# Branch Protection Implementation Script **Purpose**: Guide for implementing branch protection policies **Version**: 1.0 **Date**: 2025-01-27 --- ## Prerequisites - Repository admin access - Understanding of branch protection policy - Access to repository settings --- ## Implementation Checklist ### Pre-Implementation - [ ] Review [BRANCH_PROTECTION_POLICY.md](./BRANCH_PROTECTION_POLICY.md) - [ ] Identify main/master branch name - [ ] Identify required CI/CD checks - [ ] Identify code owners (if CODEOWNERS file exists) - [ ] Communicate changes to team ### GitHub Implementation #### Step 1: Navigate to Settings 1. Go to repository 2. Click **Settings** 3. Click **Branches** in left sidebar #### Step 2: Add Protection Rule 1. Click **Add rule** (or edit existing rule) 2. Branch name pattern: `main` (or `master`) #### Step 3: Configure Basic Protection - [x] **Require pull request reviews before merging** - Required number of reviewers: `1` - Dismiss stale pull request approvals when new commits are pushed: `Yes` - Require review from Code Owners: `Yes` (if CODEOWNERS exists) - Restrict pushes that create files: `No` (or `Yes` if desired) - [x] **Require status checks to pass before merging** - Required status checks: [Select your CI/CD checks] - Require branches to be up to date before merging: `Yes` - [x] **Require conversation resolution before merging**: `Yes` (recommended) - [x] **Require linear history**: `Yes` (recommended) - Allow squash merging: `Yes` - Allow merge commits: `No` (recommended) - Allow rebase merging: `Yes` #### Step 4: Configure Restrictions - [x] **Do not allow bypassing the above settings**: `Yes` (recommended) - [x] **Do not allow force pushes**: `Yes` - [x] **Do not allow deletions**: `Yes` (for main/master) #### Step 5: Save 1. Click **Create** (or **Save changes**) 2. Verify rule appears in list --- ### GitLab Implementation #### Step 1: Navigate to Settings 1. Go to repository 2. Click **Settings** → **Repository** 3. Expand **Protected branches** #### Step 2: Protect Branch 1. Branch: Select `main` (or `master`) 2. Allowed to merge: `Maintainers` (or appropriate role) 3. Allowed to push: `No one` 4. Allowed to force push: `No` 5. Click **Protect** #### Step 3: Configure Merge Request Settings 1. Go to **Settings** → **Merge requests** 2. Configure: - Merge method: `Merge commit` or `Fast-forward merge` - Squash commits when merging: `Yes` (optional) - Delete source branch when merging: `Yes` (optional) --- ## Verification After implementation: - [ ] Create test branch - [ ] Attempt direct push to main/master (should fail) - [ ] Create pull/merge request - [ ] Verify review requirement - [ ] Verify status check requirement - [ ] Test merge process --- ## Documentation After implementation: - [ ] Document protection status in repository README - [ ] Link to branch protection policy - [ ] Update team documentation - [ ] Create exception request process (if needed) --- ## Troubleshooting ### Issue: Protection Rule Not Working **Solutions**: - Verify rule applies to correct branch name - Check if user has admin rights (can bypass) - Verify rule is saved and active - Check for conflicting rules ### Issue: Status Checks Not Appearing **Solutions**: - Verify CI/CD pipeline runs on branch - Check status check names match exactly - Verify status checks are required in settings - Wait for CI/CD to complete (status checks appear after running) ### Issue: Code Owner Reviews Not Required **Solutions**: - Verify CODEOWNERS file exists in repository root - Check CODEOWNERS file format - Verify "Require review from Code Owners" is enabled - Verify code owners have appropriate permissions --- ## Post-Implementation Review After 1 week: - [ ] Review any issues/complaints - [ ] Check for exception requests - [ ] Verify process working smoothly - [ ] Update documentation based on feedback --- ## Script Version **Version**: 1.0 **Last Updated**: 2025-01-27 **Platforms Supported**: GitHub, GitLab --- **Note**: Adapt this script for your specific platform and requirements.