[INFRA] Set up default rulesets for default and release branches

[asf-gitbox-commits]

This Pull Request enables the repository to conform with the "sane default security settings" of the Apache Software Foundation by configuring a default branch ruleset that protects the default branch and any release branches.

Note that ~DEFAULT_BRANCH is a GitHub symbolic link to the current default branch (HEAD) of the repository and does not need changing.
If the managing project does not wish to set up these defaults, please close this Pull Request. Alternatively, the project may merge this Pull Request to apply the changes immediately.

If no action is taken, this Pull Request will be automatically merged by the Apache Infrastructure team on 2026-06-14 (30 days from now).

For any further information, please reach us on Slack or at: users@infra.apache.org

[oss-sentinel-ai]

Review: Approved ✅

PR: #409 — [INFRA] Set up default rulesets for default and release branches
Type: Infrastructure (1 file, +20/-8)

Assessment

Updates .asf.yaml to configure GitHub rulesets for branch protection on default and release branches. Standard Apache infrastructure configuration.

Verdict

✅ Infrastructure configuration update. No concerns.

---

🤖 Automated review by oss-sentinel-ai

[RockteMQ-AI]

Review by github-manager-bot

Summary

ASF Infrastructure PR to set up default branch protection rulesets for the default and release branches. Auto-merge scheduled for 2026-06-14.

Findings

• [Info] Standard ASF infrastructure change. Adds branch protection rules (restrict deletion, restrict force push) for ~DEFAULT_BRANCH, release/*, and rel/*. The bypass_teams: root allows ASF root team to bypass restrictions.

• [Info] No code changes — only .asf.yaml configuration. No risk to the codebase.

Verdict

LGTM. Standard ASF security hardening. No action needed from maintainers unless they wish to opt out.

---

Automated review by github-manager-bot