chore: add standardized branch protection baseline and rollout guide#130
Open
Aaravanand00 wants to merge 1 commit intohyperledger-identus:mainfrom
Open
chore: add standardized branch protection baseline and rollout guide#130Aaravanand00 wants to merge 1 commit intohyperledger-identus:mainfrom
Aaravanand00 wants to merge 1 commit intohyperledger-identus:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Introduces a baseline, reusable GitHub Ruleset template and accompanying documentation to standardize branch protection across the Hyperledger Identus repository ecosystem, with guidance for phased rollout.
Changes:
- Added a branch protection / rulesets rollout guide (
docs/branch-protection.md). - Updated contributing guidelines to reference the standardized branch protection baseline.
- Added an importable GitHub Ruleset template for main/master (
.github/rulesets/main-branch-protection.json).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
docs/branch-protection.md |
Documents the baseline rules and a phased rollout process for applying rulesets. |
CONTRIBUTING.md |
Links contributor workflow expectations to the standardized branch protection rules. |
.github/rulesets/main-branch-protection.json |
Provides an importable baseline GitHub Ruleset for main/master protection. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| To maintain SDLC stability, all pull requests must adhere to the standardized [Branch Protection Rules](docs/branch-protection.md). Key requirements include: | ||
| - Mandatory peer review (1-2 approvals). | ||
| - Passing all required status checks (CI, Lint, Unit Tests). | ||
| - Linear history (rebase or squash merge preferred). |
| "target": "branch", | ||
| "source_type": "Repository", | ||
| "source": "hyperledger-identus/template", | ||
| "enforcement": "active", |
Comment on lines
+38
to
+57
| }, | ||
| { | ||
| "type": "required_status_checks", | ||
| "parameters": { | ||
| "strict_required_status_checks_policy": true, | ||
| "required_status_checks": [ | ||
| { | ||
| "context": "CI build", | ||
| "integration_id": 15368 | ||
| }, | ||
| { | ||
| "context": "Lint / formatting", | ||
| "integration_id": 15368 | ||
| }, | ||
| { | ||
| "context": "Unit tests", | ||
| "integration_id": 15368 | ||
| } | ||
| ] | ||
| } |
Comment on lines
+24
to
+29
| "type": "required_signatures", | ||
| "parameters": { | ||
| "enabled": false | ||
| } | ||
| }, | ||
| { |
Comment on lines
214
to
219
|
|
||
| 1. **Review Frequency** | ||
| - Address review comments promptly | ||
| - Keep PRs focused and reasonably sized | ||
| - Respond to feedback constructively | ||
|
|
| ### Branch Security | ||
|
|
||
| To maintain SDLC stability, all pull requests must adhere to the standardized [Branch Protection Rules](docs/branch-protection.md). Key requirements include: | ||
| - Mandatory peer review (1-2 approvals). |
Aaravanand00
force-pushed
the
chore/branch-security-hardening
branch
from
2a2085c to
075f023
Compare
Signed-off-by: Aaravanand00 <aaravanand5749@gmail.com>
Aaravanand00
force-pushed
the
chore/branch-security-hardening
branch
from
075f023 to
2632c0e
Compare
|
There was a problem hiding this comment.
Pull request overview
Adds a reusable baseline for GitHub branch protection (Rulesets) across Hyperledger Identus repos, plus guidance for gradual rollout and adoption.
Changes:
- Added a branch protection / rulesets guide with rollout and exception-handling guidance.
- Updated
CONTRIBUTING.mdto reference the standardized branch protection baseline. - Added a GitHub Ruleset JSON template for protecting
main/master.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
docs/branch-protection.md |
New documentation describing the baseline rules, rollout strategy, and import/apply steps. |
CONTRIBUTING.md |
Adds a “Branch Security” section pointing contributors to the branch protection standard. |
.github/rulesets/main-branch-protection.json |
Introduces the reusable GitHub Ruleset template (evaluate mode) for main/master protection. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| ### Pull Request Requirements | ||
| - **Require a pull request before merging**: No direct pushes allowed. | ||
| - **Required Approvals**: **Strict minimum of 2 approvals** from designated maintainers or code owners. |
| ### Status Checks | ||
| The following logic applies to status checks: | ||
| - **Strict Requirement**: Branches **must** be up to date with the default branch before merging. | ||
| - **Context Naming**: Use repository-specific CI check names (e.g., `CI / build`, `Lint`, `Test`). |
| - Keep PRs focused and reasonably sized | ||
| - Respond to feedback constructively | ||
|
|
||
| ### Branch Security |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces a consistent baseline for branch protection across Identus repositories, along with a practical rollout approach.
While going through the issue, I noticed that branch protection rules vary across repositories, which can make the development workflow inconsistent and sometimes risky. The aim here is to define a simple, reusable standard that can be applied gradually without disrupting existing CI setups.
What’s included
A reusable GitHub Ruleset template for main branches covering:
A
branch-protection.mdguide that explains:Rollout approach
Instead of enforcing everything at once, the idea is to:
Notes
Expected outcome