Skip to content

feat: add branch protection configuration file #429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 3 commits into from
Closed

feat: add branch protection configuration file #429

Copilot wants to merge 3 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 26, 2026
edited
Loading

Branch protection rules were configured manually in the GitHub UI, creating risk of drift and loss during repository operations. This adds version-controlled protection rules via Probot Settings App.

Changes

  • .github/settings.yml: Branch protection configuration for main

    • 12 required status checks covering build (Node 18/20/22), linting, type checking, test coverage, examples, security scans (CodeQL, Trivy)
    • 1 required approval
    • Enforce up-to-date branches (strict: true)
    • Repository settings (merge options, security features)

  • CONTRIBUTING.md: Document branch protection requirements and settings file usage

Configuration

branches:
  - name: main
    protection:
      required_pull_request_reviews:
        required_approving_review_count: 1
      required_status_checks:
        strict: true
        contexts:
          - "Build and Lint (Node 18)"
          - "Build and Lint (Node 20)"
          - "Build and Lint (Node 22)"
          - "ESLint"
          - "TypeScript Type Check"
          - "Test Coverage Report"
          - "Test Examples"
          - "Analyze (javascript-typescript)"
          - "Analyze (actions)"
          - "Scan Agent Container"
          - "Scan Squid Container"
          - "pr-title"

Status check names verified against workflow job definitions. Settings managed by Probot Settings App.

Original prompt

This section details on the original issue you should resolve

<issue_title>[plan] add branch protection configuration file</issue_title>
<issue_description>## Objective

Create a .github/settings.yml file to codify branch protection rules for the main branch, making required status checks version controlled.

Context

Currently, branch protection rules are configured manually in the GitHub UI. This creates risks:

  • Settings can drift over time
  • Configuration is lost during repository transfers
  • No audit trail for changes to protection rules

Approach

  1. Create .github/settings.yml file
  2. Define protection rules for main branch:
    • Require status checks: Build and Lint (Node 18, 20, 22), Test Coverage, TypeScript Type Check, Test Examples, CodeQL, Trivy Container Scan
    • Require 1 approving review
    • Enforce up-to-date branches before merge
  3. Document the configuration in README or CONTRIBUTING.md

Files to Create/Modify

  • Create: .github/settings.yml
  • Update: README.md or CONTRIBUTING.md (document the settings file)

Acceptance Criteria

  • .github/settings.yml exists with comprehensive branch protection rules
  • All currently required status checks are included
  • PR review requirements are specified
  • Configuration is documented for maintainers

References

AI generated by Plan Command for discussion #345

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 2 commits January 26, 2026 23:03
@Mossaka
feat: add branch protection configuration file
2d65f7f 
- Create .github/settings.yml with comprehensive branch protection rules
- Define required status checks for main branch:
  * Build verification across Node 18, 20, 22
  * Code quality checks (ESLint, TypeScript type checking)
  * Test coverage with regression detection
  * Examples testing
  * Security scanning (CodeQL, Trivy container scans)
  * PR title validation
- Require 1 approving review
- Enforce up-to-date branches before merge
- Document configuration in CONTRIBUTING.md

Closes #348

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
fix: correct pr-title status check name in settings.yml
7387e3a 
The pr-title job doesn't define an explicit name field, so GitHub uses
the job ID as the status check name.

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copilot AI changed the title [WIP] Add branch protection configuration file feat: add branch protection configuration file Jan 26, 2026
Copilot AI requested a review from Mossaka January 26, 2026 23:05
@Mossaka Mossaka closed this Jan 26, 2026
@github-actions github-actions bot mentioned this pull request Jan 26, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mossaka Mossaka Awaiting requested review from Mossaka

Assignees

@Mossaka Mossaka

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[plan] add branch protection configuration file

2 participants

@Mossaka