| title | intro | product | redirect_from | versions | permissions | topics | shortTitle | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Managing a branch protection rule |
You can create a branch protection rule to enforce certain workflows for one or more branches, such as requiring an approving review or passing status checks for all pull requests merged into the protected branch. |
{% data reusables.gated-features.protected-branches %} |
|
|
People with admin permissions {% ifversion edit-repository-rules %}or a custom role with the "edit repository rules" permission{% endif %} to a repository can manage branch protection rules. |
|
Branch protection rule |
{% data reusables.repositories.branch-rules-example %}
You can create a rule for all current and future branches in your repository with the wildcard syntax *. {% data reusables.repositories.about-fnmatch %}
If a repository has multiple protected branch rules that affect the same branches, the rules that include a specific branch name have the highest priority. If there is more than one protected branch rule that references the same specific branch name, then the branch rule created first will have higher priority.
Protected branch rules that mention a special character, such as *, ?, or ], are applied in the order they were created, so older rules with these characters have a higher priority.
To create an exception to an existing branch rule, you can create a new branch protection rule that is higher priority, such as a branch rule for a specific branch name.
For more information about each of the available branch protection settings, see "AUTOTITLE."
{% ifversion repo-rules %} {% note %}
Note: Only a single branch protection rule can apply at a time, which means it can be difficult to know how which rule will apply when multiple versions of a rule target the same branch. {% ifversion repo-rules-enterprise %}Additionally, you may want to create a single set of rules that applies to multiple repositories in an organization. {% endif %}For information about an alternative to branch protection rules, see "AUTOTITLE."
{% endnote %} {% endif %}
When you create a branch rule, the branch you specify doesn't have to exist yet in the repository.
{% note %}
Note: Actors may only be added to bypass lists when the repository belongs to an organization.
{% endnote %}
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.repository-branches %} {% data reusables.repositories.add-branch-protection-rules %}
-
Optionally, enable required pull requests. {% ifversion pull-request-mergeability-security-changes %} {% indented_data_reference reusables.pull_requests.security-changes-mergeability spaces=3 %} {% endif %}
-
Under "Protect matching branches", select Require a pull request before merging.
-
Optionally, to require approvals before a pull request can be merged, select Require approvals.
Select the Required number of approvals before merging dropdown menu, then click the number of approving reviews you would like to require on the branch.
-
Optionally, to dismiss a pull request approval review when a code-modifying commit is pushed to the branch, select Dismiss stale pull request approvals when new commits are pushed.
-
Optionally, to require review from a code owner when the pull request affects code that has a designated owner, select Require review from Code Owners. Note that if code has multiple owners, an approval from any of the code owners will be sufficient to meet this requirement. For more information, see "AUTOTITLE."
-
Optionally, to allow specific actors to push code to the branch without creating pull requests when they're required, select Allow specified actors to bypass required pull requests. Then, search for and select the actors who should be allowed to skip creating a pull request.
-
Optionally, if the repository is part of an organization, select Restrict who can dismiss pull request reviews. Then, in the search field, search for and select the actors who are allowed to dismiss pull request reviews. For more information, see "AUTOTITLE." {% ifversion last-pusher-require-approval %}
-
Optionally, to require someone other than the last person to push to a branch to approve a pull request prior to merging, select Require approval of the most recent reviewable push. For more information, see "AUTOTITLE." {% endif %}
-
-
Optionally, enable required status checks. For more information, see "AUTOTITLE."
- Select Require status checks to pass before merging.
- Optionally, to ensure that pull requests are tested with the latest code on the protected branch, select Require branches to be up to date before merging.
- In the search field, search for status checks, selecting the checks you want to require.
-
Optionally, select Require conversation resolution before merging.
-
Optionally, select Require signed commits.
-
Optionally, select Require linear history. {%- ifversion merge-queue %}
-
Optionally, to merge pull requests using a merge queue, select Require merge queue. {% data reusables.pull_requests.merge-queue-references %} {%- endif %} {%- ifversion required-deployments %}
-
Optionally, to choose which environments the changes must be successfully deployed to before merging, select Require deployments to succeed before merging, then select the environments. {%- endif %} {% ifversion lock-branch %}
-
Optionally, make the branch read-only.
- Select Lock branch.
- Optionally, to allow fork syncing, select Allow fork syncing. {%- endif %}
-
Optionally, select Do not allow bypassing the above settings.
-
Optionally,{% ifversion fpt or ghec %} in public repositories owned by a {% data variables.product.prodname_free_user %} organization and in all repositories owned by an organization using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %},{% endif %} enable branch restrictions.
- Select Restrict who can push to matching branches. {%- ifversion restrict-pushes-create-branch %}
- Optionally, to also restrict the creation of matching branches, select Restrict pushes that create matching branches. {%- endif %}
- In the search field, search for and select the people, teams, or apps who will have permission to push to the protected branch or create a matching branch.
-
Optionally, under "Rules applied to everyone including administrators", select Allow force pushes.
Then, choose who can force push to the branch.
- Select Everyone to allow everyone with at least write permissions to the repository to force push to the branch, including those with admin permissions.
- Select Specify who can force push to allow only specific actors to force push to the branch. Then, search for and select those actors.
For more information about force pushes, see "AUTOTITLE."
-
Optionally, select Allow deletions.
-
Click Create.
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.repository-branches %}
- To the right of the branch protection rule you want to edit, click Edit.
- Make your desired changes to the branch protection rule.
- Click Save changes.
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.repository-branches %}
- To the right of the branch protection rule you want to delete, click Delete.