I am trying to configure a GitHub repo so only certain users can push to a certain branch.
The branch pattern name matches the branch I want to restrict.
Here is a screen shot of the protected branch settings:
Yet, I can still can create a pull request from any branch and merge to the protected branch.
This is an organizational repo which I have admin privileges. Can only an organization maintainer change a branch's protected settings? Is there something else that needs to be configured?
I think this is by design. The "restrict who can push to matching branches" feature limits who can push to a branch, but you say
Yet, I can still can create a pull request from any branch and merge to the protected branch.
The whole point of protecting branches is to force code to go through a pull request process. Restricting push access doesn't restrict pull requests. It simply means users can't git push code directly to the branch.
You can also add required status checks before pull requests can be merged, e.g. for tests to pass, for a certain number of collaborators to approve the pull request, for commits to be cryptographically signed, etc.
Related
In GitHub, I have the following rule active on a branch called 'main':
Require a pull request before merging
But it still allows me to push directly to the protected branch.
We only have 1 branch and the settings show that the rules are applied to 1 branch. I am not sure what other settings I would need to change.
How to protect branch with "Require pull request reviews before merging"
Can we create pull request from master branch to master branch in Azure devops because our team will work on directly in master branch and we need to code review and approval method also.
No this isn't how git works. You would have to branch off of master and then PR these branches back into master. Committing directly to master is not a recommended practice
Contributions to a source code repository that uses a distributed version control system are commonly made by means of a pull request, also known as a merge request.
The contributor requests that the project maintainer pulls the source code change, hence the name "pull request". The maintainer has to merge the pull request if the contribution should become part of the source base.
A pull request can be accepted or rejected by maintainers. Once the pull request is reviewed and approved, it is merged into the repository.
The above is how to pull request works.
We can push empty commits via git commit --allow-empty -m 1, But for your situation, even no empty commits(Because the source branch and target branch always the same), so of course the pull request will not be able to created.
Another thing will clearly tell you the reason:
If you use this API to create Pull Request from 'master' to 'master', you will find it is not accepted.
The detection of whether the 'sourcebranch' and 'targetbranch' are the same is high priority, even before the detection of the existence of the branch, so what you want to achieve is not possible from the basic of the design.
We store our git in TFS - Azure Devops.
We want to protect the main branch from push and deletion. push must be done with PR.
So we added a branch policy "Require a minimum number of reviewers".
The problem: users can still push to the branch.
So we updated the policy for "Bypass policies when pushing" and "Force push (rewrite history, delete branches and tags)" to "Deny".
But now the users cannot delete other branches..
Any idea how can we protect only the Main branch from deletion and push ?
Based on your description, it seemed that you had denied Force push (rewrite history, delete branches and tags) security settings on the repository level, so that all other branches were unable to be deleted as well.
Please check the security permission Force push (rewrite history, delete branches and tags) in All repositories and one affected repository for the users/groups. You may try and set the permission of Force push (rewrite history, delete branches and tags) in your repository Security tab back to Allow/Not Set for the users/groups and only adopt branch security restriction on the branch level.
Kindly refer to the security settings on the main branch like below. Thus, other branches will not be affected by the settings of the main branch and they could be still deleted or pushed.
You don't need the force push policy. Setting the require minimum number of reviewers in conjunction with denying the Bypass policies when pushing should give you what you want.
As long as you have these in place, your users cannot bypass the PR rule and if they try to do it with a force push will still receive an error
My commit button is not getting enabled after editing Readme file in github.
The reason why the commit button is not enabled is because you are trying to commit to the master branch of the repo, which is protected from making direct commits/push. Only those who have access to make direct commits to master can do that, and you might not have that access. Hence you need to select the second option there to create a new branch to make the commit and create a pull request to the master branch, or get access to directly contribute to that branch.
The branch protection is to ensure that collaborators don't directly push or make commits to the particular branch or delete it, and also allows enabling status checks or required reviews. You can read more about GitHub's branch protection here.
I want to disable commits for certain branches in github and only allow merging via Pull Requests. I can do this in VSTS Git repos, but how do I do the same in GitHub? Is this even possible?
In your repositories settings, you can go to "Branches" in the left menu.
Then you can add a "Protected Branch", and then check "Require pull request reviews before merging".
Then nobody will be able to commit on this branch unless they made another branch and submitted a Pull Request.