I found how to block/protect branch from pushes, force pushes but how to protect branch from pull requests? When somebody creates pull requests branch merges with branch which locked (f.e. master branch) without any problems or acknowledges. How to protect branch from pull request Of course if it possible?
Branch lock (protect branch from pushes);
Branch security (deny force pushes)
I want to make impossible to complete pull request to locked branch. Of course if it possible.
I tested locking a branch, the result of the test is that it can successfully prevent other users from completing the pull request and merge to the target branch.
When I lock the master branch, and then create pr from the dev branch to the master branch, when I click complete, I will be prompted to stop me from completing the pr.
In addition, locking the branch can also prevent me from committing to the locked branch.
So I think locking branch can meet your need.For details ,please refer to this official document.
Plainly block branch from any PR isn't possible as a singular feature. But you can use branch policies to achieve something alike.
ADO docs says you can set policies:
Add specific person as required approver (it can be you)
Require minimum number of reviewers (you can add 999 person)
Check for linked work items
Require approval from external services (via API)
Plain locking branch forever and whatever happens is not the best approach (you want to have opportunity to do that sometimes). Hope that helps.
Hm strange. Because in our case lock not preventing from PR.
Probably it depends on who made PR. His privileges in Project but I'm not sure...
master branch lock
successfull PR
Related
Github has the option to allow a PR to be squashed when merged ("Squash and Merge")
Is there anyway I can configure the branch so it only allows the "Squash and Merge" option?
My scenario is this
we have a develop branch, that feature requests are pushed to
sometimes developers will forget to choose "Squash and Merge" and will commit their feature branch, with 10-20 tiny commits to the develop branch.
These changes eventually get merged to master, and feature history becomes hard to read
I have looked in hooks in branch protection rules, but didn't see any such option
Unfortunately the option to change what type of PR merge is available on Github is set on a per repo basis. Since PRs are a github thing, not a git thing, I can't think of a way that you'd be able to do anything with githooks either.
I don't see a great option for your workflow as long as you require the intermediate develop branch that eventually gets merged into master. Workflows that have multiple layers of PRs get messy on Github. The one real option would be that you require squash to merge on Github PRs and then the regular merge from develop to master happens outside a PR (could be local on a machine or via a Github action potentially).
But, your best option if this is really a big problem may be to modify your workflow. One common workflow would be that master is the development branch. Then when it is time for a release a release branch or tag, depending on your needs, is created from master. The you will have no issue turning on the repo wide requirement for squashing.
Can we create pull request from master branch to master branch in Azure devops because our team will work on directly in master branch and we need to code review and approval method also.
No this isn't how git works. You would have to branch off of master and then PR these branches back into master. Committing directly to master is not a recommended practice
Contributions to a source code repository that uses a distributed version control system are commonly made by means of a pull request, also known as a merge request.
The contributor requests that the project maintainer pulls the source code change, hence the name "pull request". The maintainer has to merge the pull request if the contribution should become part of the source base.
A pull request can be accepted or rejected by maintainers. Once the pull request is reviewed and approved, it is merged into the repository.
The above is how to pull request works.
We can push empty commits via git commit --allow-empty -m 1, But for your situation, even no empty commits(Because the source branch and target branch always the same), so of course the pull request will not be able to created.
Another thing will clearly tell you the reason:
If you use this API to create Pull Request from 'master' to 'master', you will find it is not accepted.
The detection of whether the 'sourcebranch' and 'targetbranch' are the same is high priority, even before the detection of the existence of the branch, so what you want to achieve is not possible from the basic of the design.
I have a scenario where I will sometimes need to cherry-pick some commits from our UAT branch into our MASTER branch. This is because the business sometimes will request that only specific "features" are moved from UAT to production. I need to be able to pick certain commits to move forward as PR.
The issue I am having is that when try to cherry pick from one the commits (from the UAT branch) to master, Azure DevOps give me the error...
"Encountered conflicts when cherry-picking commit "42af19". This operation needs to be performed locally."
I am able to do this same pattern against my UAT, QA and Integration branches, I only have this issue against our master branch. I don't have any conflicts in the source branch so I don't believe its that. I also don't have any special rules for the master branch that should keep me from doing a UI based cherry-pick.
