Enforce branch policies on this repository

Question

Enforce branch policies on this repository

Opened this issue 2 years ago · 0 comments

To improve the security of the ORAS project we need to enforce the branch policies for this repository. I propose that we enforce the policies as follows:

Use the following rules for main and release/* branches:
- Require PR before merging
  - Require 3 approvals
  - Dismiss stale PR approvals when new commits are pushed
  - Require review from Code Owners
  - Require status checks to pass before merging
  - Require conversation resolution before merging
  - Require signed commits
  - Do not allow bypass the above settings

Please add your comments and proposals for additional changes to this issue.