I want to invite an external developer to a private repository. This developer should be allowed to do nothing in the master and nothing in the stage branch. Only in the devel branch he should be allowed to commit.
In the section "Settings" I selected the tab "Branches".
There I created a branch protection rule for the branch "master" and "stage".
I tried to follow these instructions:
https://help.github.com/en/articles/enabling-branch-restrictions
But I can't find the option "Restrict who can push to this branch".
What do I have to do to realize my request?
The solution was to change the account into a organization. Then there it is possible to add protection rule to the branches.
Related
User from a group like Build Administrator can access the project from Azure Devops. I need to control the user in that group to upload the file directly to the master branch. The user can manually upload files to all branches except Master. Because my master branch is based on Pull request. How can I implement this? Does it need any permission?
There are a few critical branches in your repo that the team relies on always being in good shape, such as your master branch. Require pull requests to make any changes on these branches. Developers pushing changes directly to the protected branches will have their pushes rejected. Thus, following this doc: Improve code quality with branch policies to protect your master branch.
In addition, be reference to this doc: Allow bypassing branch policies without giving up push protection, please note that these 2 permissions(Bypass policies when completing pull requests and Bypass policies when pushing) shouldn’t be granted to your mentioned Build Administrator group for master branch. See: Set branch permissions for details.
As soon as you enable any policy on your default branch changes must be made via pull request.
From the branch policy dialogue
Branch Policies: Note: If any required policy is enabled, this branch cannot be deleted and changes must be made via pull request.
So to disable direct commits follow these steps:
Navigate to project settings (cogwheel)
Repositories > select your repo
Navigate to Policies
In the Branch Policies section select your default branch
Enable any policies that make sense to your use case. Require a minimum number of reviewers might be a good starting point.
Just to understand,
You want to allow your user to store their files on the master branch ? Which tool are they using to upload ? Visual Studio or just drag & drop ?
Anyway you can have some settings on the azure devops by going on
Azure Devops ---> Your Repository --> Branches --> Select the branch you want to modify and click on the 3 dots (...) --> Select Branch Policies
After approving a PR, can a reviewer be allowed to delete the source feature branch (during merging)? feature branch is created off develop branch. We want reviewer to be able to delete feature branch. However, reviewer should not be able to delete develop branch while merging that to master branch.
Is that possible with Azure DevOps? How can we set the branch policy/security to achieve the above?
Addition: feature branch can indeed be deleted provided branch owner is the one completing the PR (there is a checkbox to do that). We want to shift that responsibility to reviewer who does not really own the feature branch. (The checkbox is disabled for reviewer with insufficient permissions message.)
To enable the reviewer the permission to delete the branch, you need to enable the delete branch permission in the Repositories' setting. Please check below steps:
Go to Project settings -> Repos -> Repositories -> Select your repository.
On the Security page of your repository, Search the user you want to grant the delete branch permission in the search box.
On the Security page of the selected user, Set the Force push permission to Allow. Then the delete checkbox for the reviewer will be enabled.
Update:
If you want to enable multiple reviewers the delete permission. You can go to Organization settings, click Permissions under Security, Click New group to create a new Group(eg.Reviewers) and add the reviewers to this group.
Then follow above steps enable the branch deletion permission for this Group. The reveiwers in this Group will automatically inherit this deletion permission.
Having any branch policy on develop would mean that it can't be deleted when completing a PR to master. Branches with policies set are inelgible for deletion as part of PR completion.
I want to set up a proper workflow on GitHub where junior engineers submit pull request for code review and only the lead engineer can commit to the master branch.
I'm looking for input from professionals that work in a commercial software environment. I've found the page that does the permissions easy enough. There are several options. Restrict who can push to matching branches of course. Should I check others as well?
The other approach, beside the branch permission within one repo, is the gate repo:
you are setting up a public repo where developers can commit (on master or topic branches)
you are using a private, or repo within an organisation, from which you can pull
That way, you or your organisation team control the contribution you chose to include in the master of that main repository.
Is it possible to set up a collaborator to only pull/push from a specific branch. Or for that matter, not be able to make changes to Master?
If your repository belongs to an organization, you can enable branch restrictions settings and choose who can push to restricted branches.
https://help.github.com/articles/about-branch-restrictions/
https://help.github.com/articles/enabling-branch-restrictions/
Revoke write access completely and make them fork the repository and submit pull requests.
As a GitHub administrator, I would like to lock a particular branch in GitHub for all users.
For e.g. if I do not want anyone to push to Master/Production or a Project branch, how can I do that.
Instead of using any client side hooks, is there a way to lock a branch on GitHub server directly ? Are there any third party tools/api's/scripts which can help achieve this ?
#Saurabh, I have done a similar thing according to your requirement on GitHub:
Navigate to Settings
Navigate to Branches
Tap on Add Rule near "Branch protection rules"
Tick the Require pull request reviews before merging checkbox
These steps apply a lock on, for example to master, so that no collaborators can push code to this branch. Code only be merged using pull requests.
Link to documentation
Screenshots:
Note: Protected branches are available to Pro, Team, and Enterprise users
The easiest solution is to have that branch in its own repo (for which no collaborators) are declared.
Otherwise, GitHub doesn't provide any native "branch protection" feature, as mentioned in "How to protect “master” in github?"
You could setup a webhook which on a push event can refuse the push if the branch has a given name.
An example would be terite/pull-to-master which protects master:
if (json.ref != 'refs/heads/master')
return cb([200, 'Skipping, not master']);
This is not a client-side hook, but it does require a client to listen to the JSON payload of the push event in order to react to it.
Since Oct. 2022, there is a simpler option:
New Branch Protections: Last Pusher and Locked Branch (Oct. 2022)
Push protection enabled.
This allows for branches to be locked, prohibiting changes.
You can lock a branch allowing you to have a maintenance window and prevent changes, or to protect a fork so it only receives changes from its upstream repository.
To use this feature in a branch protection rule, enable Lock branch.
For more information, read About protected branches in the GitHub documentation.
We appreciate feedback on this and other topics in GitHub's public feedback discussions.