-
-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Policy change: pushing to protected branches is now blocked #249117
Comments
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/policy-change-pushing-to-protected-branches-is-now-blocked/31719/1 |
This comment was marked as outdated.
This comment was marked as outdated.
Note that releases should also work without direct pushes, which is being discussed in NixOS/release-wiki#70, so this exception should be removed in the future |
We are trying out not allowing direct pushes anymore, so this is not necessary anymore, unless we later revert it again (unlikely): NixOS#249117
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
@Ma27 pointed out that it looks like PR's can't be merged anymore when a committer requested changes (though it seems like those reviews can be dismissed? Edit: Confirmed, can be dismissed), additionally auto-merge seems to be available now: It doesn't seem inherently bad, but I did not expect that to happen. |
"Require approvals" can be disabled. And indeed, depending on the configuration, committers can also dismiss a review. |
@FRidh I'm pretty sure that setting is not enabled. Indeed as an example, #249150 was merged 1 hour ago (when the setting was already in effect), and it was merged without any reviews. The good thing is that dismissing reviews does allow merging again, even if it's your own PR. And even better: To dismiss reviews you have to give a reason, I tested this here: infinisil/github-test#2 (review) |
Fyi, we do have the option to turn off allowing auto-merges, see here. |
I think we should disable the auto-merge feature because it works only based on the reviews and completely ignores the OfBorg status. And until we have more solid CI we cannot also require CI checks to pass before merging. |
I turned off auto-merges. |
Meh. I don't oppose this policy, but I don't like how this decision sidesteps the RFC process. |
@infinisil for the record, I'm fine with that and I withdraw my skepticism :)
OK with this one being pinned globally, my other issue is also resolved, this provides reasonable visibility for each committer. IIRC we haven't had notable config changes in the repo for a while and I'm not sure if there are follow-ups planned to this, but for the future I'd like to suggest to always communicate it via a globally pinned discourse topic (and perhaps even cc all of the committers in $github_issue). |
@rnhmjoj I know it looks a bit like we pulled a Flake again, but:
Considering this, I don't think it's necessary to have an RFC for this, because it should be an uncontroversial change, and indeed, we haven't seen any good reason in the RFC to not do this. But also a big argument is that going through an RFC for something so minor distracts people from more important problems to fix. Not having to maintain this RFC for months frees up time for me to e.g. focus on implementing accepted NixOS/rfcs#140, which is considerably more impactful. |
Closing as this was up long enough |
Starting this week, we1 are enabling branch protection on Nixpkgs to require pull requests for all commits to the
master
andrelease-*
branches. This will prevent the almost 200 Nixpkgs committers from pushing directly to those branches, which already almost never happens anyways.Unless this causes major problems, we intend to keep this enabled permanently. Please use this issue to report any problems you encounter because of this.
What branches are affected?
The
master
andrelease-*
branches that are consumed by Hydra.What if I need to push?
Please contact the release managers as they will be added to the exception list.
In general, we expect that the PR workflow will be enough for the vast majority of cases.
Background
This change was originally proposed almost 3 years ago with closed RFC 79 when direct pushes were way more frequent at about 5%. Very recently a new attempt was started with RFC 156, for which @infinisil computed that nowadays only 0.05% of commits are pushed directly. The RFC was struggling to get enough shepherds, when @zimbatm rightly pointed out that such simple decisions shouldn't be blocked, following up with the proposal to just enable it and try it out.
Footnotes
@zimbatm will enable it, with support by @infinisil ↩
The text was updated successfully, but these errors were encountered: