TLDR
- You can enable protection on branches
- We enabled branch protection on the
main branch to:
- not allow any direct commits/pushes to
main
- to only allow merges from a pull request
- to not require a minimum number of reviews on the pull request
- We scripted it all using these scripts: upsync-dev/repo-scripts
Problem
- All of our code gets merged into the
main branch
- All developers in the team create pull requests which allows:
- code reviews
- visibility of changes
- Sometimes developers commit and push changes to the
main branch by accident
Solution
- You can enable protection on any branches you wish
- We enabled branch protection on the
main branch so:
- that no direct pushes would be allowed
- only merges coming from a pull request would be allowed
How
- We needed to make the change across a large number of repos so we scripted it
- The person who will make the change needs admin access to the repository
- They will need to generate a GitHub Personal Access token here
- Get a copy of the scripts from upsync-dev/repo-scripts
- Edit the
org variable to be either your username or the name of the organisation which the repository is in
- Edit the
user variable using your username and personal access token generated earlier
- Edit the
repositories list to include all repositories that you would like to make these changes to
- Run the script
./protect-main-branch.sh
- Job done 😊
Misc Notes
- The script contains JSON that is specific to the problem we were trying to solve
- You are able to change the JSON based on the GitHub Branch Protections documentation
- Examples of things you could enable:
- forced status checks
- minimum number of reviews on PRs before merging
- signed commits requirement
- more…
Further Reading