Branch Protection
Protected branches
Section titled “Protected branches”Apply organization rulesets to develop, release/**, and main.
Mandatory controls
Section titled “Mandatory controls”- Pull request required.
- At least one approval; two for sensitive or production paths where team size permits.
- CODEOWNER review required.
- Required status checks enforced.
- Conversations resolved.
- Force push and deletion prohibited.
- Administrators follow the rule except documented break-glass use.
- Direct pushes limited to approved automation identities.
Required checks
Section titled “Required checks”Check names should be stable because GitHub branch rules bind to names. The common CI publishes predictable checks such as quality, unit-tests, security-source, container-build, and container-scan.
Merge method
Section titled “Merge method”Prefer squash merge for short-lived feature branches unless preserving commits materially improves traceability. Release and automated forward-merges may use merge commits when history clarity requires it.