I really can't have our developers do this locally so I am hoping for some sort of option where they can use the UI for this.
We are using ADO to host the repo for our Salesforce code. We use another system that handles the CICD pipeline.
The high-level background for this is that we have may have 2 or more PR's that have been promoted and deployed to UAT, but the business may request that we only deploy certain ones. So some PR's might remain open against master for a few dev cycles. The issue is when other PR's move through and we need to promote them from UAT to master, ALL of the changes are getting added to the UAT > MASTER PR due to the fact that the code in the PR's that are in the holding pattern have not been committed to master, so the subsequent PR's would pick up those changes and try to merge them in, and we don't want that.
The thought is that we could cherry-pick commits from UAT as a PR. These only only contain the files we actually want to deploy, not EVERYTHING.
Hopefully someone can help me out with this scenario as I am a little stuck.
Thank you all very much for your guidance!
I have been working with a similar branching strategy for Salesforce. Normally in this situation, we would do the following:
Create a branch out of master - it will be used only to resolve conflict.
git checkout -b gs-pipeline/...
Cherry-pick a commit there, you can space separate them if there are many
git cherry-pick COMMIT-HASH1 OPTIONAL-COMMIT-HASH2
Solve Conflicts manually, save files, stage them, commit and push
Open Pull Request from gs-pipeline/... -> master
Unfortunately, there is no easy way to solve this within UI as far as I am concerned.
However, when you would down merge from master -> uat(directly or via a separate branch) that may solve your issue. It should be safe as things on master/PRD should already be on UAT and all lower environments.
Caveat: I am fairly new to both git and GitHub.
So, in my current setup, my team uses git flow Hotfixes (usually started and finished by a graphical tool such as GitKraken or IntelliJ) to make changes that have to be merged into two branches and pushed upstream in both. So for example the flow would be:
Pull latest from master
Start hotfix
Commit changes
Merge hotfix branch into both master and develop and push both upstream
We're now looking at moving our code into GitHub and would like to start using Pull Requests, for a couple of reasons:
CI hooks to run tests and stuff
a place to put code-specific comments not directly related to the underlying "issue"
avoiding the need for everyone to constantly be pulling the latest master/develop to their local machine so that they can merge changes
But in the case of Hotfixes, I'm not sure what to do because I'm merging into two branches but it really is one "action" so manually creating two pull requests seems weird, particularly since step 4) in our current flow is a single click.
Is there a smart way of handling this? My ideal case would be that pushing the Merge button on the Pull Request would just merge into both, but that doesn't seem to be an available option.
As you mentioned, a Pull Request has only one target branch, so you won't be able to push the hotfix to both master and develop by merging one Pull Request.
I'm also surprised you mention your step #4 - merging the hotfix branch to both master and develop and push upstream - is one action. While there's a high chance the merge from hotfix to master won't run into merge conflicts, I can't say the same for the merge from hotfix to develop since it could have been worked on since the last deployment to production.
My recommendation would then be the following:
Create one PR from hotfix to master and have someone review it to validate the fix
Once it's merged into master, create another PR from hotfix to develop and see if you run into merge conflicts
If that's the case, resolve the merge conflicts so the PR ends up in a state to be merged, and have someone review the PR
If there's no merge conflicts, then have someone review the PR
An alternative solution, if you really want to go down the automated path, would be to leverage both GitHub webhooks and API.
The webhook would allow you to be notified when a PR is merged. You could inspect the payload to make sure that the base branch starts with hotfix/ and the target branch is master. You could then react to that event by using the API to create a new PR from the same hotfix branch to develop.
It will involve some development, and the effort might not be worth since creating a PR via the UI is still quite easy and quick.
I would like to give merge access to my co-workers. But, I do not want them to be able to merge their code into master (or another branch I maintain: staging). Is there any way to do that?
The easiest way is to ask them to fork the repo and make PR (pull request).
You can then inspect and/or reject any PR made to the master branch.
The GitHub branch protection doesn't prevent fast-forward pushes, to the fork is the best option.