Read Anthropic’s case study about Graphite Reviewer

Index

Managing merge permissions and protected branches in GitHub

Sara Verdi
Sara Verdi
Graphite software engineer

Note

This guide explains this concept in vanilla Git. For Graphite documentation, see our CLI docs.


Managing merge permissions and protected branches in GitHub helps ensure that only authorized individuals can make significant changes to your codebase. This guide explores how to restrict who can merge pull requests, configure protected branches, and implement GitHub pull request merge restrictions effectively. We will also discuss the integration of Graphite Protections to enhance your repository’s security.

Understanding merge permissions and protected branches

Merge permissions in GitHub control who can merge pull requests into specific branches. Protected branches are a feature that prevents certain actions on branches, such as merging, without meeting specific criteria. By configuring these features, teams can enforce workflows and maintain code integrity.

Benefits of managing merge permissions:

  • Code quality: Ensures only reviewed and approved code is merged.
  • Security: Limits access to sensitive branches, reducing the risk of unauthorized changes.
  • Collaboration: Establishes clear workflows that enhance team collaboration and accountability.

Setting up protected branches in GitHub

Protected branches can be set up to enforce restrictions on who can push to or merge changes into a branch. This is typically done for branches like main or develop, where stable code resides.

Steps to configure protected branches

  1. Navigate to your repository: Go to your GitHub repository.

  2. Access settings: Click on the "Settings" tab in your repository.

  3. Branches settings: In the left sidebar, select "Branches."

  4. Add a branch protection rule: Click on "Add rule" under the "Branch protection rules" section.

  5. Define the rule:

    • Branch name pattern: Specify the branch (e.g., main).
    • Require pull request reviews before merging: Check this option to ensure that a pull request is reviewed before merging.
    • Require status checks to pass before merging: Select this to require that CI/CD checks (like tests) must pass before a pull request can be merged.
    • Restrict who can push to matching branches: This option allows you to limit who can push directly to the branch.

  6. Save changes: Click "Create" or "Save changes" to apply the rule.

Example of setting up a protected branch

Assume you want to protect the main branch so that only specific team members can merge pull requests and require at least one approval before merging.

  1. Navigate to the repository settings and go to "Branches."
  2. Add a branch protection rule for the main branch.
  3. Enable "Require pull request reviews before merging" and set "Require at least 1 approval."
  4. Enable "Restrict who can push to matching branches" and select the team members allowed to merge.

Restricting who can merge pull requests

GitHub also provides options to restrict merging based on role or individual. This can prevent unauthorized changes to critical branches.

Configuring merge restrictions

  1. Pull request reviews: As mentioned earlier, requiring reviews ensures that no one can merge a pull request without approval. This can be set up in the protected branch settings.

  2. Restricting merge permissions:

    • Team-based restrictions: You can limit merge access to specific teams within your organization. For instance, only members of the "Code Reviewers" team can merge to the main branch.
    • Individual user restrictions: If you need finer control, you can specify individual GitHub usernames who are allowed to merge.

Example of restricting merge permissions

If you have a team called "Developers" and want to ensure that only members of this team can merge into the release branch:

  1. In the branch protection settings, enable "Restrict who can push to matching branches."
  2. Select the "Developers" team to grant them merge access while preventing others.

Integrating Graphite Protections

Graphite Protections enhances GitHub’s built-in features by providing additional layers of security and compliance for merge permissions and protected branches. Here’s how to leverage Graphite:

  1. Automated policy enforcement: Graphite can automate the enforcement of your branch protection rules, ensuring compliance without manual checks.

  2. Customizable notifications: Set up alerts to notify team members when someone attempts to merge without the required approvals.

  3. Protection rules at the PR level: Graphite provides tools to control merge requirements at the individual PR level.

Takeaways

Managing merge permissions and protected branches in GitHub is important for maintaining a secure and efficient development workflow. By leveraging GitHub's branch protection features and integrating Graphite Protections, teams can enforce robust policies that safeguard their codebases while fostering collaboration.

Related guides

Managing pull request merge options and settings in GitHub

This guide shows you how to manage pull request merge options and settings in GitHub, including how ...

Understanding GitHub branch protection rules

Learn how to implement and manage branch protection rules in GitHub for multiple branches, using bot...

Pull request approval permissions and rules in GitHub

Explore the rules and permissions for pull request approvals in GitHub, including who can approve PR...

Last modified 2 months ago

On this page
Git inspired
Graphite's CLI and VS Code extension make working with Git effortless.
Learn more

Graphite
Git stacked on GitHub

Stacked pull requests are easier to read, easier to write, and easier to manage.
Teams that stack ship better software, faster.

Or install our CLI.
Product Screenshot 1
Product Screenshot 2