentally upload branches to the main repository without
> realizing and having the branch protection on just gives us some extra
> peace of mind. Of course that is the decision of every project, but I
> personally feel a protected master branch should be included in the set of
> best practices.
>
> Cheers,
>
> Rene
>
> On 03/14/2018 02:43 PM, Tyler Esser wrote:
>
> This conversation was originally started with the SPECFEM Admins Github
> team. There were requests from other people to join the discussion so we
> decided to post it to the mailing list.
>
>
> Tyler Esser
>
>
> ---------- Forwarded message ----------
> From: Tyler Esser <notifications at github.com>
> Date: Fri, Mar 9, 2018 at 1:05 PM
> Subject: [geodynamics/specfem-admins] Using Github's protected branches
> (#1)
> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com>
> Cc: Tyler Esser <tjesser at ucdavis.edu>, Your activity <
> your_activity at noreply.github.com>
>
>
> Hi SPECFEM admins,
>
> CIG recently had a discussion with a CIG project dev about protecting
> branches from certain actions and discovered that Github has a protected
> branch feature. The option seems to be a good general practice and so I
> wanted to ask what you thought about turning it on for SPECFEM master
> branches. Github documentation for the feature is here:
> https://help.github.com/articles/about-protected-branches/
>
> Mostly we were interested in preventing accidental deletion or altering
> git history with force pushing, but there are other options that may be
> worth using. See the attached picture.
>
> [image: protectedbranches]
> <https://user-images.githubusercontent.com/15039903/37229838-3e206a58-239a-11e8-8849-4d53b31bb735.png>
>
> The Github team interface seemed the best way to contact you when dealing
> with Github administration issues. Please let me know if you would have
> preferred a different method.
>
> Tyler Esser
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AOV9nzrbX2pJT4Ic82_OqHyMeMhIB0DGks5tcu6hgaJpZM4Sk3gA>
> .
>
>
> ---------- Forwarded message ----------
> From: daniel peter <notifications at github.com>
> Date: Fri, Mar 9, 2018 at 11:20 PM
> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
> branches (#1)
> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com>
> Cc: Tyler Esser <tjesser at ucdavis.edu>, Author <author at noreply.github.com>
>
>
> Hi Tyler,
>
> probably David has a better answer, since he put most of this already in
> place. I think we already protect the master branch in all SPECFEM repos.
> no pull requests are allowed on master by users. only admins are allowed to
> push/merge commits to it. so the most important safeguards from above are
> already in place.
>
> as it seems to work pretty well so far for us, i don't see much need for
> further restrictions.
>
> best wishes,
> daniel
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/1>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AOV9n0lH-Vma93h_RD2hoK0c6U4aI7Gaks5tc368gaJpZM4Sk3gA>
> .
>
>
> ---------- Forwarded message ----------
> From: Tyler Esser <notifications at github.com>
> Date: Mon, Mar 12, 2018 at 5:18 PM
> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
> branches (#1)
> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com>
> Cc: Tyler Esser <tjesser at ucdavis.edu>, Your activity <
> your_activity at noreply.github.com>
>
>
> When you say the master branch is already protected, are you referring to
> Github branch protection or are you referring to the Github teams SPECFEM
> Admins <https://github.com/orgs/geodynamics/teams/specfem-admins/members>
> and SPECFEM Devs
> <https://github.com/orgs/geodynamics/teams/specfem-developers/members>
> being exclusive?
>
> As far as I can tell, the people in those teams have permission to push,
> merge, force push, and/or delete any branch in the SPECFEM repos. If I
> understand you correctly, that's fine because everyone in those teams is
> already trusted. Is that correct?
>
> Tyler
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/2>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AOV9nyUcEMGqU9oUvZeIZYzYee5129W9ks5tdxBkgaJpZM4Sk3gA>
> .
>
>
> ---------- Forwarded message ----------
> From: daniel peter <notifications at github.com>
> Date: Tue, Mar 13, 2018 at 1:46 AM
> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
> branches (#1)
> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com>
> Cc: Tyler Esser <tjesser at ucdavis.edu>, Author <author at noreply.github.com>
>
>
> the master branch is protected by buildbot, which David set up. every pull
> request goes through buildbot which will close it automatically if the
> request is towards the master branch.
>
> and yes, only those team admins are allowed to push, merge, etc. on the
> master/devel branch which is fine, as they probably know what they're doing
> :)
>
> -daniel
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/3>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AOV9n6HUbKXXf0UdPXfPH9BEZBAhWekyks5td4d-gaJpZM4Sk3gA>
> .
>
>
> ---------- Forwarded message ----------
> From: Tyler Esser <notifications at github.com>
> Date: Wed, Mar 14, 2018 at 12:09 PM
> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
> branches (#1)
> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com>
> Cc: Tyler Esser <tjesser at ucdavis.edu>, Your activity <
> your_activity at noreply.github.com>
>
>
> There's been a few requests to join this discussion. Do you mind if I copy
> this thread to the cig-seismo mailing list?
>
> Tyler
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/4>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AOV9nzlkfKRWyqhmOX1y-zJG6VFZKEobks5teWrngaJpZM4Sk3gA>
> .
>
>
> ---------- Forwarded message ----------
> From: daniel peter <notifications at github.com>
> Date: Wed, Mar 14, 2018 at 1:49 PM
> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
> branches (#1)
> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com>
> Cc: Tyler Esser <tjesser at ucdavis.edu>, Author <author at noreply.github.com>
>
>
> sure, let's see some more opinions :)
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/5>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AOV9n9qaWMmQTY0OsoY2qXDakvb2EIIlks5teYJngaJpZM4Sk3gA>
> .
>
>
>
>
> _______________________________________________
> CIG-SEISMO mailing listCIG-SEISMO at geodynamics.orghttp://lists.geodynamics.org/cgi-bin/mailman/listinfo/cig-seismo
>
>
> --
> Rene Gassmoellerhttp://www.math.colostate.edu/~gassmoel/
>
>
> _______________________________________________
> CIG-SEISMO mailing list
> CIG-SEISMO at geodynamics.org
> http://lists.geodynamics.org/cgi-bin/mailman/listinfo/cig-seismo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.geodynamics.org/pipermail/cig-seismo/attachments/20180314/3302cf3e/attachment-0001.html>
More information about the CIG-SEISMO
mailing list