[ci] Branch protection: resync linear-history + drop required-signatures#38
Merged
Conversation
…_signatures GitHub Settings → Branches → `main` was flipped in two ways: linear-history re-enabled (after being disabled in PR #28's resolution window), and signed commits dropped. Both source-of-truth files updated to match the live state: - `.github/branch-protection.yml:15`: `require_linear_history: true`, with a comment that names the known cost (squash-merge blocks for branches that absorbed merge commits) and the documented escape hatch (squash-collapse + force-push as a per-PR exception to MEMORY.md `feedback_no_history_rewrites`). - `.github/branch-protection.yml:38`: `require_signed_commits: false`, with a comment that names the actual provenance chain on `main` today (PR-required gate + DCO `Signed-off-by:` trailer + GitHub web-flow auto-signing of every squash-merge commit) and the re-enable trigger (external contributors joining, or an explicit audit binding). - `scripts/apply-branch-protection.sh:44,48`: JSON payload flipped to match, so the next idempotent re-apply preserves the live state rather than reverting. No behavior change on `main` — this commit aligns the documentation to the policy choice already in effect via the GitHub UI. Signed-off-by: Tri Lam <trilamsr@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
GitHub Settings → Branches → `main` was flipped in two ways during PR #28's merge window: `required_linear_history` re-enabled, `required_signatures` disabled. Both in-repo source-of-truth files (the YAML checklist + the apply-script JSON payload) absorbed the opposite values via PR #28's squash, so the docs no longer match live state. Next idempotent run of `scripts/apply-branch-protection.sh` would revert the live policy.
Impact
Re-aligns documented intent with live policy. No `main` behavior change — this is documentation catching up.
Solution
Test plan