Pushing to a protected branch should require additional flags
Description
There are many reasons why we protect a branch:
- prevent accidental commits
- prevent forced push
- prevent deletion
Current role based system can be used to restrict people who can do potentially destructive actions to protected branches (Master, Owner). While this mitigates the problem, they can still make mistakes and commit accidental data to branches not intended to receive, or you may need to promote someone to have more managerial permission, but want to prevent accidental mistakes from them.
Proposal
To me looks like pushing to a protected branch should not be allowed by default, no matter the permission level. It should require specific intention, like when you use --force
flag.
In more recent git, there are "Push Options": git push <remote> <branch> -o "anything you want here"
So I think we should require users who can push to protected branches to show the intention before accepting the push using Push options:
user@localhost$ git push origin master
# Denied with a custom message when user is "Master" or "Owner"
Branch 'master' is protected. To be able to push you need to use '-o allow-protected-branches'
user@localhost$ git push origin master -o allow-protected-branches
# Allowed if user is "Master" or "Owner"