Bug 253354

Summary:	[git-webkit] Add pre-push hook to prevent publication of security sensitive commits
Product:	WebKit	Reporter:	Jonathan Bedard <jbedard>
Component:	Tools / Tests	Assignee:	Jonathan Bedard <jbedard>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	ddkilzer, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
See Also:	https://bugs.webkit.org/show_bug.cgi?id=261905

Jonathan Bedard

Reported 2023-03-03 16:06:27 PST

We should have a pre-push hook that makes it difficult for contributors to push content we know contains security sensative changes. We have 3 ways of knowing this: 1) The commit a user is trying to push already exists on a different remote with a higher secuirty level than the target remote 2) The commit a user is pushing is a cherry-pick of a commit that already exists on a different remote with a higher security level than the target remote 3) The commit being pushed references a security issue. In most circumstances, we should outright block the first case and prompt the user for cases 2 and 3. The 'git-webkit publish' workflow should prompt the user in the first case, but block cases 2 and 3.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-03-03 16:06:50 PST

<rdar://problem/106216593>

Jonathan Bedard

Comment 2 2023-03-03 16:38:24 PST

Pull request: https://github.com/WebKit/WebKit/pull/11043

EWS

Comment 3 2023-03-10 13:18:30 PST

Committed 261526@main (604395a516c1): <https://commits.webkit.org/261526@main> Reviewed commits have been landed. Closing PR #11043 and removing active labels.

EWS

Comment 4 2023-03-14 10:25:51 PDT

Committed 259548.415@safari-7615-branch (16c7018215b7): <https://commits.webkit.org/259548.415@safari-7615-branch> Reviewed commits have been landed. Closing PR #456 and removing active labels.

Jonathan Bedard

Comment 5 2023-03-17 08:07:47 PDT

Re-opening for pull request https://github.com/WebKit/WebKit/pull/11652

EWS

Comment 6 2023-03-17 08:46:34 PDT

Committed 261794@main (e52330471c00): <https://commits.webkit.org/261794@main> Reviewed commits have been landed. Closing PR #11652 and removing active labels.

EWS

Comment 7 2023-03-17 11:26:24 PDT

Committed 259548.445@safari-7615-branch (539dd07a827f): <https://commits.webkit.org/259548.445@safari-7615-branch> Reviewed commits have been landed. Closing PR #478 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.