Protected branch for main?

[dopplershift]

Do we want to make main a protected branch? This means that force-pushing to and deleting the branch is disallowed for everyone (unless we specifically allow it). We also have these options available to us:

• Require a number of reviews
• Require a review from a codeowner
• Require that one or more of the PR status checks pass (by default admins can override as needed)

The last one is one I'm interested in, not as a gate-keeping exercise, but it allows us to use "auto-merge". With that we can mark a PR to merge as soon as all of the required checks pass.

[brian-rose]

+1 for auto-merging, especially for bot-generated maintenance PRs.

I think we're probably ready to implement the "require a review from a codeowner" rule now that we have a sensible team-based codeowner system in place, so that it's very unlikely we'll be stuck waiting on any one individual who might be away/unavailable to review.

[dcamron]

EWG today on board with protecting main. Discussions can still be had here about specific PR status/review requirements, but the starting point seemed to be "what's in place in our other repos".