Default Protected Branch Settings

This extends to the recent feature: https://gitlab.com/gitlab-org/gitlab-ee/issues/633

Is it possible to have the project-level setting of "Allowed to push" to be set to "No one" so that we don't have to rely on all users to remember to set this protection? Use case essentially being the same as the one the feature used, but also because it'll keep us from having to train hundreds to thousands of users on enabling that setting every time they make a project.

Hi @K73SK, thanks for your feedback!

Added ~481018 ~91796 ~155975 labels

/cc @regisF Potential feature for EE only?

@markglenfletcher @K73SK unless I haven't understood your question, this is something we already have in EE:

I'll close this issue, feel free to reopen it if this solution does not cover your needs.

Status changed to closed

The issue is not that branches cannot be protected to no one, as you point out, there is a setting for an individual project to do so. The issue is that the protection setting itself cannot be defaulted at the system level for all new projects created.

Status changed to reopened

^ What he said :)

Preferably at the group level. We have different project groups, and they use branches differently, and so need protection differently.

I can see use cases for both... And it would only make sense to set it as a hierarchy. We have a global level that is the default, but can be overwritten by a group's configuration which then can be overwritten by a project's configuration (as anything else). For our company's use case, a global configuration would be the best way to set this up because we have an overall process that we want all groups to follow.

So in summary: Why not both?

mentioned in issue #2294 (closed)

mentioned in issue #1075 (closed)

I removed my mention in issue #1075 (closed) as the default protection would not suit our needs. With our workflow we need to leave our developer branches able to push, but our release branches need to be protected. So we wouldn't use the default, but the API enhancements from #1075 (closed) would be ideal.

mentioned in issue #2653 (moved)

added customer+ label

A customer requested this via ZD: https://gitlab.zendesk.com/agent/tickets/78822 linking here.

GitLabForm, our newly open-sourced configuration-as-code tool for GitLab, provides changing branch protections setting for groups of projects.

Check it out at: https://github.com/egnyte/gitlabform

marked this issue as related to #4800 (closed)

marked this issue as related to #2653 (moved)

added priority4 severity4 and removed ~1672340 labels

mentioned in issue #6335

added Create [DEPRECATED] label

I'm running into this need as well. Would love to have an admin level setting for the default protected branch in a new project. Setting it at the group level sounds like the right approach. Would want to be able to configure which branch is default and protected (as we have currently), but also have options to restrict who is allowed to merge and who is allowed to push to the protected branch and not let the developer change that. Really just a group policy enforcement thing

added auto updated potential proposal labels

added devopscreate label

added [deprecated] Accepting merge requests label

removed [deprecated] Accepting merge requests label

added groupsource code label

added Enterprise Edition label

marked this issue as a duplicate of #18488 (closed)

closed