Default Protected Branches
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
I have a large Premium, Self-Managed customer that has noticed a gap in the default configurations for branch protection.
The desired solution is for merge protection rules for protected branches to be protected by default by CODEOWNERS (default protected branches). This allows the customer to make the default ('main' in their case) branch protected. But the issue they are seeing is that protection isn't really protected because it allows for "maintainers" to push directly to the branch. This is not sufficient for their use case. They need "no one" to be able to push to the default branch. Fully protected ALSO restricts who can Merge. This means that ONLY "maintainers" can merge. This is not sufficient. They want control over who can push to protected branches, "developers" and "maintainers" to merge.
This functionality is related to the Protect initial default branches docs. While the level of granularity that the customer is seeking is possible in general, but its not part of the default "fully protected" option.