daniel/furtka
1
1
Fork 0
Code Issues 1 Pull requests Projects 1 Releases 13 Packages Wiki Activity Actions

ops(forgejo): whitelist owner in branch protection push rule
All checks were successful
Build ISO / build-iso (push) Successful in 17m6s
Details
CI / lint (push) Successful in 27s
Details
CI / test (push) Successful in 35s
Details
CI / validate-json (push) Successful in 22s
Details
CI / markdown-links (push) Successful in 14s
Details

Browse source 
Earlier config was enable_push=false + apply_to_admins=false, which I
expected to let the repo owner push directly. Empirically it blocked
owner pushes too — apply_to_admins governs approval-rule bypass, not
push-rule bypass. Switch to enable_push=true with enable_push_whitelist
and a single entry so the owner has explicit, auditable direct-push
access while casual commits still can't land without being whitelisted
or going through a PR.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Daniel Maksymilian Syrnicki 2026-04-16 13:02:25 +02:00
parent e6f52ada5c
commit 9bfbf209b6
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ops/forgejo/branch-protection.json
View file

@ -1,5 +1,7 @@
{
"enable_push": false,
"enable_push": true,
"enable_push_whitelist": true,
"push_whitelist_usernames": ["daniel"],
"enable_status_check": true,
"status_check_contexts": [
"CI / lint*",