Protected branches ensure that collaborators on your repository cannot make irrevocable changes to branches. Enabling protected branches also allows you to enable other optional checks and requirements, like required status checks and required reviews.
Repository owners and people with admin permissions for a repository can enforce certain workflows or requirements, before a collaborator can merge a branch in your repository by creating protected branch rules.
You can create a branch rule in a repository for a specific branch, all branches, or any branch that matches a naming pattern specified with the fnmatch syntax. For example, to require any branch containing the word
release to have at least two pull request reviews before merging, you can create a branch rule for
For more information, see "Configuring protected branches."
Prioritization of protected branch rules
If a repository has multiple protected branch rules that affect the same branches, the rules that include a specific branch name have the highest priority. If there is more than one protected branch rule that references the same specific branch name, then the branch rule created first will have higher priority.
Protected branch rules that mention a special character, such as
], are applied in the order they were created, so older rules with these characters have a higher priority.
Branch protection settings
When you create a protected branch rule in a repository, collaborators cannot force push to the protected branch or delete the branch by default. You can enable other branch protection settings, so that collaborators:
- Can't merge changes into the protected branch unless required status checks pass. For more information, see "About required status checks."
- Can't merge changes into the protected branch until required reviews are approved. For more information, see "Approving a pull request with required reviews."
- Can't edit the protected branch or upload files to it from the web
- Can't merge changes into the protected branch until changes to files that have a designated code owner have been approved by that owner. For more information, see "About codeowners."
- Can't push commits to the protected branch that are not signed with a verified GPG key. For more information, see "About required commit signing."
If your repository is owned by an organization, you can restrict users or teams from pushing to a protected branch. For more information, see "About branch restrictions."