Github new Branch creation restriction
I was wondering if there is anyway to restrict the branch creation in GitHub. I have 4-5 branches created for a repo and would like to maintain it that way. I have applied branch restriction rules on my master branch and hence the developers cannot merge into master but they can create their own branches . Is there a way i can restrict and force developers to use the other branches that are available and not create a new one ?
Note: I use GITHUB Enterprise
For GitHub Enterprise, this is available since version 3.7.0 (2022-10-25): https://docs.github.com/enterprise-server@3.7/admin/release-notes#repositories
For public GitHub, this is supported since May 2022. See:
Block creation of branches that have matching names
Now, admins can block creation of branches that match a configured name pattern.
For example, if a repository's default branch is renamed from
mastertomain, admins can prevent any subsequent creation or push of themasterbranch so that only the new branch name is used.Previously, admins could use branch protection rules to restrict who could push to existing branches, but they couldn't block the creation of those branches.
This is now possible using a branch protection setting namedRestrict pushes that create matching branches.
To use the setting, create a new branch protection rule with a name pattern that matches the branch name you want to block (e.g., master or not-allowed*). Then, enable the settings "Restrict who can push to matching branches" and "Restrict pushes that create matching branches", as shown here:
For more information, visit About protected branches in the GitHub documentation.
We appreciate feedback on this and other topics in GitHub's public feedback discussions.
In your case, adding a rule '*' will prevent the creation of any new branch.
Does this also restricts who is able to push to existing branches on that pattern?
Would it be possible to say "prevent creation of branches with this pattern, except for these people", but then continue allowing pushing of commits still?
The branch protection feature in GitHub should allow for nuanced control over both the creation of new branches and the ability to push to existing branches.
By checking the "Restrict pushes that create matching branches" option and providing a branch name pattern, you can prevent the creation of new branches that match the pattern for everyone except the specified people, teams, or apps.
The "Restrict who can push to matching branches" option, when checked, limits who can push to existing branches that match the pattern. If this is unchecked, then anyone with push access to the repository can push the branches that match the pattern, regardless of whether they are allowed to create them.
In your case:
You want to prevent the creation of new branches except by certain people: you would use the "Restrict pushes that create matching branches" and specify the people who are allowed to create these branches.
You also wish to allow pushes to existing branches: you would make sure "Restrict who can push to matching branches" is configured to include all the people who should be able to push to existing branches.
Luiz asks in the comments:
If I create a rule for a branch, for example:
release_[0-9].[0-9]*, to prevent the creation of new branches but still allow all users to push to existing branches, how would be to set different users for "Restrict pushes that create matching branches" and "Restrict who can push to matching branches" since both are configured within the same block?
I agree: currently, when you enable both "Restrict who can push to matching branches" and "Restrict pushes that create matching branches", the list of users or teams you specify applies to both pushing to existing branches and creating new branches that match the pattern.
Unfortunately, GitHub does not allow you to set different users for these two options within the same branch protection rule.
An alternative could be a GitHub Action that triggers on branch creation events. The action can check if the user who created the branch is authorized and delete the branch if not.
However, this is a reactive approach that does not prevent the branch from being created: it only removes it afterward.
Or, since you're using GitHub Enterprise, you have the option to implement pre-receive hooks. These hooks can enforce policies before the push is accepted by the server.
The script would check if the branch being created matches the pattern and if the user is authorized.
- Rename file for all commits in a Git repository
- git pull and resolve conflicts
- How to substitute text from files in git history?
- Define git alias with the same name to shadow original command
- Specify extras_require with pip install -e
- How do I rebase my PR without adding commits to it?
- Merge git repo into branch of another repo
- How to correct `git` reporting `detected dubious ownership in repository` without adding `safe.directory` when using WSL?
- Trouble setting up git with my GitHub Account error: could not lock config file
- In a Git repository, how to properly rename a directory?
- Git submodule push
- send-pack: unexpected disconnect while reading sideband packet when pushing to local git server
- Gerrit: configure similarity index threshold (renamed file)
- Git double revert : How to keep original author?
- Gitignore not working
- git submodule deinit not working as expected after submodule url change
- How can I find/identify large commits in Git history?
- How to fix : failed to push some refs to gitlab?
- Gitlab: webhook event on create branch
- Using "x AND y" instead of "x OR y" when using --grep twice in git-log
- Issues with commit message when pre-commit hook changes files
- Unstaged changes left after git reset --hard
- How to clone only a folder from a git submodule?
- How do I checkout a branch ignoring all local changes?
- Include only tracked files with npm publish
- Prevent Pull Request builds from triggering Continuous deployment trigger Azure DevOps Server
- Heroku/Git: protocol error: bad line length character: erro
- Add all files to a commit except a single file?
- Git Bash is extremely slow on Windows 7 x64
- How to delete a git working tree branch when its working directory has been removed?