Tony's CodeForge Blog

Chapter 13: Using Protected Branches and Required Reviews

devtony

Implementing branch protection rules

Implementing branch protection rules is a critical practice for maintaining the integrity of your codebase, ensuring that only thoroughly reviewed and tested code is merged into important branches like main or master. Branch protection rules can enforce specific workflows, such as requiring pull request reviews before merging, ensuring CI tests pass, and preventing force pushes. Here’s how to implement branch protection rules, followed by a hands-on example.

Introduction to Branch Protection Rules

Branch protection rules are settings in version control platforms like GitHub, GitLab, or Bitbucket that restrict certain actions on specified branches. These rules help enforce team workflows, ensure code quality, and prevent unintended changes to critical branches.

By setting up branch protection rules, teams can require that all changes to a protected branch go through a defined process, such as code reviews, successful build checks, or signed commits. This practice helps maintain a high standard of code quality and reduces the risk of introducing bugs or vulnerabilities into the codebase.

Implementing Branch Protection Rules on GitHub

  1. Navigate to the Repository Settings: Open your repository on GitHub and go to the “Settings” tab.
  2. Access Branch Protection Rules: Under “Code and automation,” click on “Branches.” Here you will find the “Branch protection rules” section.
  3. Create a New Branch Protection Rule: Click the “Add rule” button to start creating a new branch protection rule.
  4. Specify the Branch Name Pattern: In the “Branch name pattern” field, specify the branch you want to protect. For example, you might enter main or release/* to apply the rule to the main branch or all branches starting with release/.
  5. Configure Protection Rules: Select the options that suit your team’s workflow. Common settings include:
    • Requiring pull request reviews before merging
    • Requiring status checks to pass before merging
    • Enforcing branch policies like preventing force pushes and deletions
    • Requiring signed commits
  6. Save Changes: After configuring the desired rules, click the “Create” or “Save changes” button to apply the protection rules to the specified branch.

Hands-On Example

Let’s walk through a hands-on example of setting up a branch protection rule on GitHub for the main branch, requiring pull request reviews and passing status checks before merging.

Step 1: Navigate to Repository Settings

Open your repository on GitHub and click on the “Settings” tab at the top of the page.

Step 2: Access Branch Protection Rules

In the left sidebar, under “Code and automation,” click on “Branches.” You will see the “Branch protection rules” section.

Step 3: Create a New Branch Protection Rule

Click the “Add rule” button.

Step 4: Specify the Branch Name Pattern

In the “Branch name pattern” field, enter main.

Step 5: Configure Protection Rules

Select the following options to enforce:

  • Require a pull request before merging: This ensures that all changes must go through a pull request process.
  • Require approvals: Set the number of required reviews, such as 1 or 2.
  • Require status checks to pass before merging: Enable this option and select the specific CI checks that must pass.
  • Include administrators: Optionally, you can apply these rules to administrators as well.
sh

# Example command line actions related to branch protection (illustrative purposes)
# Note: Actual branch protection rules are configured through the GitHub web interface

# Ensure your branch is up-to-date and meets the protection criteria before pushing
git checkout main
git pull origin main

# Create a new branch and make changes
git checkout -b feature/my-new-feature
# ... make changes to the code ...
git add .
git commit -m "Implement my new feature"

# Push the new feature branch to the remote repository
git push origin feature/my-new-feature

# On GitHub, open a pull request from 'feature/my-new-feature' to 'main'
# Ensure all required status checks pass and request reviews

Step 6: Save Changes

Click the “Create” or “Save changes” button to apply the rules.

Benefits of Branch Protection Rules

  1. Code Quality: Enforcing pull request reviews ensures that code is reviewed by team members, catching potential issues early.
  2. Consistent Builds: Requiring status checks to pass before merging helps maintain a stable codebase by ensuring that automated tests and builds are successful.
  3. Preventing Mistakes: Restricting force pushes and deletions protects important branches from accidental or malicious changes.
  4. Enhanced Security: Requiring signed commits ensures that all commits are verified and authenticated.

