Protect branch push from administrators


We just had a pretty dangerous situation happen: nixos-20.09 got force push? · Issue #109384 · NixOS/nixpkgs · GitHub

Only a specific user is allowed to push to update branch nixos-* that represents a trusted source for distribution of our sources.

The problem is that due to settings allowing all administrators/maintainers to push to that branch (without a way to remove that), someone made a PR against that branch and it was merged by accident, completely screwing up our workflow.


1 Like