As a GitHub administrator, I would like to lock a particular branch in GitHub for all users.
For e.g. if I do not want anyone to push to Master/Production or a Project branch, how can I do that.
Instead of using any client side hooks, is there a way to lock a branch on GitHub server directly ? Are there any third party tools/api's/scripts which can help achieve this ?
#Saurabh, I have done a similar thing according to your requirement on GitHub:
Navigate to Settings
Navigate to Branches
Tap on Add Rule near "Branch protection rules"
Tick the Require pull request reviews before merging checkbox
These steps apply a lock on, for example to master, so that no collaborators can push code to this branch. Code only be merged using pull requests.
Link to documentation
Screenshots:
Note: Protected branches are available to Pro, Team, and Enterprise users
The easiest solution is to have that branch in its own repo (for which no collaborators) are declared.
Otherwise, GitHub doesn't provide any native "branch protection" feature, as mentioned in "How to protect “master” in github?"
You could setup a webhook which on a push event can refuse the push if the branch has a given name.
An example would be terite/pull-to-master which protects master:
if (json.ref != 'refs/heads/master')
return cb([200, 'Skipping, not master']);
This is not a client-side hook, but it does require a client to listen to the JSON payload of the push event in order to react to it.
Since Oct. 2022, there is a simpler option:
New Branch Protections: Last Pusher and Locked Branch (Oct. 2022)
Push protection enabled.
This allows for branches to be locked, prohibiting changes.
You can lock a branch allowing you to have a maintenance window and prevent changes, or to protect a fork so it only receives changes from its upstream repository.
To use this feature in a branch protection rule, enable Lock branch.
For more information, read About protected branches in the GitHub documentation.
We appreciate feedback on this and other topics in GitHub's public feedback discussions.
Related
Github has the option to allow a PR to be squashed when merged ("Squash and Merge")
Is there anyway I can configure the branch so it only allows the "Squash and Merge" option?
My scenario is this
we have a develop branch, that feature requests are pushed to
sometimes developers will forget to choose "Squash and Merge" and will commit their feature branch, with 10-20 tiny commits to the develop branch.
These changes eventually get merged to master, and feature history becomes hard to read
I have looked in hooks in branch protection rules, but didn't see any such option
Unfortunately the option to change what type of PR merge is available on Github is set on a per repo basis. Since PRs are a github thing, not a git thing, I can't think of a way that you'd be able to do anything with githooks either.
I don't see a great option for your workflow as long as you require the intermediate develop branch that eventually gets merged into master. Workflows that have multiple layers of PRs get messy on Github. The one real option would be that you require squash to merge on Github PRs and then the regular merge from develop to master happens outside a PR (could be local on a machine or via a Github action potentially).
But, your best option if this is really a big problem may be to modify your workflow. One common workflow would be that master is the development branch. Then when it is time for a release a release branch or tag, depending on your needs, is created from master. The you will have no issue turning on the repo wide requirement for squashing.
My commit button is not getting enabled after editing Readme file in github.
The reason why the commit button is not enabled is because you are trying to commit to the master branch of the repo, which is protected from making direct commits/push. Only those who have access to make direct commits to master can do that, and you might not have that access. Hence you need to select the second option there to create a new branch to make the commit and create a pull request to the master branch, or get access to directly contribute to that branch.
The branch protection is to ensure that collaborators don't directly push or make commits to the particular branch or delete it, and also allows enabling status checks or required reviews. You can read more about GitHub's branch protection here.
I need to configure GitHub protection rule for master branch which supports to raise pull request from a specific branch (ex: develop -> master) only. If any user tries to raise pull request from any other branch to master that should not be allowed.
Is above requirement possible, if yes how to configure.
I searched GitHub documents, repository settings and lot of blogs. But couldn't found any thing.
Thanks,
Raghunath.
Update 8-Apr-2020:
It seems there is no feature to implement above requirement (received confirmation from GitHub community admin)
I found how to block/protect branch from pushes, force pushes but how to protect branch from pull requests? When somebody creates pull requests branch merges with branch which locked (f.e. master branch) without any problems or acknowledges. How to protect branch from pull request Of course if it possible?
Branch lock (protect branch from pushes);
Branch security (deny force pushes)
I want to make impossible to complete pull request to locked branch. Of course if it possible.
I tested locking a branch, the result of the test is that it can successfully prevent other users from completing the pull request and merge to the target branch.
When I lock the master branch, and then create pr from the dev branch to the master branch, when I click complete, I will be prompted to stop me from completing the pr.
In addition, locking the branch can also prevent me from committing to the locked branch.
So I think locking branch can meet your need.For details ,please refer to this official document.
Plainly block branch from any PR isn't possible as a singular feature. But you can use branch policies to achieve something alike.
ADO docs says you can set policies:
Add specific person as required approver (it can be you)
Require minimum number of reviewers (you can add 999 person)
Check for linked work items
Require approval from external services (via API)
Plain locking branch forever and whatever happens is not the best approach (you want to have opportunity to do that sometimes). Hope that helps.
Hm strange. Because in our case lock not preventing from PR.
Probably it depends on who made PR. His privileges in Project but I'm not sure...
master branch lock
successfull PR
I want to set up a proper workflow on GitHub where junior engineers submit pull request for code review and only the lead engineer can commit to the master branch.
I'm looking for input from professionals that work in a commercial software environment. I've found the page that does the permissions easy enough. There are several options. Restrict who can push to matching branches of course. Should I check others as well?
The other approach, beside the branch permission within one repo, is the gate repo:
you are setting up a public repo where developers can commit (on master or topic branches)
you are using a private, or repo within an organisation, from which you can pull
That way, you or your organisation team control the contribution you chose to include in the master of that main repository.