Allow anonymous push to branch #778

Open
opened 4 weeks ago by illiliti · 3 comments

I wish there would be a way for random people to contribute to my projects without needing to have account on codeberg and more importantly, without my assistance(i.e. no patch/PR workflow). Basically I would like to give everyone unrestricted anonymous push access to branch.

As such access may lead to disruptive actions, no branch/tag creation and deletion shall be possible, as well as force pushes as those can be used to rewrite or nuke commit history. Perhaps some kind of rate-limiting would be handy too, if codeberg doesn't have it already.

The idea is similar to mob1 branch, except that I propose to make branch configurable(i.e. not limited to mob name).


  1. https://repo.or.cz/h/mob.html (FYI that's how Tiny C Compiler is being developed, so it's viable) ↩︎

I wish there would be a way for random people to contribute to my projects without needing to have account on codeberg and more importantly, without my assistance(i.e. no patch/PR workflow). Basically I would like to give everyone unrestricted anonymous push access to branch. As such access may lead to disruptive actions, no branch/tag creation and deletion shall be possible, as well as force pushes as those can be used to rewrite or nuke commit history. Perhaps some kind of rate-limiting would be handy too, if codeberg doesn't have it already. The idea is similar to `mob`[^1] branch, except that I propose to make branch configurable(i.e. not limited to `mob` name). [^1]: https://repo.or.cz/h/mob.html (FYI that's how Tiny C Compiler is being developed, so it's viable)
Owner

I think the use case for this is rather low, so investing a lot of effort into implementing this is not a good idea IMHO.

However, do take part in this experiment, it should be pretty doable to create a workaround:

Gitea already allows branch protection, so it could work like that

  • a mob user is created and access to it shared (maybe only ssh key / deploy key)
  • all branches are protected but the mob branch (restricted to internal collaborators)

Generic features that could improve this workaround and might be worth a consideration:

  • allow branch protection / general settings to disable force-push (found no way yet)
  • allow restricting deploy keys to only one branch and disallow force-push
I think the use case for this is rather low, so investing a lot of effort into implementing this is not a good idea IMHO. However, do take part in this experiment, it should be pretty doable to create a workaround: Gitea already allows branch protection, so it could work like that - a mob user is created and access to it shared (maybe only ssh key / deploy key) - all branches are protected but the mob branch (restricted to internal collaborators) Generic features that could improve this workaround and might be worth a consideration: - allow branch protection / general settings to disable `force-push` (found no way yet) - allow restricting deploy keys to only one branch and disallow force-push
fnetX added the
enhancement
contribution welcome
s/Gitea
labels 4 weeks ago
Poster

a mob user is created and access to it shared (maybe only ssh key / deploy key)

If I understand correctly, that implies that user would have to get that shared ssh key in order to push. If so, that's no-go. User should be able to push using its own ssh key. Actually I think that's all I need - option to allow anonymous push since everything else is already provided by branch/tag protection, it seems.

all branches are protected but the mob branch (restricted to internal collaborators)

Would that prevent creating new branches?

allow branch protection / general settings to disable force-push (found no way yet)

I see that docs say that branch protection already disables force-push.

allow restricting deploy keys to only one branch and disallow force-push

for specific key? User should be able to push using its own anonymous key. See above.

> a mob user is created and access to it shared (maybe only ssh key / deploy key) If I understand correctly, that implies that user would have to get that shared ssh key in order to push. If so, that's no-go. User should be able to push using its own ssh key. Actually I think that's all I need - option to allow anonymous push since everything else is already provided by branch/tag protection, it seems. > all branches are protected but the mob branch (restricted to internal collaborators) Would that prevent creating new branches? > allow branch protection / general settings to disable force-push (found no way yet) I see that docs say that branch protection already disables force-push. > allow restricting deploy keys to only one branch and disallow force-push for specific key? User should be able to push using its own anonymous key. See above.
Owner

If you can't live with a workaround, we can put this on the wishlist, but to me it's a rather low-priority and exotic request, so I won't make any promise on when someone will get to implementing this.

If more real world examples show via repo.or.cz that this works great, we can reconsider. I think it's great to have such an experiment, but I'd rather run different experiments over here instead of copying this. If this generally works out and attracts a wider audience, we can consider implementing this, too.

If you can't live with a workaround, we can put this on the wishlist, but to me it's a rather low-priority and exotic request, so I won't make any promise on when someone will get to implementing this. If more real world examples show via repo.or.cz that this works great, we can reconsider. I think it's great to have such an experiment, but I'd rather run different experiments over here instead of copying this. If this generally works out and attracts a wider audience, we can consider implementing this, too.
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Codeberg/Community#778
Loading…
There is no content yet.