[CIG-SEISMO] Using Github Protected Branches
Dimitri Komatitsch
komatitsch at lma.cnrs-mrs.fr
Thu Mar 15 09:47:28 PDT 2018
Thanks! Perfect. If so, let us do it I guess :-)
To all: it is easy to unprotect the branch later if needed, thus we can
safely try. It looks like a nice feature, and good practice.
I remember that around 2014 or so I made a mistake and deleted the
master branch (I deleted geodynamics/specfem3d instead of deleting
komatitsch/specfem3d). A protected branch would have avoided that.
Fortunately Jed had a local backup and managed to restore it...
Even though the GitHub web interface says (in red bold font) "Are you
sure about what you are doing", I clicked on Yes because I was tired...
thanks
Best regards,
Dimitri.
On 03/15/2018 12:15 AM, Jed Brown wrote:
> Merging in that mode is a fast-forward so protection doesn't block it
> (for anyone authorized to push to the branch).
>
> Dimitri Komatitsch <komatitsch at lma.cnrs-mrs.fr> writes:
>
>> Hi all,
>>
>> Thanks for the discussion.
>>
>> I went to https://help.github.com/articles/about-protected-branches but
>> it is not clear to me how one then makes changes in the protected branch
>> (for instance to release a new version of the code by merging "devel"
>> into "master", which we do a few times a year). If that can still be
>> done very easily (if so, how?), then why not; if that becomes complex,
>> then it is likely too complex, at least for SPECFEM.
>>
>> Thanks,
>> Best regards,
>> Dimitri.
>>
>> On 03/14/2018 11:42 PM, Rene Gassmoeller wrote:
>>> Hi all,
>>>
>>> let me join in on this as one of the maintainers of the ASPECT mantle
>>> convection code. We had the branch protection on Github enabled for our
>>> master branch for several years now (in addition to the automatic tester
>>> that tests pull requests). There are two scenarios in which this can be
>>> helpful:
>>>
>>> One of your project's developers (no admin, otherwise you are out of
>>> luck in any case) account is hacked. They have write access to the
>>> repository, but can not change their rights on github. Without a
>>> protected master branch they can force-push to that branch or more
>>> dangerously reset it and delete the complete project history. You would
>>> then need to restore it from a local copy somewhere (hopefully you have
>>> one). They can of course still merge bogus pull requests (unless you add
>>> the required status checks protection), but all of that can be reverted.
>>>
>>> The other scenario does not even need evil intentions. Let's assume you
>>> are in a hurry to fix a bug and you do this on the master branch (you
>>> should be on a feature branch, but the next seminar is in 5 minutes and
>>> you can create the branch later). You do not finish the fix, but want to
>>> save the history so you push to your personal github repo for now to
>>> create the pull request later. 'git push origin master'. Unfortunately
>>> you did this on the cluster where you cloned the repository and you
>>> cloned from the main repository instead of your own, so you mess up the
>>> master branch. You walk away and your repo is in an unusable state until
>>> you return or somebody notices. Every user who updated in the meantime
>>> gets an unusable version, and worse, they will get a conflict unless you
>>> fix up the master branch with a new commit (instead of reset it) and
>>> keep the messed up commit in there.
>>>
>>> Now I admit these cases need bad luck, but that can happen to anyone
>>> (even experienced admins). While we had no attempts to delete our master
>>> branch yet, people did accidentally upload branches to the main
>>> repository without realizing and having the branch protection on just
>>> gives us some extra peace of mind. Of course that is the decision of
>>> every project, but I personally feel a protected master branch should be
>>> included in the set of best practices.
>>>
>>> Cheers,
>>>
>>> Rene
>>>
>>>
>>> On 03/14/2018 02:43 PM, Tyler Esser wrote:
>>>> This conversation was originally started with the SPECFEM Admins
>>>> Github team. There were requests from other people to join the
>>>> discussion so we decided to post it to the mailing list.
>>>>
>>>>
>>>> Tyler Esser
>>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: *Tyler Esser* <notifications at github.com
>>>> <mailto:notifications at github.com>>
>>>> Date: Fri, Mar 9, 2018 at 1:05 PM
>>>> Subject: [geodynamics/specfem-admins] Using Github's protected
>>>> branches (#1)
>>>> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com
>>>> <http://noreply.github.com>>
>>>> Cc: Tyler Esser <tjesser at ucdavis.edu <mailto:tjesser at ucdavis.edu>>,
>>>> Your activity <your_activity at noreply.github.com
>>>> <mailto:your_activity at noreply.github.com>>
>>>>
>>>>
>>>> Hi SPECFEM admins,
>>>>
>>>> CIG recently had a discussion with a CIG project dev about protecting
>>>> branches from certain actions and discovered that Github has a
>>>> protected branch feature. The option seems to be a good general
>>>> practice and so I wanted to ask what you thought about turning it on
>>>> for SPECFEM master branches. Github documentation for the feature is
>>>> here: https://help.github.com/articles/about-protected-branches/
>>>> <https://help.github.com/articles/about-protected-branches/>
>>>>
>>>> Mostly we were interested in preventing accidental deletion or
>>>> altering git history with force pushing, but there are other options
>>>> that may be worth using. See the attached picture.
