This is a new simple command that automates setting, for all repository for which there is admin access, the
master branch as protected, which means "git forced pushes" will be disabled. This prevents someone mistakenly rewriting the git history.
As more people get write access to more repositories, it becomes more important to follow best practises for git repository security. One can run this tool regularly to ensure all our one's repos are protected.
Not directly related to this PR but shouldn't we maybe move scripts like that to an "internal" plugin that would be linked as a submodule but would not available on marketplace?
I don't see any sense in having them in this repo.
I was just about to comment the same. This should be definitely not in Piwik repo. Maybe you can add this to plugin lifecycle etc? Run the command once to change them all and make sure new repos will have a protected branch automatically.
It would be useful to extend this command to also force the users who are allowed to push to given branches (ie. lead developers / product owners only would be allowed to merge a given PR). https://github.com/blog/2137-protected-branches-improvements