I’m using Enterprise Cloud.
Use case: I want to allow a “core” team to push to any branch of a repository and have a *“collaborators” team restricted to push to branches in the form “collaborators/[anything here]”.
What I tried:
- I created two teams: core and collaborators. Core is granted maintain role to the repo, while collaborators is granted write role.
- I added two branch protection rules:
- core is allowed to push to “**/**”
- collaborators is allowed to push to “collaborators/**”
What I get:
- No matter the order of the branch protection rules above, members of the collaborators team will be able to push to all branches, not being restricted to “collaborators/[anything here]” branches, as I expected. Members of the core team can push to any branch, as expected.
- If I reduce the access level of the collaborators team to just read I can’t even list the team in a rule (somehow expected).
- Members of the collaborators team are not Organization owners.
What I’m missing?