Skip to content

Branch Protection

Apply organization rulesets to develop, release/**, and main.

  • Pull request required.
  • At least one approval; two for sensitive or production paths where team size permits.
  • CODEOWNER review required.
  • Required status checks enforced.
  • Conversations resolved.
  • Force push and deletion prohibited.
  • Administrators follow the rule except documented break-glass use.
  • Direct pushes limited to approved automation identities.

Check names should be stable because GitHub branch rules bind to names. The common CI publishes predictable checks such as quality, unit-tests, security-source, container-build, and container-scan.

Prefer squash merge for short-lived feature branches unless preserving commits materially improves traceability. Release and automated forward-merges may use merge commits when history clarity requires it.