Separate permissions for create vs. push on protected branches
Description
We want to ensure code reviews take place on all "protected" branches in our repository, which for us means master
, develop
and release/*
.
To achieve this we have protect those two branches and that wildcard. We only allow fast-forward merging into these protected branches and we create merge requests requiring approval of one other developer to effect those merges.
This works fine for the existing branches (master and develop). However only allowing merges (no pushes) means we can't create new release/*
branches.
We currently have two options then:
- Remove the protected branch wildcard and configure this for each and every
release/foo
branch that we create - Temporarily allow pushes to release branches whenever we want to create one (then disable afterwards).
Neither of those solutions is very elegant and both require work we'd rather avoid.
Proposal
Ideally we'd be able to prevent push to existing branches but allow it for branch creation. So if the release/foo
branch already existed then we could only get new code into that branch via a merge request (i.e. requires code review). However it would still be possible to create the as yet non-existent release/bar
branch simply by creating the branch on a local developer's machine and pushing to gitlab.
Links / references
See help on protected branches.
Use cases
This feature would be for teams that want to enforce code reviews via merge requests on all code that gets included in protected branches.
Feature checklist
Make sure these are completed before closing the issue, with a link to the relevant commit.
-
Feature assurance -
Documentation -
Added to features.yml