• You can enable protection on branches
  • We enabled branch protection on the main branch to:
    • not allow any direct commits/pushes to main
    • to only allow merges from a pull request
    • to not require a minimum number of reviews on the pull request
  • We scripted it all using these scripts: upsync-dev/repo-scripts


  • All of our code gets merged into the main branch
  • All developers in the team create pull requests which allows:
    • code reviews
    • visibility of changes
  • Sometimes developers commit and push changes to the main branch by accident


  • You can enable protection on any branches you wish
  • We enabled branch protection on the main branch so:
    • that no direct pushes would be allowed
    • only merges coming from a pull request would be allowed


  • We needed to make the change across a large number of repos so we scripted it
  • The person who will make the change needs admin access to the repository
  • They will need to generate a GitHub Personal Access token here
  • Get a copy of the scripts from upsync-dev/repo-scripts
  • Edit the org variable to be either your username or the name of the organisation which the repository is in
  • Edit the user variable using your username and personal access token generated earlier
  • Edit the repositories list to include all repositories that you would like to make these changes to
    • Add one per line
  • Run the script ./
  • Job done 😊

Misc Notes

  • The script contains JSON that is specific to the problem we were trying to solve
  • You are able to change the JSON based on the GitHub Branch Protections documentation
  • Examples of things you could enable:
    • forced status checks
    • minimum number of reviews on PRs before merging
    • signed commits requirement
    • more…

Further Reading