Branch Protection in GitHub

Ever been in a position where you wish you could prevent your teammates from merging unapproved code from a development branch to the main branch?

Do you want to prevent merging code which you are not sure of its build status to your main branch?

Recently, I found myself in this situation and I plan to share a concept which helped me out - 'Branch Protection in GitHub'.

What is Branch Protection?

Branch protection is the act of setting rules to prevent certain actions from occurring on your branch(es) without your approval.

This article focuses on, preventing branches (development etc) from being merged to the main branch; such that before any merge can occur, a pull request would require a selected reviewer to review the request and then merge the commit.

Prerequisites

It is expected that you have prior knowledge of:

• Github
• CI/CD tools (in this article, Travis CI)

Check out this guides for an introduction to Github and creating a simple .travis.yml file

Setting up branch protection rules

We take the following steps:

• Click on the Settings option in your repository and then Branches (located on the left hand side of the page) - Click on Add Rule to create the rule(s) for your branch of choice

• Next, under Branch name pattern type in the name of the branch you want to protect

• For this article, we choose the following rules:

  • 'Require pull request reviews before merging': we limit the number of required reviews to 1 (you can choose to increase the required reviews).
  • Then, we select Include administrators , to ensure that as owners of the branch, our pull requests will have to be reviewed before a merge can occur (I mean, nobody is above mistakes 🥴)

• Finally, we click on the 'Save changes' button to save our settings.

Setting up our Travis CI script

According to the Travis CI documentation, 'Travis CI supports your development process by automatically building and testing code changes, providing immediate feedback on the success of the change. Travis CI can also automate other parts of your development process by managing deployments and notifications.'

It is a Continuous Integration/Continuous Deployment tool which automatically runs the test(s) you specify in a .travis.yml file and sends you a report stating the build status of your commit, in this way, broken code is prevented from being pushed to production.

A simple Travis script can be written as follows:

language: python
python:
  - "3.6"      # current default Python on Travis CI

# command to install dependencies
install:
  - pip install -r requirements.txt

# command to run tests
script:
  - python -m unittest test

# safelist
branches:
  only:
  - main
  - dev

From the above script, and in other Travis scripts, commands are used to perform different operations. The ones used here are:

• language: This is used to specify the programming language in which our code is written (in this case Python).

• python: We can specify the language version to run our tests against.

• install: This is used to specify the language specific command to install dependencies upon which our code is dependent.

• script: This is used to specify the language specific command to run our pre-defined tests.

• branches: the 'only' option shows the branches we want to build using a safelist (in this case 'main' and 'dev')

Demo Time

• Now, to check out if all our branch protection and CI/CD rules work, we push some code to our secondary branch and open up a pull request.
  
  The pull request will fail.
  
  voila, we are unable to merge our pull request to the main branch (it's the audacity for me😁).

• We are told that our pull request needs to be reviewed, so we add a reviewer by clicking on the icon next to 'Reviewers'.

• Also, our builds passed (yay!), so our reviewer will be more confident in merging our pull request.

More information can be found in the GitHub Docs.

Feel free to check out my repository on which this article was built

I hope we protect our branches better from now onwards.

Feel free to reach out to me via Linkedin

Selah!!