On 28.04.2021 at 16:47, Nikita Popov wrote: > On Wed, Apr 28, 2021 at 4:18 PM Joe Watkins <krak...@gmail.com> wrote: > >> That's a good point. >> >> I suppose the most we can do is prevent accidental committing of such >> things. >> >> Appears to be two "solutions" ... >> >> We could distribute a pre-commit hook, which is somewhere between "not >> bad", and "pretty awkward" if your git installation is old. >> We could setup one of the unused boxes we have and leverage >> api/actions/whatever and catch bad commits after they happen. >> >> Neither of these are perfect solutions ... and I've never tried using >> hooks with github, but with a quick read it seems people do it - it's >> another paragraph in the git/vcs readme on the wiki. >> >> Any more ideas ? > > I don't think the tags themselves are a problem -- for those at least we > have an audit trail in the form of our webhook integration, which sends out > emails for all tag creations/deletions, and by whom they were made. I'm not > even sure if our old karma setup had any special protection for tag > creation. > > Having looked a bit closer now, it looks like the same would work for > release assets as well. There are webhooks for changes to releases, which > also list assets and who uploaded them. That should at least make us aware > of any changes.
I think we can set up an approval workflow (<https://dev.to/azure/using-environments-for-approval-workflows-with-github-actions-4962>). Christoph -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
