commit 841d9367bda7b43ad2a22b679c9d16863c8ef5a4
author Harald Welte <laforge@osmocom.org> Mon Apr 24 12:20:54 2023 +1200
committer Harald Welte <laforge@osmocom.org> Mon Apr 24 12:24:52 2023 +1200
tree 4c6f6ea0503caa71c710ed4ef60d6831a5e29369
parent a17a5a6dbf3b047e9d18d3a0f64a1ba4310d88fc

move order of refs/heads/ access from specific to non-specific

It was discovered that direct push to master for "Reviewers" is still
possible, despite a "refs/heads/master" rule restricting this to "Master
pushers".  It is assumed that the existing order (wildcard before
specific) is reflected by the evaluation order, so refs/heads/* matches
first, and the refs/heads/master is never hit.

Change-Id: I516c856552aa1ea2fbc3b36094b6d06b995c8af1

project.config

diff --git a/project.config b/project.config
index dc5ff31..482f452 100644
--- a/project.config
+++ b/project.config
@@ -18,6 +18,13 @@
 [access "refs/for/refs/*"]
 	push = group Registered Users
 	pushMerge = group Registered Users
+[access "refs/heads/sysmocom/*"]
+	create = group sysmocom branch access
+	forgeAuthor = group sysmocom branch access
+	push = +force group sysmocom branch access
+	exclusiveGroupPermissions = create forgeAuthor push
+[access "refs/heads/master"]
+	push = group Master pushers
 [access "refs/heads/*"]
 	create = group Administrators
 	create = group Project Owners
@@ -103,13 +110,6 @@
 	create = group Project Owners
 	forgeAuthor = group Administrators
 	forgeAuthor = group Project Owners
-[access "refs/heads/sysmocom/*"]
-	create = group sysmocom branch access
-	forgeAuthor = group sysmocom branch access
-	push = +force group sysmocom branch access
-	exclusiveGroupPermissions = create forgeAuthor push
-[access "refs/heads/master"]
-	push = group Master pushers
 [access "refs/for/*"]
 	addPatchSet = group Registered Users
 [capability]