Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document branch protection to our repos #196

Closed
maxime-rainville opened this issue Feb 15, 2024 · 5 comments
Closed

Document branch protection to our repos #196

maxime-rainville opened this issue Feb 15, 2024 · 5 comments
Assignees
@maxime-rainville
Labels
affects/v4 affects/v5 complexity/medium impact/medium type/other

Comments

@maxime-rainville
Copy link
Contributor

maxime-rainville commented Feb 15, 2024
edited by GuySartorelli
Loading

As the Silverstripe CMS product owner, I want to restrain the ability of all individuals to direct push commits or tags to our supported module repos to minimise the risk of unreviewed code changes making it to our codebase.

Acceptance criteria

Documentation and process

  • Use cases requiring direct push/tag access are identified and documented.
  • Individuals performing these use cases are identified and documented.
  • To the extent that exceptions are required, a process is defined for documenting and approving these exceptions.
    • Staff members who do regular direct push (e.g. people doing debugging merges ups) may retain direct push access.
  • Access level of core committers and CMS Squad members are reviewed with a view to disallowing direct push access.
  • Branch protection process and rules are documented and apply only to branches following semantic visioning.
  • The technical process for setting up branch protection is documented.
  • All the documents above are documented in the developer docs.
  • Relevant security policies in our internal Confluence are updated to point to the public doc (to discuss with CISO)

PRs

After merging, assign to Max to discuss updating confluence with CISO, and to decide what the specific process is for exceptions to the documented rules.
@maxime-rainville
Copy link
Contributor Author

maxime-rainville commented Feb 15, 2024
edited
Loading

I'm pretty sure we'll end up splitting this, but I'm not sure how and where.

@GuySartorelli
Copy link
Member

We can't remove direct push access without removing our ability to fix broken merge-ups.

@maxime-rainville
Copy link
Contributor Author

We moved all the implementation details to a separate card.

@maxime-rainville maxime-rainville changed the title Apply branch protection to our repos Document branch protection to our repos Feb 18, 2024
@maxime-rainville maxime-rainville mentioned this issue Feb 18, 2024
Closed
@GuySartorelli GuySartorelli self-assigned this Mar 26, 2024
@GuySartorelli GuySartorelli mentioned this issue Mar 26, 2024
Merged
7 tasks
@GuySartorelli GuySartorelli removed their assignment Mar 26, 2024
@GuySartorelli
Copy link
Member

GuySartorelli commented Mar 27, 2024
edited
Loading

@maxime-rainville to "discuss with CISO" about confluence pages, and to determine what the policy should be for making and documenting exceptions for the documented process.

@maxime-rainville
Copy link
Contributor Author

I've email CISO with an update. I think the follow up point can be handled with the follow other cards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maxime-rainville maxime-rainville

Labels
affects/v4 affects/v5 complexity/medium impact/medium type/other
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maxime-rainville @emteknetnz @GuySartorelli