>>>>
>>>> protectedbranches
>>>> <https://user-images.githubusercontent.com/15039903/37229838-3e206a58-239a-11e8-8849-4d53b31bb735.png>
>>>>
>>>> The Github team interface seemed the best way to contact you when
>>>> dealing with Github administration issues. Please let me know if you
>>>> would have preferred a different method.
>>>>
>>>> Tyler Esser
>>>>
>>>> —
>>>> You are receiving this because you are subscribed to this thread.
>>>> Reply to this email directly, view it on GitHub
>>>> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1>,
>>>> or mute the thread
>>>> <https://github.com/notifications/unsubscribe-auth/AOV9nzrbX2pJT4Ic82_OqHyMeMhIB0DGks5tcu6hgaJpZM4Sk3gA>.
>>>>
>>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: *daniel peter* <notifications at github.com
>>>> <mailto:notifications at github.com>>
>>>> Date: Fri, Mar 9, 2018 at 11:20 PM
>>>> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
>>>> branches (#1)
>>>> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com
>>>> <http://noreply.github.com>>
>>>> Cc: Tyler Esser <tjesser at ucdavis.edu <mailto:tjesser at ucdavis.edu>>,
>>>> Author <author at noreply.github.com <mailto:author at noreply.github.com>>
>>>>
>>>>
>>>> Hi Tyler,
>>>>
>>>> probably David has a better answer, since he put most of this already
>>>> in place. I think we already protect the master branch in all SPECFEM
>>>> repos. no pull requests are allowed on master by users. only admins
>>>> are allowed to push/merge commits to it. so the most important
>>>> safeguards from above are already in place.
>>>>
>>>> as it seems to work pretty well so far for us, i don't see much need
>>>> for further restrictions.
>>>>
>>>> best wishes,
>>>> daniel
>>>>
>>>> —
>>>> You are receiving this because you authored the thread.
>>>> Reply to this email directly, view it on GitHub
>>>> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/1>,
>>>> or mute the thread
>>>> <https://github.com/notifications/unsubscribe-auth/AOV9n0lH-Vma93h_RD2hoK0c6U4aI7Gaks5tc368gaJpZM4Sk3gA>.
>>>>
>>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: *Tyler Esser* <notifications at github.com
>>>> <mailto:notifications at github.com>>
>>>> Date: Mon, Mar 12, 2018 at 5:18 PM
>>>> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
>>>> branches (#1)
>>>> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com
>>>> <http://noreply.github.com>>
>>>> Cc: Tyler Esser <tjesser at ucdavis.edu <mailto:tjesser at ucdavis.edu>>,
>>>> Your activity <your_activity at noreply.github.com
>>>> <mailto:your_activity at noreply.github.com>>
>>>>
>>>>
>>>> When you say the master branch is already protected, are you referring
>>>> to Github branch protection or are you referring to the Github teams
>>>> SPECFEM Admins
>>>> <https://github.com/orgs/geodynamics/teams/specfem-admins/members> and
>>>> SPECFEM Devs
>>>> <https://github.com/orgs/geodynamics/teams/specfem-developers/members>
>>>> being exclusive?
>>>>
>>>> As far as I can tell, the people in those teams have permission to
>>>> push, merge, force push, and/or delete any branch in the SPECFEM
>>>> repos. If I understand you correctly, that's fine because everyone in
>>>> those teams is already trusted. Is that correct?
>>>>
>>>> Tyler
>>>>
>>>> —
>>>> You are receiving this because you are subscribed to this thread.
>>>> Reply to this email directly, view it on GitHub
>>>> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/2>,
>>>> or mute the thread
>>>> <https://github.com/notifications/unsubscribe-auth/AOV9nyUcEMGqU9oUvZeIZYzYee5129W9ks5tdxBkgaJpZM4Sk3gA>.
