1

I was having a look at the history of my main branch in Git today, and I noticed that, despite the fact that I've configured branch protection of the main branch, and only allowed merging squash commits for PRs, one specific developer was able to commit changes to main.

So, I caught up with the developer to understand what was going on, and they were using this peculiar process to merge their code in:

  • They were creating a PR, and waiting for approval and comments resolution as usual
  • Once the PR was approved, instead of pressing the "Squash and merge" button in GitHub UI, they were:
    • opening to their terminal
    • switching the current branch to main
    • merging their PR branch in main
    • do a git push

I triple checked with the developer and:

  • They cannot push to the main branch normally, as expected
  • They only had squash merge as the only option in GitHub UI, as expected

This are my settings in GitHub:

Branch protection General

I am puzzled:

  • Why does this approach circumvent the rules configured in GitHub?
  • Why is the developer even able to push into master in the first place (even if the branch they're trying to push has been PR'd)?
  • Apart from asking to use the UI, is there anything I can actually do to prevent this behavior?
Improve this question
13
  • 1
    If you ask him to only write a comment somewhere in the code while on master and to push, will the push succeed? Commented Nov 13 at 14:29
  • 1
    That's a great question about git and github and the correspondance between merging a github PR and merging a git branch. Why is it downvoted and why is there a closevote? Commented Nov 13 at 14:50
  • 1
    @Stef I'm innocent in that and even upvoted in order to restore the balance of the universe Commented Nov 13 at 14:59
  • 1
    @Lajos: yes - tried that and the push failed, as expected. Commented Nov 13 at 15:14
  • 2
    Github support came back to me. This happens because the type of merge my developer was doing is a fast forward merge (ff) which maintains linear history. So all branch protections currently in place were met. To stop this to happen, I needed to tick the box: Restrict who can push to matching branches So long as the user is not an Organization administrator, repository administrator, and user with the Maintain role this will work and prevent this CLI ff method for regular users. Commented Nov 17 at 16:08

1 Answer 1

Reset to default
2

Github support came back to me.

This happens because the type of merge my developer was doing is a fast forward merge (ff) which maintains linear history. So all branch protections currently in place were met.

To stop this to happen, I needed to tick the box:

`Restrict who can push to matching branches`

So long as the user is not an Organization administrator, repository administrator, and user with the Maintain role this will work and prevent this CLI ff method for regular users.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.