Branch Protection is preventing pushes when it should not

I’m trying to set Branch Protection for all branches (matching *), and I have ticked the following boxes only:

  • Require pull request reviews before merging
    • Dismiss stale pull request approvals when new commits are pushed
  • Require conversation resolution before merging

Those are the only rules I want to enforce, but with this configuration in place, non-admin users are unable to push to branches. The main branch had a rule to prevent pushing, but even after I removed that rule, the issue occurs with other branches. If I remove this rule for *, then push works again.

See attached screenshot

Am I misunderstanding how this is supposed to work or is this a bug?

The screenshot mentions that there’s a conflict with the main branch rules. The problem is that the wildcard is also matching main, which means that you have two different rules for main now.

You should avoid the wildcard pattern when you have other branch rules. Try using [Pb]* instead, which will match all the current branches except main (of course, it won’t cover future branches starting with different letters).

Ideally, you should come up with a consistent branch naming convention, so you can devise a rule pattern that will always work, e.g. by assuming a prefix like dev-, etc.

Thanks for replying. I could see that perhaps causing a conflict for the main branch, but not for other branches. Those should only be covered by the * rule.

Other users are unable to push to other branches like PASS2-8. They are not trying to push to main.

We also tried the * rule by itself (no rule configured for main) with the same error when trying to push.

That is what the “Require pull request reviews before merging” rule is meant to do: It prevents modifications to matching branches without going through a pull request (and reviews). Because * matches all branches, users won’t be able to push to any branch in the repository. The only way to contribute would be to fork the repository, push to the fork (where users can do what they want) and create a PR. Admins can still push because you didn’t check the “include administrators” option, as long as you don’t check that admins are exempt from the restriction.

If that’s not what you want I recommend you describe the behavior you do want, maybe someone here will know how to achieve it. :slightly_smiling_face:

1 Like

Thanks, @airtower-luna. I was thinking about this incorrectly, expecting the rules to only apply to Pull Requests, not direct pushes.

I can restrict my rules to my release branches that start with a specific prefix as suggested above. The sources of the PRs are feature branches in my case and don’t require these rules (and have a different naming convention).

Thanks for the help.

1 Like