Right? The part that surprised me was that most of them turn branch protection ON and then don’t require any check to pass. So the gate is there, it just doesn’t gate anything. Makes me wonder if private repos are the same or if the public ones just get less attention.
My old workplace had the same’ish. The developer team who owned the service had rights to disable branch protection. Disabling this would create alerts to the manager but allowed an on-call developer to make an emergency bug fix at 2am and get a postmortem review the next day.
Good distinction. If it’s useful, GitHub lets you require checks and still grant a bypass for specific people or teams, so the hard rule and the emergency escape hatch can coexist, and the scan reads that as passing. Could be you’ve already weighed that, in which case ignore me.
peternovakdev@programming.dev 5 days ago
Right? The part that surprised me was that most of them turn branch protection ON and then don’t require any check to pass. So the gate is there, it just doesn’t gate anything. Makes me wonder if private repos are the same or if the public ones just get less attention.
dwt@feddit.org 5 days ago
Not a start up, but we require code review, even though it is not enforced via rules, to allow emergency overrides.
Gets used maybe once every 300 pull requests though.
Convention over configuration is a thing - so maybe look into their actual merge behavior?
VonReposti@feddit.dk 5 days ago
My old workplace had the same’ish. The developer team who owned the service had rights to disable branch protection. Disabling this would create alerts to the manager but allowed an on-call developer to make an emergency bug fix at 2am and get a postmortem review the next day.
peternovakdev@programming.dev 5 days ago
Good distinction. If it’s useful, GitHub lets you require checks and still grant a bypass for specific people or teams, so the hard rule and the emergency escape hatch can coexist, and the scan reads that as passing. Could be you’ve already weighed that, in which case ignore me.