Travel around the world
  • Home /
  • Blog /
  • How to Create and enforce Github branch protection rules for Organization. Best Practice

How to Create and enforce Github branch protection rules for Organization. Best Practice

Details

git branches

We are going to enforce the Git Best Practice branch's protection rules and recommendaions for GitHub Organization repositories.

Also we will automate a proces of adding and updating teams and branch protection rules to GitHub Organization repository.

There is the same way to apply branch protection and recommendaions to private (non-organization GitHub repositories but you need to modify the automation scipts). Also some options are not available for non-organization GitHub repositories.

 

 

 

 

Manual

  1. You ahve to have admin accses for GitHub repository and can accesss to repo settings

    github settings 
  2. Go to Settings > Branches and create a new rule for main/master branch
    • - Require a pull request before merging - true
    • - Require approvals - true (2 approvals)
    • - Dismiss stale pull request approvals when new commits are pushed - true
    • - Do not allow bypassing the above settings - true
    • - Save changes
  3. Create a new rule for develop branch
    • - Require a pull request before merging - true
    • - Require approvals - true (1 approvals)
    • - Dismiss stale pull request approvals when new commits are pushed - true
    • - Do not allow bypassing the above settings - true
    • - Save changes
  4. Create new rules for feature/*, hotfix/*, relese/*, bugfix/* branches with protections below
    • - Allow force pushes - true (Everyone)
    • - Allow deletions - true
    • - vSave changes
  5. Create a new wildcard rules for * (star) branch with protections below
    • - Do not allow bypassing the above settings - true
    • - Restrict who can push to matching branches - true
    • - Restrict pushes that create matching branches - true
    • - Save changes

wildcard branch protection rules

After that the user from developer team with push request can only:

  • - create and push commits to any branches with names begin with prefix feature/..., hotfix/..., relese/..., bugfix/...
  • - craete a pull request to any other branches, like main/master, develop, etc.

 

AUTOMATION

For automation please use scripts from GitHub private reposcripts from GitHub private repo to craete the branch protection rules to GitHub Organization repository(s).

That's it. Happy DevOpsing!

Add comment

Security code
Refresh