Create branch protection rules at an organization level

I’m looking to see if there is a way to apply a default branch protection rule on master that is provided to all newly created repos. So let’s say my organiztion is 

Jason

which has the repos

Jason/eatsLunch

Jason/eatsDinner

Jason/sleepsLate

Is there a way to make a default protection for master that applies to any new repos I create, like

Jason/doesTheDishes

Jason/doesLaundry

so that a rule would be created for master branch that requires an approved PR to commit to master and that approvals are automatically dismissed if a new upload to the branch becomes available, etc. Right now, we have a guide for my team on setting this up when they make a new repo, but we’d like something a bit more automatically enforced. Is there angle through the API I should investigate?

13 Likes

Hi @grigjd3,

Thanks for reaching out! If you’re a repository owner or have admin permissions in a repository, you can customize branch protections in the repository and enforce certain workflows per repo, perhaps CODEOWNERS could work here?

1 Like

Thanks, I think either I’m misunderstanding CODEOWNERS or I am doing a bad job of communicating.  I realize I can add branch protections in a repo. What I’m trying to address is making sure that when my engineering team starts new projects (we do this fairly often), that we always have the same branch protections on master in each new project. If the person creating the new repo under our org has to manually set the branch protections each time, there are chances it won’t get set correctly.  

It would be great if I could set a template branch protection for master that gets automagically applied to every new repo under our org. If the answer is that this functionality doesn’t exist, I’ll try to handle this through documentation or maybe through cloning a template repo, but it would be nice if this capability were built into github, given that github adds the concept of organizations on top of git.

5 Likes

Hi @grigjd3 

Unfortunately, there is no native capability to standardize branch protection rules across an Organization in GitHub (As of this reply). We are working on it and in the interim I see many of our Enterprise customers developing automation for this purpose either as a GitHub App or (soon) an Org level Action. When a repo is created, when rules are modified (if webhook available) and on Cron they scan the repo(s) and enforce their protection rules using the API.

1 Like

Also really surprised there’s no way to specify default branch protection rules for the organization or account to apply to all new repos. This should definitely be a core feature.

4 Likes

+1 for this feature.

1 Like

+1. this is something that’s sorely needed.

1 Like

+1 Any update on this?

1 Like

+1 for this feature.

+1, about to write a very unnecessary lambda for this

Edit: thought maybe we could use template repositories for this, but repositories created from templates do not inherit branch protection rules either.

I was also looking forward to this functionality. We already have hundreds of repositories and checking all the rules for each one of them is really time-consuming.

1 Like

This would be important for us as well. Not only will we have to spend time automating it properly but when trying to prove certain configurations for compliance purposes it is much easier when it is enforced at org level than to explain the baseline, the automation tools, the scheduling, etc.

Thanks!

2 Likes

+1 for this - this would be a key feature for our enterprise to better manage branching practices…

1 Like

Hi @andreagriffiths11, is there any chance of this function being implemented? And if yes, when, whats the ( estimated ) time for this?

Judging by this topic alone, this is very much needed functionality. I also would very much love seeing this incorporated.

1 Like

I would note, gitlab has this feature: Visibility and access controls | GitLab

So does Bitbucket: https://confluence.atlassian.com/bitbucketserver/using-branch-permissions-776639807.html#Usingbranchpermissions-Addbranchpermissionsforallrepositoriesinaproject

+1 for this feature, please!

+200 from PagonNxt Organization for this feature, please!

+100, this should be implemented to solve scalability issues

+1, please, Azure DevOps has this and it is super useful!