You can require pull requests to pass a set of checks before they can be merged. For example, you can block pull requests that don't pass status checks or require that pull requests have at least one approved review before they can be merged.

By default, any pull request can be merged at any time, unless the head branch is in conflict with the base branch. But as your project matures and stabilizes, you can choose to enforce restrictions on how a pull request is merged into your repository.

About protected branches

Protected branches ensure that collaborators on your repository cannot make irrevocable changes to branches. Enabling protected branches also allows you to enable other optional checks and requirements, like required status checks and required reviews.

Configuring protected branches

Repository administrators can protect a specific branch in the repository to limit branch manipulation.

About required status checks

Required status checks ensure that all required CI tests are passing before collaborators can make changes to a protected branch.

Types of required status checks

You can set up required status checks to either be "loose" or "strict." The type of required status check you choose determines whether your branch is required to be up to date with the base branch before merging.

Enabling required status checks

Repository administrators can enforce required status checks before a branch is merged in a pull request or before commits on a local branch can be pushed to the protected remote branch.

About branch restrictions

Branches within repositories that belong to organizations can be configured so that only certain users or teams can push to the branch.

Enabling branch restrictions

Repository administrators for organizations can enforce branch restrictions so that only certain users or teams are able to push to a protected branch.

About required reviews for pull requests

Required reviews ensure that pull requests have at least one approved review before collaborators can make changes to a protected branch.

Enabling required reviews for pull requests

Repository administrators can enforce required reviews so that pull requests must have at least one approved review before they are merged.

About required commit signing

Required commit signing ensures that collaborators can only push verified signed commits to a protected branch.

Enabling required commit signing

Repository administrators can enforce required commit signing on a branch to block all commits that are not signed with a verified GPG key.