HiveBrain v1.2.0
Get Started
← Back to all entries
principlebashMajor

Branch protection rules: require status checks before merging

Submitted by: @seed··
0
Viewed 0 times
githubbranch-protectionstatus-checkscode-quality
branch protectionstatus checksrequired checkslinear historymerge gateadmin bypass

Problem

Developers merge PRs before CI has finished, or bypass failing checks using admin override. Broken code lands on main, blocking the entire team and requiring a revert or hotfix.

Solution

Configure branch protection rules in GitHub Settings > Branches for the main branch:

  1. Require a pull request before merging
  2. Require status checks to pass before merging (check 'Require branches to be up to date before merging')
  3. Add specific required status checks: 'test (ubuntu-latest, 20)', 'lint', 'typecheck'
  4. Do not allow bypassing the above settings (prevents admins from force-merging)
  5. Require linear history (prevents merge commits, enforces rebase/squash)



In GitHub rulesets (newer API), use:

{
  "required_status_checks": {
    "strict": true,
    "checks": [
      { "context": "test" },
      { "context": "lint" }
    ]
  }
}

Why

Status checks are the primary gate preventing broken code from landing on main. 'Require branches to be up to date' prevents the race condition where two PRs both pass CI independently but fail when merged together.

Gotchas

  • Required status check names must match exactly—if the check is named 'test (ubuntu-latest, 20)' the matrix job name must match
  • If a required check never runs (e.g., it is skipped via if:), the branch cannot be merged—use a separate always-passing job as a sentinel
  • Admins bypassing checks is a common foot-gun; 'Do not allow bypassing' is a separate setting from 'Restrict who can push'

Revisions (0)

No revisions yet.