Skip to content

[INFRA] Set up default rulesets for default and release branches#508

Open
asf-gitbox-commits wants to merge 2 commits into
masterfrom
infrastructure-ruleset-bot/default-branch-protection
Open

[INFRA] Set up default rulesets for default and release branches#508
asf-gitbox-commits wants to merge 2 commits into
masterfrom
infrastructure-ruleset-bot/default-branch-protection

Conversation

@asf-gitbox-commits
Copy link
Copy Markdown

@asf-gitbox-commits asf-gitbox-commits commented May 15, 2026

This Pull Request enables the repository to conform with the "sane default security settings" of the Apache Software Foundation by configuring a default branch ruleset that protects the default branch and any release branches.

Note that ~DEFAULT_BRANCH is a GitHub symbolic link to the current default branch (HEAD) of the repository and does not need changing.
If the managing project does not wish to set up these defaults, please close this Pull Request. Alternatively, the project may merge this Pull Request to apply the changes immediately.

If no action is taken, this Pull Request will be automatically merged by the Apache Infrastructure team on 2026-06-14 (30 days from now).

For any further information, please reach us on Slack or at: users@infra.apache.org

asf-gitbox-commits and others added 2 commits May 15, 2026 16:08
@asf-gitbox-commits
Set up default protection ruleset for default and release branches
65028f1
@jamesfredley
[INFRA] Use Grails *.x version branch pattern for branch protection
352873f 
Replace the generic release/* and rel/* include patterns (which match no
branches in Grails repositories) with *.x, the naming convention Grails uses
for maintenance/version branches (e.g. 7.0.x, 8.0.x).

Assisted-by: claude-code:claude-4.8-opus
@jamesfredley
Copy link
Copy Markdown
Contributor

jamesfredley commented May 29, 2026

Reviewed on behalf of the Grails PMC and pushed an update to this ruleset.

What changed (latest commit on this PR): replaced the generic release/* and rel/* include patterns with *.x, the naming convention Grails uses for maintenance/version branches (e.g. 7.0.x, 8.0.x). The original patterns matched no branches in this repository, so version branches would have been left unprotected.

Resulting protected branches:

  • ~DEFAULT_BRANCH (master)
  • *.x — all Grails maintenance/version branches

Settings (unchanged from the infra template):

  • restrict_deletion: true
  • restrict_force_push: true
  • bypass_teams: [root]

Note: the *.x glob does not cross /, so automation branches such as renovate/gradle-8.x and dependabot/... are intentionally not matched (they are routinely force-pushed).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asf-gitbox-commits @jamesfredley