external-software/github_gohugo-theme-ananke.git

parent: 2af5f28a | patch | commit | ignore whitespace

chore: set up branch protection rules and workflows

Patrick Kollitsch

24.03.2026 ac08d74b8fabe41dffaac4c9d9a83da3c0ebe2e8

chore: set up branch protection rules and workflows

1 files modified

3 files added

	.github/rulesets/protect-development.json	41 ●●●●● patch \| view \| raw \| blame \| history
	.github/rulesets/protect-main.json	38 ●●●●● patch \| view \| raw \| blame \| history
	.github/workflows/branch-protection-main.yml	25 ●●●●● patch \| view \| raw \| blame \| history
	RELEASES.md	31 ●●●●● patch \| view \| raw \| blame \| history

 .github/rulesets/protect-development.json

New file
@@ -0,0 +1,41 @@
{
    "id": 15502619,
    "name": "protect-development",
    "target": "branch",
    "source_type": "Repository",
    "source": "gohugo-ananke/ananke",
    "enforcement": "active",
    "conditions": {
        "ref_name": {
            "exclude": [],
            "include": ["refs/heads/development"]
        }
    },
    "rules": [
        {
            "type": "deletion"
        },
        {
            "type": "non_fast_forward"
        },
        {
            "type": "pull_request",
            "parameters": {
                "required_approving_review_count": 0,
                "dismiss_stale_reviews_on_push": true,
                "required_reviewers": [],
                "require_code_owner_review": false,
                "require_last_push_approval": false,
                "required_review_thread_resolution": true,
                "allowed_merge_methods": ["squash"]
            }
        }
    ],
    "bypass_actors": [
        {
            "actor_id": 17174680,
            "actor_type": "Team",
            "bypass_mode": "always"
        }
    ]
}

 .github/rulesets/protect-main.json

New file
@@ -0,0 +1,38 @@
{
    "id": 15502478,
    "name": "protect-main",
    "target": "branch",
    "source_type": "Repository",
    "source": "gohugo-ananke/ananke",
    "enforcement": "active",
    "conditions": {
        "ref_name": {
            "exclude": [],
            "include": ["refs/heads/main"]
        }
    },
    "rules": [
        {
            "type": "deletion"
        },
        {
            "type": "non_fast_forward"
        },
        {
            "type": "pull_request",
            "parameters": {
                "required_approving_review_count": 0,
                "dismiss_stale_reviews_on_push": false,
                "required_reviewers": [],
                "require_code_owner_review": false,
                "require_last_push_approval": false,
                "required_review_thread_resolution": false,
                "allowed_merge_methods": ["merge", "squash", "rebase"]
            }
        },
        {
            "type": "required_linear_history"
        }
    ],
    "bypass_actors": []
}

 .github/workflows/branch-protection-main.yml

New file
@@ -0,0 +1,25 @@
name: Validate main branch source

on:
  pull_request:
    branches:
      - main

permissions:
  contents: read
  pull-requests: read

jobs:
  validate-source-branch:
    name: Require development as source branch
    runs-on: ubuntu-latest

    steps:
      - name: Validate source branch
        env:
          HEAD_REF: ${{ github.head_ref }}
        run: |
          if [ "${HEAD_REF}" != "development" ]; then
            echo "::error::Pull requests into main must come from development. Current source branch: ${HEAD_REF}"
            exit 1
          fi

 RELEASES.md

@@ -25,13 +25,40 @@

## Branching Model

### main
```mermaid
flowchart LR
    %% Columns
    subgraph C1["Release"]
        MAIN["main"]
    end

    subgraph C2["Staging"]
        DEV["development"]
    end

    subgraph C3["Features, Fixes, Chores"]
        F1["fix/issue123"]
        F2["feat/foobar"]
        F3["chore/dependencies"]
        FMORE["..."]
    end

    %% Flow
    DEV -->|rebase| MAIN

    F1 -->|squash| DEV
    F2 -->|squash| DEV
    F3 -->|squash| DEV
    FMORE --> DEV
```

### `main`

* Contains only stable, released code
* Updated **only via rebase from `development`**
* Tagged for official releases

### development
### `development`

* Acts as staging environment
* Receives all feature and fix changes

New file
			@@ -0,0 +1,41 @@
			{
			"id": 15502619,
			"name": "protect-development",
			"target": "branch",
			"source_type": "Repository",
			"source": "gohugo-ananke/ananke",
			"enforcement": "active",
			"conditions": {
			"ref_name": {
			"exclude": [],
			"include": ["refs/heads/development"]
			}
			},
			"rules": [
			{
			"type": "deletion"
			},
			{
			"type": "non_fast_forward"
			},
			{
			"type": "pull_request",
			"parameters": {
			"required_approving_review_count": 0,
			"dismiss_stale_reviews_on_push": true,
			"required_reviewers": [],
			"require_code_owner_review": false,
			"require_last_push_approval": false,
			"required_review_thread_resolution": true,
			"allowed_merge_methods": ["squash"]
			}
			}
			],
			"bypass_actors": [
			{
			"actor_id": 17174680,
			"actor_type": "Team",
			"bypass_mode": "always"
			}
			]
			}

New file
			@@ -0,0 +1,38 @@
			{
			"id": 15502478,
			"name": "protect-main",
			"target": "branch",
			"source_type": "Repository",
			"source": "gohugo-ananke/ananke",
			"enforcement": "active",
			"conditions": {
			"ref_name": {
			"exclude": [],
			"include": ["refs/heads/main"]
			}
			},
			"rules": [
			{
			"type": "deletion"
			},
			{
			"type": "non_fast_forward"
			},
			{
			"type": "pull_request",
			"parameters": {
			"required_approving_review_count": 0,
			"dismiss_stale_reviews_on_push": false,
			"required_reviewers": [],
			"require_code_owner_review": false,
			"require_last_push_approval": false,
			"required_review_thread_resolution": false,
			"allowed_merge_methods": ["merge", "squash", "rebase"]
			}
			},
			{
			"type": "required_linear_history"
			}
			],
			"bypass_actors": []
			}

New file
			@@ -0,0 +1,25 @@
			name: Validate main branch source

			on:
			pull_request:
			branches:
			- main

			permissions:
			contents: read
			pull-requests: read

			jobs:
			validate-source-branch:
			name: Require development as source branch
			runs-on: ubuntu-latest

			steps:
			- name: Validate source branch
			env:
			HEAD_REF: ${{ github.head_ref }}
			run: \|
			if [ "${HEAD_REF}" != "development" ]; then
			echo "::error::Pull requests into main must come from development. Current source branch: ${HEAD_REF}"
			exit 1
			fi

			@@ -25,13 +25,40 @@

			## Branching Model

			### main
			```mermaid
			flowchart LR
			%% Columns
			subgraph C1["Release"]
			MAIN["main"]
			end

			subgraph C2["Staging"]
			DEV["development"]
			end

			subgraph C3["Features, Fixes, Chores"]
			F1["fix/issue123"]
			F2["feat/foobar"]
			F3["chore/dependencies"]
			FMORE["..."]
			end

			%% Flow
			DEV -->\|rebase\| MAIN

			F1 -->\|squash\| DEV
			F2 -->\|squash\| DEV
			F3 -->\|squash\| DEV
			FMORE --> DEV
			```

			### `main`

			* Contains only stable, released code
			* Updated only via rebase from `development`
			* Tagged for official releases

			### development
			### `development`

			* Acts as staging environment
			* Receives all feature and fix changes