Branch Protection Rules

Concept

Branch protection rules (set on GitHub: Settings → Branches) keep main clean:

Require PR before merging — no direct pushes.
Require status checks to pass — CI green, type-check green.
Require approvals — N reviewers.
Dismiss stale approvals when new commits are pushed — reviewers re-look after rebase.
Require signed commits — GPG/SSH verified authorship.
Restrict who can push — only release engineers, or admins.
Disable force pushes — preserves history immutability.
Disable deletions — accidental delete of main is impossible.

For OSS, "Require resolution of conversations" stops PRs merging with open review threads.

Combined: a developer cannot bypass review by force-pushing, deleting branches, or skipping CI. Most production incidents traceable to "I just pushed it directly" disappear.

Challenge

Inspect your remote (then go set branch protection on the web)

WorkshopSimulated · no real damage

Terminal~/project·main

Idle

Working treemain

Not a git repository. git init to start.

Commit graph

main

Commits will appear here.

Each command rewrites this graph in real time.