Is it possible to set up a collaborator to only pull/push from a specific branch. Or for that matter, not be able to make changes to Master?
If your repository belongs to an organization, you can enable branch restrictions settings and choose who can push to restricted branches.
https://help.github.com/articles/about-branch-restrictions/
https://help.github.com/articles/enabling-branch-restrictions/
Revoke write access completely and make them fork the repository and submit pull requests.
Related
We store our git in TFS - Azure Devops.
We want to protect the main branch from push and deletion. push must be done with PR.
So we added a branch policy "Require a minimum number of reviewers".
The problem: users can still push to the branch.
So we updated the policy for "Bypass policies when pushing" and "Force push (rewrite history, delete branches and tags)" to "Deny".
But now the users cannot delete other branches..
Any idea how can we protect only the Main branch from deletion and push ?
Based on your description, it seemed that you had denied Force push (rewrite history, delete branches and tags) security settings on the repository level, so that all other branches were unable to be deleted as well.
Please check the security permission Force push (rewrite history, delete branches and tags) in All repositories and one affected repository for the users/groups. You may try and set the permission of Force push (rewrite history, delete branches and tags) in your repository Security tab back to Allow/Not Set for the users/groups and only adopt branch security restriction on the branch level.
Kindly refer to the security settings on the main branch like below. Thus, other branches will not be affected by the settings of the main branch and they could be still deleted or pushed.
You don't need the force push policy. Setting the require minimum number of reviewers in conjunction with denying the Bypass policies when pushing should give you what you want.
As long as you have these in place, your users cannot bypass the PR rule and if they try to do it with a force push will still receive an error
My commit button is not getting enabled after editing Readme file in github.
The reason why the commit button is not enabled is because you are trying to commit to the master branch of the repo, which is protected from making direct commits/push. Only those who have access to make direct commits to master can do that, and you might not have that access. Hence you need to select the second option there to create a new branch to make the commit and create a pull request to the master branch, or get access to directly contribute to that branch.
The branch protection is to ensure that collaborators don't directly push or make commits to the particular branch or delete it, and also allows enabling status checks or required reviews. You can read more about GitHub's branch protection here.
I want to restrict commits to only few collaborators in few branches. I have personal account in github but donot have any facility to do so as that of organisation. Any suggestion is much appreciated.
You can always use GitHub's standard forking workflow:
Each collaborator will fork your repository and do their work in their own fork.
When something is ready to be contributed back to your repository the developer will create a pull request that you will review.
That code will only be merged into your repository if you approve it and accept the pull request.
In this way you control the code that gets merged into each of your branches.
I was added as collaborator to a public GitHub repo and I was able to make changes to the main branch. A pull request was not generated, the changes just went right in. I am using Visual Studio 2015 as my client, for what it's worth.
Yes, it depends on the permission.
There are 4 types of permissions:
Read
Write
Admin
Owner
Note: Organization members with owner permissions have extensive permissions across all repositories in an organization.
See the permissions and associated actions at Repository permission levels for an organization and Collaborator access on a repository owned by a user account.
Yes, it is either your responsibility to properly follow process (i.e., create a branch and then create the pull request to merge to master / release / etc) or/and up to the repo owner to set up permissions so committing directly to master is not possible.
Yes, that's basically what collaborators are. :)
See Github - Collaborator access on a repository owned by a user account
Often, even if you have collaborator access/rights, you can choose to adopt a more kosher Git workflow, like creating a branch and a pull request for each 'thing' that goes into the main branch.
If I fork a repository I have permission to that is owned by a company into my personal github, make some changes, make a PR, sometimes my collaborators (the ones in charge of the PR) will click "merge and delete local branch". This deletes the branch out of my private github account. Is there a way to disable this?
If there is no way to disable it, a workaround would be to create a branch referencing the same HEAD as the feature branch used for the PR (and which gets deleted when merged in the original repo).
That would allow you to keep track of that feature branch, even after the PR has been completed.