Ever been in a position where you wish you could prevent your teammates from merging unapproved code from a development branch to the main branch?
Do you want to prevent merging code which you are not sure of its build status to your main branch?
Recently, I found myself in this situation and I plan to share a concept which helped me out - 'Branch Protection in GitHub'.
Branch protection is the act of setting rules to prevent certain actions from occurring on your branch(es) without your approval.
This article focuses on, preventing branches (development etc) from being merged to the main branch; such that before any merge can occur, a pull request would require a selected reviewer to review the request and then merge the commit.
It is expected that you have prior knowledge of:
- CI/CD tools (in this article, Travis CI)
We take the following steps:
- Click on the
Settingsoption in your repository and then
Branches(located on the left hand side of the page)
- Click on
Add Ruleto create the rule(s) for your branch of choice
- Next, under
Branch name patterntype in the name of the branch you want to protect
For this article, we choose the following rules:
- 'Require pull request reviews before merging': we limit the number of required reviews to 1 (you can choose to increase the required reviews).
- Then, we select
Include administrators, to ensure that as owners of the branch, our pull requests will have to be reviewed before a merge can occur (I mean, nobody is above mistakes 🥴)
Finally, we click on the 'Save changes' button to save our settings.
According to the Travis CI documentation, 'Travis CI supports your development process by automatically building and testing code changes, providing immediate feedback on the success of the change. Travis CI can also automate other parts of your development process by managing deployments and notifications.'
It is a Continuous Integration/Continuous Deployment tool which automatically runs the test(s) you specify in a .travis.yml file and sends you a report stating the build status of your commit, in this way, broken code is prevented from being pushed to production.
A simple Travis script can be written as follows:
- "3.6" # current default Python on Travis CI
# command to install dependencies
- pip install -r requirements.txt
# command to run tests
- python -m unittest test
From the above script, and in other Travis scripts, commands are used to perform different operations. The ones used here are:
language: This is used to specify the programming language in which our code is written (in this case Python).
python: We can specify the language version to run our tests against.
install: This is used to specify the language specific command to install dependencies upon which our code is dependent.
script: This is used to specify the language specific command to run our pre-defined tests.
branches: the 'only' option shows the branches we want to build using a safelist (in this case 'main' and 'dev')
Now, to check out if all our branch protection and CI/CD rules work, we push some code to our secondary branch and open up a pull request.
The pull request will fail.
voila, we are unable to merge our pull request to the main branch (it's the audacity for me😁).
We are told that our pull request needs to be reviewed, so we add a reviewer by clicking on the icon next to 'Reviewers'.
Also, our builds passed (yay!), so our reviewer will be more confident in merging our pull request.
More information can be found in the GitHub Docs.
Feel free to check out my repository on which this article was built
I hope we protect our branches better from now onwards.
Feel free to reach out to me via Linkedin