How to Configure Branch Protection Rules per Strategy
Branch protection turns a strategy into a guarantee: it blocks merges to protected branches until required checks and reviews pass.
Which branches you protect follows your strategy. Trunk-based and GitHub Flow protect main. GitFlow also protects develop and main. GitLab Flow protects environment branches. Configure required checks and reviews with the gh CLI or a ruleset.
Steps
- Identify the branches that must always be releasable for your strategy.
- Require the CI status check to pass before merge.
- Require at least one approving review and dismiss stale approvals on new pushes.
- Enforce linear history if you rely on rebase or squash merges.
Configure with the gh CLI
Terminal
gh api -X PUT repos/OWNER/REPO/branches/main/protection \
-f "required_status_checks[strict]=true" \
-f "required_status_checks[contexts][]=verify" \
-f "enforce_admins=true" \
-F "required_pull_request_reviews[required_approving_review_count]=1" \
-f "restrictions=null"Gotchas
- Protecting too many branches slows small teams; protect only what must stay green.
- A required check that can be skipped by a path filter blocks merges; add a placeholder job.
Related guides
How to Require Passing Checks on Protected BranchesMake specific CI checks required on a protected branch so a pull request cannot merge until those exact jobs…
How to Set CI Triggers per Branch With Push and PR FiltersControl which branches run CI using on.push.branches and on.pull_request.branches filters, so feature, develo…
How to Choose a Merge, Rebase, or Squash Policy per StrategyPick a merge, rebase, or squash policy that fits your branching strategy, and enforce it with repository sett…