By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
What it is:Branch protection rules in GitHub let you enforce policies on who can push to a branch, require pull request (PR) approvals, and mandate status checks (like CI tests) before merging. Think of it as a bouncer at a nightclub—only certain people get in, and they must meet the dress code (status checks) and have a VIP pass (approvals).
Why it matters in production:- Prevents broken deployments: If main is protected, no one can force-push or merge untested code.- Enforces code review: Requires at least one approval before merging, reducing bugs and security flaws.- Blocks bad merges: Status checks (e.g., CI tests, security scans) must pass before merging.- Compliance & audit trails: Mandatory approvals create a paper trail for regulatory requirements (e.g., SOC 2, HIPAA).
main
Real-world scenario:You’re a DevOps engineer at a fintech startup. A junior dev accidentally force-pushes to main, breaking the production API. Without branch protection, this could take hours to fix. With protection, GitHub blocks the push and forces a PR with approvals and passing tests.
prod
git push --force
N
N=2
git bisect
release/*
1
2
ci/tests
tests.yml
@my-org/devops-team
bash git checkout main echo "test" > test.txt git add test.txt git commit -m "Test direct push" git push origin main
! [remote rejected] main -> main (protected branch hook declined) error: failed to push some refs to 'github.com/your-repo.git'
github.event.pull_request.draft
git rebase
git merge
feature/*
hotfix/*
v1.0.0
❌ "Git hooks" (not enforced on GitHub).
"How do you enforce at least 2 approvals before merging?"
❌ "Use CODEOWNERS" (only suggests reviewers, doesn’t enforce count).
"What happens if a PR has 1 approval but CI fails?"
CODEOWNERS
Challenge:Protect the dev branch in a repo so that: 1. PRs require 1 approval.2. CI tests must pass.3. Only @my-org/dev-team can push to dev.
dev
@my-org/dev-team
Solution:1. Go to Settings → Branches → Add rule.2. Set Branch name pattern to dev.3. Enable: - Require a pull request before merging - Require approvals (1) - Require status checks to pass (select your CI workflow) - Restrict who can push (add @my-org/dev-team) 4. Save.
Why it works:- GitHub enforces all selected rules before allowing merges.
git push origin main
Final Tip:Branch protection is your last line of defense against broken deployments. Treat it like a seatbelt—you hope you never need it, but when you do, it saves lives. ?
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.