Allow merge, forbid branch creation


In our team, we’re using a fork and PR model: everyone creates a fork, works on his/her own fork, and then sends a PR to merge into the main branch.

When a PR is received, someone in the team reviews it, there’s some intense back and forth, and then eventually it is merged into the main branch.

For everyone to use this workflow, we need the ability to configure users so that they are allowed to click on the “merge button” on the main repository, but they are not allowed to do things like create branches, or push directly to master.

I’ve tried a bunch of combinations with protected branches and several other settings, but so far no luck.

I suspect I stumbled upon this bug/issue here, but seems like such a simple and common workflow, that there ought to be a simple way to implement it?

Help? Suggestions?

Thank you!

Protecting the main/master branch from any write operations should be fairly easy. As for forbidding the creation of new branches, wouldn’t this interfere with the ability of your Team members to create pull requests? usually the creation of a pull request entails creating a new or branch, with some custom name. Preventing creation of new branches would also affect PRs, since they wouldn’t be able to push these branches to repositories belonging to the organization.

Although PR branches are ultimately merged into some officially sanctioned branch, created by the admins, I’m not sure you can enforce such a restriction just on the main repository (but not its forks).

Code ownership rules might help in this respect. Unfortunately access to these have been lifted from Free accounts a while ago, so I didn’t have enough time to play around with them (old repositories where I had used still preserve the old ownership rules I had created, but I can’t create new ones). But I do remember that I was able to enforce branch restrictions using patterns for branch names and targeting specific users.