Is it possible to enable branch protection rules at the organisation level in Github so that all repositories that are part of that organisation inherit these rules for the applied branches. Right now it's really a hassle to enable those same set of rules on a per repo basis for same set of branches. Please help on how we can achieve this
Right now it's really a hassle to enable those same set of rules on a per repo basis for same set of branches.
There is no organization level default option to set a branch protection for all repositories in an org.
If this is something you don't want to repetitively do by hand, you can take a look at the GitHub API for Branch Protection. That way you can run a short script whenever you setup a new repo or have a job run periodically that sets and confirms the branch protection for all repos in the org at once.
Related
I'm trying to prevent developers from directly editing and committing to the master branch in ADF.
There is a risk that users can accidently make changes in ADF by not creating a feature branch but instead working directly on master (I've done it myself!)
Is there a way to enforce this in ADF? I do have a branch policy on master that only allows merging via a pull request but don't think this stops developers from working directly on master:
Another way to achieve this is to require a reviewer.
Select "Branch policies":
Turn on the option "Require a minimum number of reviewers":
Set the number of reviewers to 1.
This example shows "Allow requestors to approve their own changes". This setting is optional. If you set it, the user is still prevented from committing to main/master, but can complete their own PRs.
You can deny the contribute permission for the user group in git repo. Check the following official documentation:
https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-permissions?view=azure-devops
Id like to configure my branch protection rules as code, perhaps even more GitHub Settings, is there any way to do so.
User from a group like Build Administrator can access the project from Azure Devops. I need to control the user in that group to upload the file directly to the master branch. The user can manually upload files to all branches except Master. Because my master branch is based on Pull request. How can I implement this? Does it need any permission?
There are a few critical branches in your repo that the team relies on always being in good shape, such as your master branch. Require pull requests to make any changes on these branches. Developers pushing changes directly to the protected branches will have their pushes rejected. Thus, following this doc: Improve code quality with branch policies to protect your master branch.
In addition, be reference to this doc: Allow bypassing branch policies without giving up push protection, please note that these 2 permissions(Bypass policies when completing pull requests and Bypass policies when pushing) shouldn’t be granted to your mentioned Build Administrator group for master branch. See: Set branch permissions for details.
As soon as you enable any policy on your default branch changes must be made via pull request.
From the branch policy dialogue
Branch Policies: Note: If any required policy is enabled, this branch cannot be deleted and changes must be made via pull request.
So to disable direct commits follow these steps:
Navigate to project settings (cogwheel)
Repositories > select your repo
Navigate to Policies
In the Branch Policies section select your default branch
Enable any policies that make sense to your use case. Require a minimum number of reviewers might be a good starting point.
Just to understand,
You want to allow your user to store their files on the master branch ? Which tool are they using to upload ? Visual Studio or just drag & drop ?
Anyway you can have some settings on the azure devops by going on
Azure Devops ---> Your Repository --> Branches --> Select the branch you want to modify and click on the 3 dots (...) --> Select Branch Policies
I want to set up a proper workflow on GitHub where junior engineers submit pull request for code review and only the lead engineer can commit to the master branch.
I'm looking for input from professionals that work in a commercial software environment. I've found the page that does the permissions easy enough. There are several options. Restrict who can push to matching branches of course. Should I check others as well?
The other approach, beside the branch permission within one repo, is the gate repo:
you are setting up a public repo where developers can commit (on master or topic branches)
you are using a private, or repo within an organisation, from which you can pull
That way, you or your organisation team control the contribution you chose to include in the master of that main repository.
I have a VSTS/Azure DevOps project with a git repository containing different customer branches. I would like to permit each customer to read-only their own branch. How can I achieve this?
The access control settings do not allow me to set read permissions on specific branches, only on entire repositories. So is it perhaps possible to have a separate repository for each customer that automatically mirrors just the corresponding branch in the master repository?
You can't specify the permission directly in branches (branch level). However, you can inherit/modify the permissions from the repo level to branch level.
See my similar answer here
As you stated in your question. You should create separate repos for different customer where you can control the permissions.