Is there a way to deny pushes but still allow merging PRs?

Occasionally someone makes a mistake by pushing something they shouldn’t, so it would be nice to deny pushing so that the only changes done to a repository are through merging PRs. I know that you can remove write access, but this also prevents merging PRs. Is it possible to only prevent pushes on GitHub?

@aaronfranke - Great question! Have you considered leveraging protected branches for your use case?

Protected branches ensure that collaborators on your repository cannot make irrevocable changes to branches. Enabling protected branches also allows you to enable other optional checks and requirements, like required status checks and required reviews. Our team wrote a guide for defining the mergeability of pull requests that may be worth checking out.

Once you have protected branches setup on your repository, those with write access will still be able to push to branches that are not protected, but any pushes from them attempting to update the protected branch(es) will be rejected.

If you’re just getting started with protected branches, one of my colleagues published a guide covering best practices for protected branches that could be useful.

Does that help with what you’re looking to do? :thought_balloon: