Problem
The E2E test workflows (bootcrew-vm.yml and bootcrew-fast.yml) run on PRs but are NOT currently blocking merges. PRs can be merged to prod even if E2E tests fail.
Solution
Enable branch protection rules on the prod branch to require E2E test workflows to pass before merges.
How to Do It
Option 1: GitHub UI (Recommended)
-
Go to Settings → Branches
-
Click "Add rule"
-
Branch name pattern: prod
-
Enable:
- Require a pull request before merging
- Require status checks to pass before merging
- Require branches to be up to date before merging
- Require approvals (1)
- Enforce admins
-
Add required status checks:
- bootcrew-fast / debian-bootc
- bootcrew-fast / centos-bootc
- bootcrew-vm / debian-bootc
- bootcrew-vm / centos-bootc
-
Click Create
Option 2: GitHub CLI
Save as branch-protection.json:
{
"required_status_checks": {
"strict": true,
"contexts": [
"bootcrew-fast / debian-bootc",
"bootcrew-fast / centos-bootc",
"bootcrew-vm / debian-bootc",
"bootcrew-vm / centos-bootc"
]
},
"required_pull_request_reviews": {
"required_approving_review_count": 1,
"dismiss_stale_reviews": false
},
"enforce_admins": true,
"allow_force_pushes": false,
"allow_deletions": false
}Then run:
gh api repos/tuna-os/fisherman/branches/prod/protection --input branch-protection.json
Current Status
Benefits
✅ Prevents broken code from reaching production
✅ Ensures all systems boot correctly (debian-bootc composefs + centos-bootc ostree)
✅ Validates SSH access works for remote management
✅ Catches composefs partition retagging issues early
✅ Guarantees fisherman binary works end-to-end
Problem
The E2E test workflows (bootcrew-vm.yml and bootcrew-fast.yml) run on PRs but are NOT currently blocking merges. PRs can be merged to prod even if E2E tests fail.
Solution
Enable branch protection rules on the prod branch to require E2E test workflows to pass before merges.
How to Do It
Option 1: GitHub UI (Recommended)
Go to Settings → Branches
Click "Add rule"
Branch name pattern: prod
Enable:
Add required status checks:
Click Create
Option 2: GitHub CLI
Save as branch-protection.json:
{ "required_status_checks": { "strict": true, "contexts": [ "bootcrew-fast / debian-bootc", "bootcrew-fast / centos-bootc", "bootcrew-vm / debian-bootc", "bootcrew-vm / centos-bootc" ] }, "required_pull_request_reviews": { "required_approving_review_count": 1, "dismiss_stale_reviews": false }, "enforce_admins": true, "allow_force_pushes": false, "allow_deletions": false }Then run:
Current Status
Benefits
✅ Prevents broken code from reaching production
✅ Ensures all systems boot correctly (debian-bootc composefs + centos-bootc ostree)
✅ Validates SSH access works for remote management
✅ Catches composefs partition retagging issues early
✅ Guarantees fisherman binary works end-to-end