>>>>
>>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: *daniel peter* <notifications at github.com
>>>> <mailto:notifications at github.com>>
>>>> Date: Tue, Mar 13, 2018 at 1:46 AM
>>>> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
>>>> branches (#1)
>>>> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com
>>>> <http://noreply.github.com>>
>>>> Cc: Tyler Esser <tjesser at ucdavis.edu <mailto:tjesser at ucdavis.edu>>,
>>>> Author <author at noreply.github.com <mailto:author at noreply.github.com>>
>>>>
>>>>
>>>> the master branch is protected by buildbot, which David set up. every
>>>> pull request goes through buildbot which will close it automatically
>>>> if the request is towards the master branch.
>>>>
>>>> and yes, only those team admins are allowed to push, merge, etc. on
>>>> the master/devel branch which is fine, as they probably know what
>>>> they're doing :)
>>>>
>>>> -daniel
>>>>
>>>> —
>>>> You are receiving this because you authored the thread.
>>>> Reply to this email directly, view it on GitHub
>>>> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/3>,
>>>> or mute the thread
>>>> <https://github.com/notifications/unsubscribe-auth/AOV9n6HUbKXXf0UdPXfPH9BEZBAhWekyks5td4d-gaJpZM4Sk3gA>.
>>>>
>>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: *Tyler Esser* <notifications at github.com
>>>> <mailto:notifications at github.com>>
>>>> Date: Wed, Mar 14, 2018 at 12:09 PM
>>>> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
>>>> branches (#1)
>>>> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com
>>>> <http://noreply.github.com>>
>>>> Cc: Tyler Esser <tjesser at ucdavis.edu <mailto:tjesser at ucdavis.edu>>,
>>>> Your activity <your_activity at noreply.github.com
>>>> <mailto:your_activity at noreply.github.com>>
>>>>
>>>>
>>>> There's been a few requests to join this discussion. Do you mind if I
>>>> copy this thread to the cig-seismo mailing list?
>>>>
>>>> Tyler
>>>>
>>>> —
>>>> You are receiving this because you are subscribed to this thread.
>>>> Reply to this email directly, view it on GitHub
>>>> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/4>,
>>>> or mute the thread
>>>> <https://github.com/notifications/unsubscribe-auth/AOV9nzlkfKRWyqhmOX1y-zJG6VFZKEobks5teWrngaJpZM4Sk3gA>.
>>>>
>>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: *daniel peter* <notifications at github.com
>>>> <mailto:notifications at github.com>>
>>>> Date: Wed, Mar 14, 2018 at 1:49 PM
>>>> Subject: Re: [geodynamics/specfem-admins] Using Github's protected
>>>> branches (#1)
>>>> To: geodynamics/specfem-admins <"SPECFEM Admins"@noreply.github.com
>>>> <http://noreply.github.com>>
>>>> Cc: Tyler Esser <tjesser at ucdavis.edu <mailto:tjesser at ucdavis.edu>>,
>>>> Author <author at noreply.github.com <mailto:author at noreply.github.com>>
>>>>
>>>>
>>>> sure, let's see some more opinions :)
>>>>
>>>> —
>>>> You are receiving this because you authored the thread.
>>>> Reply to this email directly, view it on GitHub
>>>> <https://github.com/orgs/geodynamics/teams/specfem-admins/discussions/1/comments/5>,
>>>> or mute the thread
>>>> <https://github.com/notifications/unsubscribe-auth/AOV9n9qaWMmQTY0OsoY2qXDakvb2EIIlks5teYJngaJpZM4Sk3gA>.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> CIG-SEISMO mailing list
>>>> CIG-SEISMO at geodynamics.org
>>>> http://lists.geodynamics.org/cgi-bin/mailman/listinfo/cig-seismo
>>>
>>> --
>>> Rene Gassmoeller
>>> http://www.math.colostate.edu/~gassmoel/
>>>
>>>
>>>
>>> _______________________________________________
>>> CIG-SEISMO mailing list
>>> CIG-SEISMO at geodynamics.org
>>> http://lists.geodynamics.org/cgi-bin/mailman/listinfo/cig-seismo
>>>
>>
>> --
>> Dimitri Komatitsch, CNRS Research Director (DR CNRS)
>> Laboratory of Mechanics and Acoustics, Marseille, France
>> http://komatitsch.free.fr
>> _______________________________________________
>> CIG-SEISMO mailing list
>> CIG-SEISMO at geodynamics.org
>> http://lists.geodynamics.org/cgi-bin/mailman/listinfo/cig-seismo
--
Dimitri Komatitsch, CNRS Research Director (DR CNRS)
Laboratory of Mechanics and Acoustics, Marseille, France
http://komatitsch.free.fr
More information about the CIG-SEISMO
mailing list