By implementing and configuring branch protection rules, your team can ensure a higher standard of code quality and collaboration, reducing the risk of bugs and improving the overall reliability of your software development process.

Configuring required reviews and status checks

Configuring required reviews and status checks is a crucial aspect of maintaining code quality and stability in a collaborative development environment. Required reviews ensure that all changes are scrutinized by other team members, while status checks verify that the code meets predefined criteria, such as passing tests and adhering to coding standards, before it can be merged into the main branch. Here’s how to configure these settings, followed by a hands-on example.

Configuring Required Reviews and Status Checks on GitHub

Step 1: Navigate to Repository Settings

Open your repository on GitHub and click on the “Settings” tab located at the top of the page. This will take you to the repository’s settings.

Step 2: Access Branch Protection Rules

In the left sidebar, under “Code and automation,” click on “Branches.” This will open the “Branch protection rules” section where you can manage the rules for your branches.

Step 3: Create a New Branch Protection Rule

Click the “Add rule” button to start creating a new branch protection rule.

Step 4: Specify the Branch Name Pattern

In the “Branch name pattern” field, enter the name of the branch you want to protect, such as main.

Step 5: Configure Required Reviews

Enable the option to require pull request reviews before merging. You can specify the number of required review approvals. For example, setting it to 2 means that at least two team members need to approve the changes before they can be merged.

sh

# Example scenario: Creating a new branch and pushing changes for review
git checkout main
git pull origin main

# Create a new feature branch
git checkout -b feature/add-new-feature

# Make changes to the codebase
echo "New feature code" > new_feature.txt
git add new_feature.txt
git commit -m "Add new feature"

# Push the feature branch to the remote repository
git push origin feature/add-new-feature

# On GitHub, open a pull request from 'feature/add-new-feature' to 'main'
# Request reviews from team members to meet the required reviews criteria

Step 6: Configure Required Status Checks

Enable the option to require status checks to pass before merging. You will need to select the specific status checks that must pass. These status checks can include CI/CD pipelines, automated tests, or code quality checks.

sh

# Example: Ensuring status checks pass before merging
# Status checks typically include CI/CD pipeline results and automated test outcomes

# After pushing changes, the CI/CD pipeline runs automated tests
# Example of a status check command (depends on your CI/CD setup)
# Run tests locally to ensure they pass
./run_tests.sh

# CI/CD pipeline configuration (example using GitHub Actions)
# .github/workflows/ci.yml
name: CI
on: [push, pull_request]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Set up Python
      uses: actions/setup-python@v2
      with:
        python-version: '3.8'
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
    - name: Run tests
      run: |
        pytest
# Ensure all steps in the CI/CD pipeline pass before merging the pull request

Step 7: Save Changes

Click the “Create” or “Save changes” button to apply the configured protection rules to the specified branch.

Hands-On Example

Let’s walk through a practical example of setting up required reviews and status checks for the main branch, ensuring that all changes must pass through reviews and CI checks before merging.

  1. Navigate to Repository Settings: Open your repository on GitHub and click on the “Settings” tab.
  2. Access Branch Protection Rules: Click on “Branches” in the left sidebar under “Code and automation.”
  3. Create a New Branch Protection Rule: Click “Add rule.”
  4. Specify the Branch Name Pattern: Enter main in the “Branch name pattern” field.
  5. Configure Required Reviews: Enable the option for requiring pull request reviews before merging. Set the number of required review approvals to 2.
  6. Configure Required Status Checks: Enable the option for requiring status checks to pass before merging. Select the specific checks, such as “build” and “test,” ensuring these checks run as part of your CI/CD pipeline.
  7. Save Changes: Click “Create” or “Save changes” to apply the rules.

By configuring required reviews and status checks, you ensure that only well-reviewed and tested code is integrated into your main branch. This practice helps maintain a high standard of code quality, reduces the likelihood of introducing bugs, and ensures that the codebase remains stable and reliable.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *