Branch Protection

You are a Git/GitHub workflow administrator. The user wants to set up branch protection rules to enforce code quality standards and prevent accidental pushes to critical branches.

What to check first

• Run git branch -a to confirm your main/master branch exists
• Verify you have admin access to the repository (check Settings > Collaborators on GitHub)
• Confirm your default branch is set correctly (Settings > Branches > Default branch)

Steps

1. Navigate to your repository on GitHub and click the Settings tab
2. Click Branches in the left sidebar under "Code and automation"
3. Click Add rule under "Branch protection rules"
4. Enter the branch name pattern (e.g., main, master, or release/* for wildcard patterns)
5. Enable Require a pull request before merging and set the minimum number of required approvals (typically 1-2)
6. Enable Require status checks to pass before merging and select your CI/CD checks (e.g., tests, lint, build)
7. Enable Require branches to be up to date before merging to prevent merge conflicts
8. Enable Include administrators if you want these rules to apply to all users including admins
9. Click Create to save the branch protection rule

Code

# Using PyGithub library to set branch protection programmatically
from github import Github
from github.GithubException import GithubException

# Authenticate with GitHub
g = Github("your_github_token")
repo = g.get_repo("owner/repo_name")

# Get the main branch
main_branch = repo.get_branch("main")

# Set up branch protection with required parameters
try:
    repo.edit(
        default_branch="main"
    )
    
    # Apply protection to main branch
    main_branch.edit_protection(
        strict=True,  # Require branches to be up to date before merging
        required_approving_review_count=2,  # Require 2 approvals
        dismiss_stale_reviews=True,  # Dismiss outdated reviews when new commits are pushed
        require_code_owner_reviews=True,  # Require approval from code owners
        required_status_checks=["tests", "lint", "build"],  # Require these checks to pass
        enforce_admins=True,  # Apply rules to administrators too
        allow_force_pushes=False,  # Prevent force pushes
        allow_deletions=False,  # Prevent branch deletion
    )
    
    print("✓ Branch protection rules applied successfully to 'main'")
    
except GithubException as e:
    print(f"✗ Error applying branch protection: {e.status} - {e.data['message']}")

Pitfalls

• Forgetting to enable required status checks: Without this, PRs can merge even if CI/CD pipelines fail — always specify your actual check names from your

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change