[INFRA] Set up default rulesets for default and release branches#19466
[INFRA] Set up default rulesets for default and release branches#19466asf-gitbox-commits wants to merge 1 commit into
Conversation
FrankChen021
left a comment
FrankChen021
left a comment
There was a problem hiding this comment.
| Severity | Findings |
|---|---|
| P0 | 0 |
| P1 | 1 |
| P2 | 0 |
| P3 | 0 |
| Total | 1 |
| Severity | Findings |
|---|---|
| P0 | 0 |
| P1 | 1 |
| P2 | 0 |
| P3 | 0 |
| Total | 1 |
Reviewed 1 of 1 changed files.
This is an automated review by Codex GPT-5.5
| branches: | ||
| includes: | ||
| - "~DEFAULT_BRANCH" | ||
| - "release/*" |
There was a problem hiding this comment.
[P1] Release branch ruleset misses Druid release branches
The ruleset only includes ~DEFAULT_BRANCH, release/*, and rel/*, but Druid's release process names release branches as bare versions such as 0.17.0 and 24.0.0, and the repository already has version-named release refs. As written, the new deletion and force-push protections will not apply to those release branches, which defeats the PR's stated goal of protecting default and release branches. Please add a pattern that matches Druid's version-named release branches, or otherwise align the ruleset with the project's release branch naming.
2 participants
This Pull Request enables the repository to conform with the "sane default security settings" of the Apache Software Foundation by configuring a default branch ruleset that protects the default branch and any release branches.
Note that
~DEFAULT_BRANCHis a GitHub symbolic link to the current default branch (HEAD) of the repository and does not need changing.If the managing project does not wish to set up these defaults, please close this Pull Request. Alternatively, the project may merge this Pull Request to apply the changes immediately.
If no action is taken, this Pull Request will be automatically merged by the Apache Infrastructure team on 2026-06-14 (30 days from now).
For any further information, please reach us on Slack or at: users@infra.apache.org