Confirmed users
1,364
edits
GitHub/Repository Security/Problems and Options: Difference between revisions
Jump to navigation
Jump to search
GitHub/Repository Security/Problems and Options (view source)
Revision as of 17:19, 26 June 2018
, 26 June 2018Add problem with GitHub Apps & restricted commits
m (typo) |
(Add problem with GitHub Apps & restricted commits) |
||
| Line 6: | Line 6: | ||
= Repository Guidelines = | = Repository Guidelines = | ||
== Committing (or merging) to a production branch should be limited to the smallest reasonable set of people. == | |||
=== Problem: There is currently no way to grant a GitHub app permission to push to "limited commiters" branch. === | |||
GitHub is aware of the issue, but [https://platform.github.community/t/repositories-which-have-protected-branches-with-push-restrictions-have-no-ability-to-grant-push-rights-to-integrations/1376/47 no firm date] has been announced. | |||
In the interim, the GitHub Apps can open PRs, but a human committer will need to merge them (or a bot using old style OAuth permissions). | |||
== Commits (including merges) to the production branch should be GPG signed. == | == Commits (including merges) to the production branch should be GPG signed. == | ||
=== Problem: Needing to setup GPG for use on GitHub might dissuade contributors === | === Problem: Needing to setup GPG for use on GitHub might dissuade contributors === | ||