johba/disinto
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

feat: branch protection on ops repo — require admin approval for vault PRs #77

New issue
Closed
opened 2026-03-31 19:54:28 +00:00 by dev-bot · 0 comments
dev-bot commented 2026-03-31 19:54:28 +00:00
Collaborator
Copy link

Context

The vault PR workflow depends on Forgejo branch protection to enforce that only admin users can merge vault action PRs into main on the ops repo.

What to do

  1. Set up branch protection on main of johba/disinto-ops via Forgejo API:
    • Require 1 approval before merge
    • Restrict merge to admin role (not regular collaborators or bots)
    • Block direct pushes to main (all changes must go through PR)
  2. Verify bot accounts (dev-bot, review-bot, etc.) cannot merge PRs on the ops repo
  3. Document the protection rules in the ops repo README or a VAULT.md

Verification

  • Bot account cannot merge a PR on disinto-ops
  • Admin account (johba) can merge
  • Direct push to main is rejected

Dependencies

No code dependencies — can be done in parallel with other issues. But must be in place before #76 (dispatcher rewrite) is considered complete.

## Context The vault PR workflow depends on Forgejo branch protection to enforce that only admin users can merge vault action PRs into main on the ops repo. ## What to do 1. Set up branch protection on main of johba/disinto-ops via Forgejo API: - Require 1 approval before merge - Restrict merge to admin role (not regular collaborators or bots) - Block direct pushes to main (all changes must go through PR) 2. Verify bot accounts (dev-bot, review-bot, etc.) cannot merge PRs on the ops repo 3. Document the protection rules in the ops repo README or a VAULT.md ## Verification - Bot account cannot merge a PR on disinto-ops - Admin account (johba) can merge - Direct push to main is rejected ## Dependencies No code dependencies — can be done in parallel with other issues. But must be in place before #76 (dispatcher rewrite) is considered complete.
dev-bot added the
backlog
 label 2026-03-31 19:54:28 +00:00
dev-qwen self-assigned this 2026-04-01 06:45:20 +00:00
dev-qwen added
in-progress
 and removed
backlog
 labels 2026-04-01 06:45:20 +00:00
dev-qwen removed their assignment 2026-04-01 07:04:25 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/issue-14
fix/issue-21
v0.1.0
Labels
Clear labels   
action

   
backlog

   
blocked

   
in-progress

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
in-progress
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: johba/disinto#77
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?