Skip to content

Latest commit

 

History

History
43 lines (30 loc) · 3.21 KB

17_protected_branches.md

File metadata and controls

43 lines (30 loc) · 3.21 KB
Raw

Protected branches & code owners

In some workflows, you will want to protect critical branches to ensure the code being merged to those branches has passed the required checks and received appropriate peer review. There are several methods for this, including protected branches and code owners.

Protected branches

Repository maintainers can prevent merges to specific branches that have not met predefined criteria. These criteria can include peer reviews, tests run by integrations such as a Continuous Integration services or code quality, or until a specific code owner has reviewed and approved changes.

Let's enable protected branches:

  1. Select the Settings tab.
  2. Select Branches from the menu on the left side of the screen.
  3. Click the Add rule button next to Branch protection rules.
  4. In the Branch name pattern text box type the name of the branch you would like to protect, for example, main.
  5. Click the Create button.

Without checking any other options, basic branch protection prevents force-pushes and prevents it from being deleted. To learn more about the options available, check out the documentation for this feature.

Pro-tip: You can use wildcards (*, ?) and regular expressions to make a branch protection rule apply to multiple branches. Check out the branch protection documentation for more information on how wildcards and regular expression matching work.

Code owners

Repository maintainers can define exactly which people and teams need to review sets of changes by creating a CODEOWNERS file. For example, you could use CODEOWNERS to ensure:

  • your team's JavaScript expert reviews all files with a .js extension
  • your technical documentation team reviews all changes in the docs/ folder
  • your security team reviews any new dependencies listed in the package.json file

Let's create a CODEOWNERS file:

  1. Go out to the Code tab of your repository.
  2. Click the Add file drop down and then Create new file.
  3. In the Name your file... text box enter CODEOWNERS (no extension necessary). You can add this to a .github/ directory if desired by entering .github/CODEOWNERS.
  4. On the first line, type * @YOUR_USERNAME
    • This means that you will be the default owner for everything in the repo, unless a later match takes preference.
  5. On the next line, type *.js @GITHUBTEACHER
    • Order is important. The last matching pattern for a given change takes precedence.
  6. Scroll down, and type a commit message into the Commit new file dialog box.
  7. Click the Commit new file button to save your changes.
  8. Now that you have created a CODEOWNERS file, go back to your branch protection settings and click the Edit button next to main.
  9. Under Protect matching branches, select the option to Require pull request reviews before merging and Require review from Code Owners. Remember to click Save changes.

For more information on how to format the CODEOWNERS file, check out the documentation