Day 39beginnerMar 11, 2026

Enforce Code Quality with Branch Protection Rules

Branch protection rules are your safety net — they prevent broken code from ever reaching main.

cicdgithubcode-quality

What

Branch protection rules prevent direct pushes to important branches like main. They can require pull requests, passing CI checks, code reviews, and up-to-date branches before merging. In GitHub, you configure them under Settings > Branches > Branch protection rules.

Why It Matters

Without branch protection, anyone with write access can push directly to main, bypass code reviews, and merge PRs with failing tests. One bad commit on an unprotected main branch can take down production. Branch protection rules enforce your team's quality standards automatically.

Example

# GitHub Branch Protection Settings for 'main'
# Settings > Branches > Add rule > Branch name pattern: main

# Recommended settings:
# ✅ Require a pull request before merging
#    - Required approvals: 1
#    - Dismiss stale reviews when new commits are pushed
# ✅ Require status checks to pass before merging
#    - Required checks: test, lint, build
#    - Require branches to be up to date before merging
# ✅ Require conversation resolution before merging
# ✅ Do not allow bypassing the above settings
# ❌ Allow force pushes (keep disabled)
# ❌ Allow deletions (keep disabled)

# With these rules, this will be rejected:
# git push origin main
# Error: protected branch hook declined

# Instead, the correct workflow becomes:
# git checkout -b feature/my-change
# git push origin feature/my-change
# Open PR > Pass CI > Get review > Merge

yaml

Common Mistake

Not requiring status checks to pass before merging. Without this, PRs can be merged even when CI is failing. Always add your critical checks (test, lint, build) as required status checks so broken code can never reach main.

Quick Fix

Go to Settings > Branches > Edit your protection rule > Check 'Require status checks to pass' and add the exact job names from your CI workflow as required checks.