every-channel/every.channel

every.channel 7d84510eac

Advance forge rollout, Ethereum rails, and NBC sources

2026-04-01 15:58:49 -07:00

1.1 KiB

Raw Blame History

Branch Protection (Forgejo Primary)

main should be protected to satisfy constitutional governance (all changes merge through pull requests) and to require CI before merge.

Required settings

Protected branch: main
Direct pushes disabled
Required approvals: 1 (or stricter)
Required status checks:
- ci-gates / checks
Require signed commits: enabled

Apply via script

./scripts/fj-enforce-branch-protection.sh

Optional overrides:

EVERY_CHANNEL_FORGE_HOST=https://git.every.channel \
EVERY_CHANNEL_FORGE_REPO=every-channel/every.channel \
EVERY_CHANNEL_PROTECTED_BRANCH=main \
EVERY_CHANNEL_REQUIRED_CHECKS="ci-gates / checks" \
EVERY_CHANNEL_REQUIRED_APPROVALS=1 \
./scripts/fj-enforce-branch-protection.sh

Token source order:

EVERY_CHANNEL_FORGE_TOKEN / FORGE_TOKEN / CODEBERG_TOKEN env var
secrets/forgejo-api-token.age (preferred) via agenix or age
secrets/forge-token.age or secrets/codeberg-token.age (compat) via agenix or age

The token must have repository admin scope to edit branch protection.