On 25/08/25 at 18:00 -0300, Lucas Kanashiro wrote: > Is there a way to forbid people to keep pushing let's say a "master" > branch? Not sure if you have done that already (AFAICS you have not), > but I can see myself, while working on many packages (i.e. interpreter > transition), applying changes in my local repo and "git push"ing it > without even noticing that I am messing up with the branch layout. > > Ideally, I should remove my local repo and check it out again, but that > is not applicable to every package since I may have staged local > changes. > > There is this concept of a protected branch in Gitlab, not sure if we > can use it to avoid this type of mistake. > > I played with it in one of the repos and I think we can protect any > branch matching the *master* wildcard, and only maintainers can merge > (in case of any exception) and no one is allowed to push and merge. It > works: > > $ git push origin master > Total 0 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0) > remote: GitLab: You can only use an existing protected branch ref as > the basis of a new protected branch. > To salsa.debian.org:ruby-team/rubygems.git > ! [remote rejected] master -> master (pre-receive hook declined) > error: failed to push some refs to 'salsa.debian.org:ruby- > team/rubygems.git' > > We could extend your script to add this configuration to all repos. > WDYT?
Good idea! I wrote https://salsa.debian.org/ruby-team/meta/-/blob/master/dep14-protect-branches?ref_type=heads and used it to configure all repositories. The script excludes projects that have branches that would be affected by the rule. (example: ruby-team/nadoka, which tracks upstream in the 'master' branch). Lucas
