Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a new project root-signing-staging #351

Merged
merged 1 commit into from
Oct 25, 2023
Merged

Add a new project root-signing-staging #351

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions github-sync/github-data/sigstore/repositories.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1410,6 +1410,67 @@ repositories:
dismissalRestrictions:
- tuf-root-signing-codeowners
- sigstore-keyholders
- name: root-signing-staging
owner: sigstore
description: "Staging TUF repository for Sigstore trust root"
homepageUrl: ""
defaultBranch: main
allowAutoMerge: false
allowMergeCommit: true
allowRebaseMerge: false
allowSquashMerge: false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you want to allow squash merges? I typically disable merge commits to keep the history clean, allow squash, and allow auto merge.

Copy link
Member Author

@jku jku Oct 18, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not 100% sure but I don't think I do...commits in signing event PRs are meaningful as they come from multiple sources(different signers, repository workflow, etc). Squashing them would look confusing IMO

archived: false
autoInit: false
deleteBranchOnMerge: false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does automation need a static branch, or does it create new branches frequently? Might want this on.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not that frequently, but a branch per signing event. I would maybe rather start with not deleting branches for easier forensics

hasDownloads: false
hasIssues: true
hasProjects: false
hasWiki: false
vulnerabilityAlerts: true
visibility: public
licenseTemplate: ""
topics: []
collaborators:
- username: sigstore-bot
permission: push
- username: sigstore-review-bot
permission: push
teams:
- name: tuf-root-signing-staging-codeowners
id: 8790813
permission: maintain
- name: triage
id: 5643322
permission: triage
- name: sigstore-oncall
id: 6693572
permission: push
branchesProtection:
- pattern: main
enforceAdmins: true
allowsDeletions: false
allowsForcePushes: false
requiredLinearHistory: true
dismissStaleReviews: true
requiredApprovingReviewCount: 1
requireLastPushApproval: true
restrictDismissals: true
pushRestrictions:
- tuf-root-signing-staging-codeowners
- sigstore-bot
dismissalRestrictions:
- tuf-root-signing-staging-codeowners
- pattern: publish
enforceAdmins: true
allowsDeletions: false
allowsForcePushes: false
requiredLinearHistory: true
dismissStaleReviews: true
requiredApprovingReviewCount: 1
requireLastPushApproval: true
restrictDismissals: true
pushRestrictions:
- sigstore-bot
- name: ruby-sigstore
owner: sigstore
description: Rubygems sigstore signing plugin
Expand Down