I'm working with hundreds of github repos (mostly Terraform) and every now and then I need to push a change all across those repos (typically version upgrade). Each has multiple branches and requires PR review before merge to master. Is there a way I can set it up so that PRs created by my automation account do not require approval before merge?
There is an hmarr/auto-approve-action action, which you can configure to auto-approve PR from certain users.
In your case, that could allow you to push as a dedicated user PRs that will be automatically approved by this action.
Related
Github has the option to allow a PR to be squashed when merged ("Squash and Merge")
Is there anyway I can configure the branch so it only allows the "Squash and Merge" option?
My scenario is this
we have a develop branch, that feature requests are pushed to
sometimes developers will forget to choose "Squash and Merge" and will commit their feature branch, with 10-20 tiny commits to the develop branch.
These changes eventually get merged to master, and feature history becomes hard to read
I have looked in hooks in branch protection rules, but didn't see any such option
Unfortunately the option to change what type of PR merge is available on Github is set on a per repo basis. Since PRs are a github thing, not a git thing, I can't think of a way that you'd be able to do anything with githooks either.
I don't see a great option for your workflow as long as you require the intermediate develop branch that eventually gets merged into master. Workflows that have multiple layers of PRs get messy on Github. The one real option would be that you require squash to merge on Github PRs and then the regular merge from develop to master happens outside a PR (could be local on a machine or via a Github action potentially).
But, your best option if this is really a big problem may be to modify your workflow. One common workflow would be that master is the development branch. Then when it is time for a release a release branch or tag, depending on your needs, is created from master. The you will have no issue turning on the repo wide requirement for squashing.
User from a group like Build Administrator can access the project from Azure Devops. I need to control the user in that group to upload the file directly to the master branch. The user can manually upload files to all branches except Master. Because my master branch is based on Pull request. How can I implement this? Does it need any permission?
There are a few critical branches in your repo that the team relies on always being in good shape, such as your master branch. Require pull requests to make any changes on these branches. Developers pushing changes directly to the protected branches will have their pushes rejected. Thus, following this doc: Improve code quality with branch policies to protect your master branch.
In addition, be reference to this doc: Allow bypassing branch policies without giving up push protection, please note that these 2 permissions(Bypass policies when completing pull requests and Bypass policies when pushing) shouldn’t be granted to your mentioned Build Administrator group for master branch. See: Set branch permissions for details.
As soon as you enable any policy on your default branch changes must be made via pull request.
From the branch policy dialogue
Branch Policies: Note: If any required policy is enabled, this branch cannot be deleted and changes must be made via pull request.
So to disable direct commits follow these steps:
Navigate to project settings (cogwheel)
Repositories > select your repo
Navigate to Policies
In the Branch Policies section select your default branch
Enable any policies that make sense to your use case. Require a minimum number of reviewers might be a good starting point.
Just to understand,
You want to allow your user to store their files on the master branch ? Which tool are they using to upload ? Visual Studio or just drag & drop ?
Anyway you can have some settings on the azure devops by going on
Azure Devops ---> Your Repository --> Branches --> Select the branch you want to modify and click on the 3 dots (...) --> Select Branch Policies
I want to set up a proper workflow on GitHub where junior engineers submit pull request for code review and only the lead engineer can commit to the master branch.
I'm looking for input from professionals that work in a commercial software environment. I've found the page that does the permissions easy enough. There are several options. Restrict who can push to matching branches of course. Should I check others as well?
The other approach, beside the branch permission within one repo, is the gate repo:
you are setting up a public repo where developers can commit (on master or topic branches)
you are using a private, or repo within an organisation, from which you can pull
That way, you or your organisation team control the contribution you chose to include in the master of that main repository.
I want to restrict commits to only few collaborators in few branches. I have personal account in github but donot have any facility to do so as that of organisation. Any suggestion is much appreciated.
You can always use GitHub's standard forking workflow:
Each collaborator will fork your repository and do their work in their own fork.
When something is ready to be contributed back to your repository the developer will create a pull request that you will review.
That code will only be merged into your repository if you approve it and accept the pull request.
In this way you control the code that gets merged into each of your branches.
I want to disable commits for certain branches in github and only allow merging via Pull Requests. I can do this in VSTS Git repos, but how do I do the same in GitHub? Is this even possible?
In your repositories settings, you can go to "Branches" in the left menu.
Then you can add a "Protected Branch", and then check "Require pull request reviews before merging".
Then nobody will be able to commit on this branch unless they made another branch and submitted a Pull Request.