branch-protection/IMPLEMENTATION_SCRIPT.md

Branch Protection Implementation Script

Purpose: Guide for implementing branch protection policies Version: 1.0 Date: 2025-01-27

---

Prerequisites

• Repository admin access
• Understanding of branch protection policy
• Access to repository settings

---

Implementation Checklist

Pre-Implementation

• Review BRANCH_PROTECTION_POLICY.md
• Identify main/master branch name
• Identify required CI/CD checks
• Identify code owners (if CODEOWNERS file exists)
• Communicate changes to team

GitHub Implementation

Step 1: Navigate to Settings

1. Go to repository
2. Click Settings
3. Click Branches in left sidebar

Step 2: Add Protection Rule

1. Click Add rule (or edit existing rule)
2. Branch name pattern: main (or master)

Step 3: Configure Basic Protection

• Require pull request reviews before merging

  • Required number of reviewers: 1
  • Dismiss stale pull request approvals when new commits are pushed: Yes
  • Require review from Code Owners: Yes (if CODEOWNERS exists)
  • Restrict pushes that create files: No (or Yes if desired)

• Require status checks to pass before merging

  • Required status checks: [Select your CI/CD checks]
  • Require branches to be up to date before merging: Yes

• Require conversation resolution before merging: Yes (recommended)

• Require linear history: Yes (recommended)

  • Allow squash merging: Yes
  • Allow merge commits: No (recommended)
  • Allow rebase merging: Yes

Step 4: Configure Restrictions

• Do not allow bypassing the above settings: Yes (recommended)
• Do not allow force pushes: Yes
• Do not allow deletions: Yes (for main/master)

Step 5: Save

1. Click Create (or Save changes)
2. Verify rule appears in list

---

GitLab Implementation

Step 1: Navigate to Settings

1. Go to repository
2. Click Settings → Repository
3. Expand Protected branches

Step 2: Protect Branch

1. Branch: Select main (or master)
2. Allowed to merge: Maintainers (or appropriate role)
3. Allowed to push: No one
4. Allowed to force push: No
5. Click Protect

Step 3: Configure Merge Request Settings

1. Go to Settings → Merge requests
2. Configure:
   • Merge method: Merge commit or Fast-forward merge
   • Squash commits when merging: Yes (optional)
   • Delete source branch when merging: Yes (optional)

---

Verification

After implementation:

• Create test branch
• Attempt direct push to main/master (should fail)
• Create pull/merge request
• Verify review requirement
• Verify status check requirement
• Test merge process

---

Documentation

After implementation:

• Document protection status in repository README
• Link to branch protection policy
• Update team documentation
• Create exception request process (if needed)

---

Troubleshooting

Issue: Protection Rule Not Working

Solutions:

• Verify rule applies to correct branch name
• Check if user has admin rights (can bypass)
• Verify rule is saved and active
• Check for conflicting rules

Issue: Status Checks Not Appearing

Solutions:

• Verify CI/CD pipeline runs on branch
• Check status check names match exactly
• Verify status checks are required in settings
• Wait for CI/CD to complete (status checks appear after running)

Issue: Code Owner Reviews Not Required

Solutions:

• Verify CODEOWNERS file exists in repository root
• Check CODEOWNERS file format
• Verify "Require review from Code Owners" is enabled
• Verify code owners have appropriate permissions

---

Post-Implementation Review

After 1 week:

• Review any issues/complaints
• Check for exception requests
• Verify process working smoothly
• Update documentation based on feedback

---

Script Version

Version: 1.0 Last Updated: 2025-01-27 Platforms Supported: GitHub, GitLab

---

Note: Adapt this script for your specific platform and requirements.