In GitHub, I have the following rule active on a branch called 'main':
Require a pull request before merging
But it still allows me to push directly to the protected branch.
We only have 1 branch and the settings show that the rules are applied to 1 branch. I am not sure what other settings I would need to change.
How to protect branch with "Require pull request reviews before merging"
Related
My commit button is not getting enabled after editing Readme file in github.
The reason why the commit button is not enabled is because you are trying to commit to the master branch of the repo, which is protected from making direct commits/push. Only those who have access to make direct commits to master can do that, and you might not have that access. Hence you need to select the second option there to create a new branch to make the commit and create a pull request to the master branch, or get access to directly contribute to that branch.
The branch protection is to ensure that collaborators don't directly push or make commits to the particular branch or delete it, and also allows enabling status checks or required reviews. You can read more about GitHub's branch protection here.
I am trying to use lerna publish to manage package publishing in my team. So what lerna does at the end of every publish is, it bumps the version in the package.json file and commits those changes in the branch that did the publish.
However in master I need "Require pull request reviews before merging" to be active as it is protected branch.
My problem is not in publishing as lerna publishes the package. However the circle-ci fails with this error:
remote: error: GH006: Protected branch update failed for refs/heads/publish-test.
remote: error: At least 1 approving review is required by reviewers with write access.
To github.com:username/repo.git
! [remote rejected] publish-test -> publish-test (protected branch hook declined)
I tried enabling "Restrict who can push to matching branches" option to allow a user to commit in master, (we are using a bot user for devops commits).
Is there a way to add a user exception to the option "Require pull request reviews before merging" or do a pre-merge hook(so I can publish before the merge in ci)?
Update
GetHub enterprise now has the ability to create custom roles in which you can assign the permission to bypass branch policy.
The only way to excempt users is to make them repo admins and allow admins to bypass the policy.
Or use a GitHub actions workflow that uses the PAT if an admin to push to the target branch if the changes were pushed by allow-listed users. That opens up some interesting security issues though.
No there currently is no option for that but you could raise a feature request here. There probably is no way to work around the branch protection, which is pretty much the point of it.
On your second question: As far as I know, there is no specific "pre-merge" hook, here is the list of all workflow triggers. You could work around this triggering at push for the branch you are merging to or could trigger on creating a release or maybe one of the mentioned pull-request hooks can enable your scenario.
I am trying to configure a GitHub repo so only certain users can push to a certain branch.
The branch pattern name matches the branch I want to restrict.
Here is a screen shot of the protected branch settings:
Yet, I can still can create a pull request from any branch and merge to the protected branch.
This is an organizational repo which I have admin privileges. Can only an organization maintainer change a branch's protected settings? Is there something else that needs to be configured?
I think this is by design. The "restrict who can push to matching branches" feature limits who can push to a branch, but you say
Yet, I can still can create a pull request from any branch and merge to the protected branch.
The whole point of protecting branches is to force code to go through a pull request process. Restricting push access doesn't restrict pull requests. It simply means users can't git push code directly to the branch.
You can also add required status checks before pull requests can be merged, e.g. for tests to pass, for a certain number of collaborators to approve the pull request, for commits to be cryptographically signed, etc.
I want to disable commits for certain branches in github and only allow merging via Pull Requests. I can do this in VSTS Git repos, but how do I do the same in GitHub? Is this even possible?
In your repositories settings, you can go to "Branches" in the left menu.
Then you can add a "Protected Branch", and then check "Require pull request reviews before merging".
Then nobody will be able to commit on this branch unless they made another branch and submitted a Pull Request.
I'm having an issue where GitHub doesn't automatically rebase/merge my pull requests at all, even if commits to master since the PR branch was created don't even touch the same files the PR itself touches, so there aren't any merge conflicts at all.
I know this is possible in GitHub, I've encountered a few repositories myself where PRs don't require a rebase and merge conflicts are automatically resolved.
The repository in question is here.
I've tried going through the project settings but I cannot seem to find a setting that says that this is an issue. Also, if I rebase my PRs manually, it usually happens automatically without me being prompted to resolve any conflics.
This is configured in the required status checks section, found in Settings → Branches → Protected Branches. The relevant setting is "Require branches to be up to date before merging".
If this feature is enabled, and status checking is set to "strict" (it is by default), then
you'll need to bring the head branch up to date after other collaborators merge pull requests to the protected base branch.