Conversation
github-actions
bot
added
documentation
Jonas-Kirchhoff
left a comment
Jonas-Kirchhoff
left a comment
There was a problem hiding this comment.
I have a few minor comments.
TSF/README.md
Outdated
|
|
||
| In order to fork this repository or set up any repository where the TSF documentation in this repository is to be included, the following settings have to be configured on GitHub. | ||
|
|
||
| - In `Settings` > `Features`: |
TSF/README.md
Outdated
| - Enable `Require a pull request before merging` | ||
| - Enable `Require approvals` | ||
| - Enable `Require review from Code Owners` | ||
| - Enable `Require status checks to pass before merging` | ||
| - Enable `Require branches to be up to date before merging` | ||
| - Enable `Require linear history` | ||
| - Enable `Do not allow bypassing the above settings` |
There was a problem hiding this comment.
Maybe also possible (just suggestion): Make sure that only the following settings are enabled: - ...
TSF/README.md
Outdated
| - Enable `Require branches to be up to date before merging` | ||
| - Enable `Require linear history` | ||
| - Enable `Do not allow bypassing the above settings` | ||
| - Click `Create` |
There was a problem hiding this comment.
It is possible to write something into the Branch name pattern and then hit enter, which creates the branch protection rule.
TSF/README.md
Outdated
| - Enable `Do not allow bypassing the above settings` | ||
| - Click `Create` | ||
|
|
||
| - In `Settings` > `Actions` > `General` > `Workflow Permissions`: |
There was a problem hiding this comment.
Settings > Code and Automation > General > Workflow Permissions
TSF/README.md
Outdated
| - Enable `Read repository contents and packages permissions` | ||
| - Disable `Allow GitHub Actions to create and approve pull requests` | ||
| - Click `Save` |
There was a problem hiding this comment.
To leave no room for confusion: Make sure that only the following settings are enabled: Allow all actions and reusable workflows, Require approval for first-time contributors, Read repository contents and packages permissions .
Do we want to give a recommendation for the artifact retention period?
There was a problem hiding this comment.
For the artifact retention period, is there any reason one should not use the maximum of 90 days?
TSF/README.md
Outdated
| - Disable `Allow GitHub Actions to create and approve pull requests` | ||
| - Click `Save` | ||
|
|
||
| - In `Settings` > `Pages`: |
There was a problem hiding this comment.
Settings > Code and Automation > Pages
TSF/README.md
Outdated
| - Enable `Dependency graph` | ||
| - Enable `Dependabot alerts` |
There was a problem hiding this comment.
Make sure that the following settings are enabled, only: Dependency graph, Dependabot alerts, Secret Protection, Push protection. What about CodeQL?
There was a problem hiding this comment.
The pipeline automatically enables CodeQL after merging to main. If one tries to enable it manually the pipeline it will prompt you to use GH default CodeQL configuration or set up a custom one. Neither one is what we want.
TSF/README.md
Outdated
| - In `Settings` > `Features`: | ||
| - Enable `Issues` | ||
|
|
||
| - In `Settings` > `Branches` > `Add classic branch protection rule`: |
There was a problem hiding this comment.
Settings > Code and Automation > Branches
Erikhu1
force-pushed
the
add_forking_docs
branch
from
8c210cc to
fb5481a
Compare
* add documentation on how to fork * change branch name pattern * fix fnmatch pattern * change master to main * correct forking docs * implement feedback
3 participants
Add documentation on all settings that need configuring when creating a fork of the repo.