After approving a PR, can a reviewer be allowed to delete the source feature branch (during merging)? feature branch is created off develop branch. We want reviewer to be able to delete feature branch. However, reviewer should not be able to delete develop branch while merging that to master branch.
Is that possible with Azure DevOps? How can we set the branch policy/security to achieve the above?
Addition: feature branch can indeed be deleted provided branch owner is the one completing the PR (there is a checkbox to do that). We want to shift that responsibility to reviewer who does not really own the feature branch. (The checkbox is disabled for reviewer with insufficient permissions message.)
To enable the reviewer the permission to delete the branch, you need to enable the delete branch permission in the Repositories' setting. Please check below steps:
Go to Project settings -> Repos -> Repositories -> Select your repository.
On the Security page of your repository, Search the user you want to grant the delete branch permission in the search box.
On the Security page of the selected user, Set the Force push permission to Allow. Then the delete checkbox for the reviewer will be enabled.
Update:
If you want to enable multiple reviewers the delete permission. You can go to Organization settings, click Permissions under Security, Click New group to create a new Group(eg.Reviewers) and add the reviewers to this group.
Then follow above steps enable the branch deletion permission for this Group. The reveiwers in this Group will automatically inherit this deletion permission.
Having any branch policy on develop would mean that it can't be deleted when completing a PR to master. Branches with policies set are inelgible for deletion as part of PR completion.
Related
I cannot delete branches via GitHub UI even though I have admin rights for the repository.
The delete button is disabled:
What am I missing?
Check if you have Branch protection rules defined that don't allow deleting branches.
For that go to repository settings -> Branches.
Under Branch protection rules edit the rule that matches the branch(es) you are not allowed to delete. Scroll down and see if Allow deletions is enabled.
We store our git in TFS - Azure Devops.
We want to protect the main branch from push and deletion. push must be done with PR.
So we added a branch policy "Require a minimum number of reviewers".
The problem: users can still push to the branch.
So we updated the policy for "Bypass policies when pushing" and "Force push (rewrite history, delete branches and tags)" to "Deny".
But now the users cannot delete other branches..
Any idea how can we protect only the Main branch from deletion and push ?
Based on your description, it seemed that you had denied Force push (rewrite history, delete branches and tags) security settings on the repository level, so that all other branches were unable to be deleted as well.
Please check the security permission Force push (rewrite history, delete branches and tags) in All repositories and one affected repository for the users/groups. You may try and set the permission of Force push (rewrite history, delete branches and tags) in your repository Security tab back to Allow/Not Set for the users/groups and only adopt branch security restriction on the branch level.
Kindly refer to the security settings on the main branch like below. Thus, other branches will not be affected by the settings of the main branch and they could be still deleted or pushed.
You don't need the force push policy. Setting the require minimum number of reviewers in conjunction with denying the Bypass policies when pushing should give you what you want.
As long as you have these in place, your users cannot bypass the PR rule and if they try to do it with a force push will still receive an error
User from a group like Build Administrator can access the project from Azure Devops. I need to control the user in that group to upload the file directly to the master branch. The user can manually upload files to all branches except Master. Because my master branch is based on Pull request. How can I implement this? Does it need any permission?
There are a few critical branches in your repo that the team relies on always being in good shape, such as your master branch. Require pull requests to make any changes on these branches. Developers pushing changes directly to the protected branches will have their pushes rejected. Thus, following this doc: Improve code quality with branch policies to protect your master branch.
In addition, be reference to this doc: Allow bypassing branch policies without giving up push protection, please note that these 2 permissions(Bypass policies when completing pull requests and Bypass policies when pushing) shouldn’t be granted to your mentioned Build Administrator group for master branch. See: Set branch permissions for details.
As soon as you enable any policy on your default branch changes must be made via pull request.
From the branch policy dialogue
Branch Policies: Note: If any required policy is enabled, this branch cannot be deleted and changes must be made via pull request.
So to disable direct commits follow these steps:
Navigate to project settings (cogwheel)
Repositories > select your repo
Navigate to Policies
In the Branch Policies section select your default branch
Enable any policies that make sense to your use case. Require a minimum number of reviewers might be a good starting point.
Just to understand,
You want to allow your user to store their files on the master branch ? Which tool are they using to upload ? Visual Studio or just drag & drop ?
Anyway you can have some settings on the azure devops by going on
Azure Devops ---> Your Repository --> Branches --> Select the branch you want to modify and click on the 3 dots (...) --> Select Branch Policies
I want to invite an external developer to a private repository. This developer should be allowed to do nothing in the master and nothing in the stage branch. Only in the devel branch he should be allowed to commit.
In the section "Settings" I selected the tab "Branches".
There I created a branch protection rule for the branch "master" and "stage".
I tried to follow these instructions:
https://help.github.com/en/articles/enabling-branch-restrictions
But I can't find the option "Restrict who can push to this branch".
What do I have to do to realize my request?
The solution was to change the account into a organization. Then there it is possible to add protection rule to the branches.
How can you stop a branch being accidentally deleted in a pull request?
The issue is the "Complete pull request" has got the "Delete dev after merging" check box, and this seems to be checked by default, which may be because I'm the owner of the repos.
Is there someway to disable this for all users?
For now, there is no way to disable the Delete source branch after merging option.
And there is an user voice Disable Delete Branch Checkbox in PR When Branch Policy In Place which suggest similar feature, you can vote and follow up.
The workaround is set branch security for the target branch (dev branch for your situation):
In VSTS Branches Tab -> click … button for dev branch -> Branch security -> change Force push (rewrite history, delete branches and tags) as Deny for the users and groups -> Save changes.
BTW: Delete source branch after merging option in PR completing window is not checked/selected by default, but based on the last time's setting. Such as if you deselect the option now, when you open the PR completing window next time, the Delete source branch after merging option will be deselected.
See this post. You just need to add a policy to the branch, then it cannot be deleted.
I may be a bit late on this thread. I faced this problem and found solution in Azure Dev Ops. While approving you get option to deselect.