docs(workflow): clarify protections
- Protect main and release/* only; integration unprotected and auto-merged on green - Update TODO to reflect new branch protection policy
This commit is contained in:
4
TODO.md
4
TODO.md
@@ -21,8 +21,8 @@ TODO
|
|||||||
- [ ] Optional: add CODEOWNERS
|
- [ ] Optional: add CODEOWNERS
|
||||||
|
|
||||||
- Protections & settings (in Gitea UI)
|
- Protections & settings (in Gitea UI)
|
||||||
- [ ] Protect main and integration with required checks
|
- [ ] Protect main and release/* with required checks
|
||||||
- [ ] Enable auto-merge on green for feature→integration
|
- [ ] Leave integration unprotected; allow auto-merge on green
|
||||||
- [ ] Require 1 approval for integration→main
|
- [ ] Require 1 approval for integration→main
|
||||||
- [ ] Revisit enabling CI and protections after runners are ready (target: 2025-09-24)
|
- [ ] Revisit enabling CI and protections after runners are ready (target: 2025-09-24)
|
||||||
|
|
||||||
|
|||||||
@@ -4,16 +4,16 @@ Scope
|
|||||||
- Applies to this repo. Users typically consume tagged releases; contributors work via branches/PRs. CI/CD config is Gitea‑native; no GitHub/GitLab.
|
- Applies to this repo. Users typically consume tagged releases; contributors work via branches/PRs. CI/CD config is Gitea‑native; no GitHub/GitLab.
|
||||||
|
|
||||||
Branches
|
Branches
|
||||||
- main: production; default branch.
|
- main: production; default branch. Protected.
|
||||||
- integration: development. Equivalent to develop.
|
- integration: development (unprotected; merges auto on green).
|
||||||
- Working branches: feature/<topic>, fix/<topic>, chore/<topic> from integration.
|
- Working branches: `feature/<topic>`, `fix/<topic>`, `chore/<topic>` from integration.
|
||||||
- Hotfix: hotfix/<date> from main; PR back to main, then forward-merge into integration.
|
- Hotfix: `hotfix/<date>` from main; PR back to main, then forward-merge into integration.
|
||||||
- Release branch: not long‑lived. Optionally maintain a lightweight release branch fast‑forwarded to the latest tag via CI.
|
- Release branch: ephemeral or lightweight `release/*`. Protect when present; optionally fast‑forward to latest tag via CI.
|
||||||
|
|
||||||
Merges & Approvals
|
Merges & Approvals
|
||||||
- Feature → integration: squash merge; bot auto‑merge on green (no human approval). Self‑merge allowed.
|
- Feature → integration: squash merge; auto‑merge on green (no human approval). Self‑merge allowed.
|
||||||
- integration → main: squash merge; require 1 approval; self‑merge not allowed.
|
- integration → main: squash merge; require 1 approval; self‑merge not allowed.
|
||||||
- Force pushes disabled on protected branches; PRs required.
|
- Force pushes disabled on protected branches (`main`, `release/*`); PRs required.
|
||||||
|
|
||||||
Commit Style
|
Commit Style
|
||||||
- Conventional Commits for PR titles and commit messages.
|
- Conventional Commits for PR titles and commit messages.
|
||||||
@@ -27,11 +27,10 @@ Release Flow
|
|||||||
3) Optional: CI fast‑forwards a release branch pointer to the new tag.
|
3) Optional: CI fast‑forwards a release branch pointer to the new tag.
|
||||||
|
|
||||||
Protected Checks (to enable when runners are ready)
|
Protected Checks (to enable when runners are ready)
|
||||||
- ci / lint, ci / build, ci / commitlint. Add ci / test and ci / security if/when introduced.
|
- On protected branches (`main`, `release/*`): ci / lint, ci / build, ci / commitlint. Add ci / test and ci / security if/when introduced.
|
||||||
|
|
||||||
CODEOWNERS
|
CODEOWNERS
|
||||||
- Keep minimal; require your review for integration → main.
|
- Keep minimal; require your review for integration → main.
|
||||||
|
|
||||||
Notes
|
Notes
|
||||||
- No secrets required for this repo. Future repos should integrate Vault for secrets.
|
- No secrets required for this repo. Future repos should integrate Vault for secrets.
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user