Issue #4404 duplicate

Read only "Master" branch, everything has to be done through Pull Requests

Hindsight Software
created an issue

Pull Requests are a great code review tool. On projects where code review is enforced for regulatory requirements (SOX, PCI etc...) it would be handy if the "master" branch would only accept modifications via pull requests and not pushes. This would enforce the code review process and provide evidence to the compliance officer of the regulatory requirements being met.

This would only apply to a single branch like "master" or configured branch, and users with write permissions can continue to push to other branches in the repository. This is a very basic form of Branch ACL (#3276) but with a narrow scope providing lots of value within the corporate environment.

Comments (3)

  1. Marcus Bertrand staff

    We've considered features like this and declined to implement them in the past. The main reason being that you can achieve this control with a workflow where you keep your "main" repo set to read only, and then allow users to only interact via a pull request from forks of your repo. This way you have an opportunity to review ALL changes and allow them in without anyone else having the ability to push.

    You can create these forks within your same team account and name them something like "username-f-reponame" or some other naming convention. Each of your users can also create their own forks and submit pull requests that way.

    If you have a use-case where maintaining permission over the main repo won't work in your case, please let us know here. Otherwise, I'll mark this as won't fix for now.

  2. Log in to comment