How to Protect a Branch on GitHub: Step-by-Step Guide
To protect a branch on GitHub, go to your repository's
Settings, then Branches, and add a branch protection rule for the branch you want to secure. This lets you enforce rules like requiring pull request reviews or status checks before changes can be merged.Syntax
GitHub branch protection is configured through the repository settings in the web interface, not via Git commands. The main parts are:
Branch name pattern: Specify which branch or branches the rule applies to.Require pull request reviews: Forces code review before merging.Require status checks: Ensures tests or builds pass before merging.Include administrators: Applies rules even to admins.
text
No direct CLI syntax; use GitHub web UI: 1. Go to repository > Settings > Branches 2. Click 'Add rule' 3. Enter branch name pattern (e.g., main) 4. Select protection options 5. Save changes
Example
This example shows how to protect the main branch by requiring pull request reviews and status checks before merging.
text
Steps to protect the main branch on GitHub: 1. Open your GitHub repository in a browser. 2. Click on <strong>Settings</strong> tab. 3. Select <strong>Branches</strong> from the left menu. 4. Click <strong>Add rule</strong> button. 5. In <strong>Branch name pattern</strong>, enter <code>main</code>. 6. Check <strong>Require pull request reviews before merging</strong>. 7. Check <strong>Require status checks to pass before merging</strong> and select the checks. 8. Optionally, check <strong>Include administrators</strong>. 9. Click <strong>Create</strong> or <strong>Save changes</strong>.
Output
Branch protection rule created for 'main' branch with required pull request reviews and status checks.
Common Pitfalls
Common mistakes when protecting branches on GitHub include:
- Not specifying the correct branch name pattern, so the rule doesn't apply.
- Forgetting to include administrators if you want rules to apply to them.
- Not enabling required status checks, which can allow merges without tests passing.
- Expecting branch protection to work via Git commands; it only works through GitHub settings.
text
Wrong way: - Setting branch protection for 'master' when your main branch is named 'main'. Right way: - Use the exact branch name 'main' in the protection rule.
Quick Reference
| Setting | Description |
|---|---|
| Branch name pattern | Specify which branches the rule applies to (e.g., main, release/*) |
| Require pull request reviews | Force code review before merging changes |
| Require status checks | Require tests or builds to pass before merging |
| Include administrators | Apply rules to repository admins as well |
| Restrict who can push | Limit push access to specific users or teams |
Key Takeaways
Protect branches via GitHub repository settings under Branches > Add rule.
Use exact branch names or patterns to apply protection rules correctly.
Require pull request reviews and status checks to ensure code quality.
Include administrators if you want rules to apply to all users.
Branch protection cannot be set using Git commands; it must be done in GitHub UI.