34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
|
# Branch Protection & Mandatory Review Policy
|
||
|
|
|
||
|
|
## Overview
|
||
|
|
|
||
|
|
This policy ensures that all changes to the `main` branch are reviewed and tested before being merged. It applies to all repositories in the organization.
|
||
|
|
|
||
|
|
## Enforced Rules
|
||
|
|
|
||
|
|
| Rule | Description |
|
||
|
|
|------|-------------|
|
||
|
|
| ✅ Require Pull Request | Direct pushes to `main` are blocked |
|
||
|
|
| ✅ Require 1 Approval | At least one reviewer must approve |
|
||
|
|
| ✅ Dismiss Stale Approvals | Approvals are dismissed on new commits |
|
||
|
|
| ✅ Require CI to Pass | Merges are blocked if CI fails |
|
||
|
|
| ✅ Block Force Push | Prevents rewriting of `main` history |
|
||
|
|
| ✅ Block Branch Deletion | Prevents accidental deletion of `main` |
|
||
|
|
|
||
|
|
## Default Reviewers
|
||
|
|
|
||
|
|
- `@perplexity` is the default reviewer for all repositories
|
||
|
|
- `@Timmy` is a required reviewer for `hermes-agent`
|
||
|
|
|
||
|
|
## Compliance
|
||
|
|
|
||
|
|
This policy is enforced via automation using the `bin/enforce_branch_protection.py` script, which applies these rules to all repositories.
|
||
|
|
|
||
|
|
## Exceptions
|
||
|
|
|
||
|
|
No exceptions are currently defined. All repositories must comply with this policy.
|
||
|
|
|
||
|
|
## Audit
|
||
|
|
|
||
|
|
This policy is audited quarterly to ensure compliance and effectiveness.
|