Implement protected branches/tags
Looking through https://gitlab.freedesktop.org/help/user/permissions and https://gitlab.freedesktop.org/help/user/project/protected_branches there are various advantages to protected branches:
- Nobody can force-push to those branches
- Fine-grained control over what roles can push and/or merge to which branches, e.g. Developers+ to master, Maintainers+ to stable, no-one to old stables
Note: if a wildcard matches multiple branches, it seems like the union of permissions is taken.
- master is protected to Developers+Maintainers
- latest stable/stable-1 is protected to Maintainers
- All other branches are protected and disallow anybody from pushing.
- All tags are protected to Maintainers