Skip to content
gh-infra

Branch Protection (Classic)

Example

Section titled “Example”
spec:
  branch_protection:
    - pattern: main
      required_reviews: 1
      dismiss_stale_reviews: true
      require_code_owner_reviews: false
      require_status_checks:
        strict: true
        contexts:
          - "ci / test"
          - "ci / lint"
      enforce_admins: false
      allow_force_pushes: false
      allow_deletions: false


    - pattern: "release/*"
      required_reviews: 2
      allow_force_pushes: false

Multiple patterns can be defined. Each entry creates a separate branch protection rule.

Fields

Section titled “Fields”
FieldTypeDescription
patternstringBranch name or pattern (e.g., main, release/*)
required_reviewsintNumber of required approving reviews
dismiss_stale_reviewsboolDismiss approvals when new commits are pushed
require_code_owner_reviewsboolRequire review from code owners
require_status_checks.strictboolRequire branch to be up to date before merging
require_status_checks.contextslistRequired status check names
enforce_adminsboolApply rules to admins too
allow_force_pushesboolAllow force pushes to matching branches
allow_deletionsboolAllow deleting matching branches

Classic vs Rulesets

Section titled “Classic vs Rulesets”

See Rulesets vs Classic Branch Protection for a detailed comparison and migration guidance.