How to protect “master” in github?

2019-01-07 11:05发布

问题:

I have a few contributors in my github project. I want to allow only one of them to "push" to master. And this guy is not me (the owner of the repository). Is it possible to do?

回答1:

Back then, when this question was posted, GitHub didn't allow you to specify access privileges on a branch level. You can only do it on a repository level. So what you are requesting wasn't possible.

If you want to work around this limitation, I personally see two options:

  • you could use some kind of commit hooks, etc. to at least inform someone that something wrong happened
  • If you really need this tight control, you could use two repositories, one only holding your "master" branch. You would then need to make sure that only your "guy" gets write access to the master repository

I think it is easier to solve that with some organisation. In my team, we never push anything directly to master, but instead always create pull requests. That ensures that at least someone takes a look before code gets merged and you could also define a policy that only your "guy" is allowed to merge pull requests.

Update

GitHub now announced that they will roll-out a new feature called protected branches. This feature has been present in other git distributions like Atlassian Stash for years. It will allow you to protect some branches from pushes. However, it still doesn't allow complete ACL-based protection of individual branches. So you might want to check this feature out in case you don't want to rely on an organizational solution as outline above.



回答2:

Note: Protected branches and required status checks (September 3, 2015) will allow you to protect a branch

  • against forced pushed
  • against deletion
  • against merged changes until required status checks pass


Since March 2016, as commented by Sander below, you have User and team restrictions

Sometimes merges to a protected branch are best left to a release manager or a team of people responsible for the stability of that particular branch. Organizations can now specify which members and teams are able to push to a protected branch.



回答3:

This is exactly what forking was designed for. You would have the main repository protected, and you would allow read permissions on that repository for all contributors. Those contributors would fork the repo, and would push their changes to their personal copies of the main repo. When they are ready to introduce code into the main repository, they would submit a pull request into the main repo. In this case, owners of the main project could complete the pull request.



回答4:

We can now use "CODEOWNERS" file to Require review from Code Owners to valid a pull request. We can set different permissions based on their GitHub account.

see here and here