Design: Give full control over default branch protections
Promoted to an epic.
Original Content
Opportunity
The option to set a default branch protection was launched for groups in #7583 (closed) and for the admin area in #211944 (closed). Initially, it was shipped to allow for a not protected
option which permits developers to push to the default branch without being a maintainer.
As the functionality for protected branch configuration options grew, so did the expectations for the level of control. The 4 options that are current available do not cover all the variations of the protected branch.
Proposal
Re-locate specific settings and expand on those settings related to default branch and default branch protections. The setting will be relocated to better map to the default branch settings in the repository page. An additional option to enforce the configuration through the cascading model will be added.
Each item below is a specific part of the proposal. Before moving to workflowplanning breakdown , consider promoting to an epic and creating an issue for each individual part.
1. Merge default branch protection and default initial branch together under repository & update the section header and description
Allow owners to manage default branch protection per group
is not checked
2. Show disabled state for maintainers, when Group/Subgroup
Currently, the field is hidden from owners when not checked in the Admin Area
Before | After |
---|---|
![]() |
![]() |
3. Replace the dropdown selection for default branch protection with a form that matches protected branches
Group/Subgroup
Not protected | Protected | Protected |
---|---|---|
![]() |
![]() Admins always have control |
![]() Owners cannot change |
4. Add on the cascading setting option
Do not allow owners to change, but enforce at the group level
This is a really confusing when you look at it from a big picture. Might even be harder to explain in documentation.
Admin Area – Don't allow | Group (Admin) – Enforced | Subgroup (Admin or Owner) – |
---|---|---|
![]() |
![]() |
![]() |
Admin Area – Don't allow | Group (Owner) – |
Subgroup (Admin or Owner) – |
---|---|---|
![]() |
![]() |
![]() |