Configure branch protection

Console

To create a new branch protection rule, do the following:

1. In the Secure Source Manager web interface, select the repository you want to protect with a branch protection rule.
2. From the repository page, click Settings.
3. Click the Branch ruletab.
4. Click Add branch rule.

5. In the Branch rule IDfield, enter a name for the branch rule.

   Branch rule IDs are restricted to lower-case letters, numbers, and hyphens. The first character must be a letter, and the last character must be a letter or a number. Branch rule IDs have a 63 character maximum.

6. In the Branch filterfield, enter the name of the branch you want the rule to apply to, or if you want the rule to apply to all branches, enter .* . Full regular expression matching is not supported.

   Enabled branch rule filters must be unique to their repository. Users can have multiple disabled branch rule filters. For example, you can't have two enabled branch rules in a single repository with the branch filter main .

   When multiple rules are applicable for a branch, the branch rule with a specific branch name as the branch filter will override the wildcard rule. For example, a branch rule with branch filter main will override a branch rule with the branch filter .* . Rules are not combined.

7. In the Branch protection rule detailssection, specify the requirements for your branch rule from the following options:

   • Require a pull request before merging: if enabled, direct commits to the branch will be blocked. A pull request must be opened before merging into the protected branch.

   • Required number of reviewers: specify the number of reviewers required to approve in order to merge the pull request.

   • Required number of approvers: specify the number of approvers required to approve in order to merge the pull request.

     Reviewers and approvers are users with specific IAM roles. To learn which roles are required for reviewers and approvers, see Branch protection overview .

   • Block merge on stale reviews and approvals: if enabled, a review or approval is removed if new commits are pushed to the pull request after the review or approval is granted.

   • Require conversation resolution before merging: if enabled, all code comments and request change reviews must be resolved before merging.

   • Require linear history: if enabled, pull requests that would create a non-linear Git history can't be merged.

   • Require status checks: if enabled, the selected build status checks must be successful before a pull request can be merged. You must configure triggers in your triggers file before you can select them as status checks for branch protection.

8. To save the branch rule, click Submit.

The Branch rulestab is displayed, with your new branch rule listed.

Terraform

To learn how to apply or remove a Terraform configuration, see Basic Terraform commands . For more information, see the Terraform provider reference documentation .

The following example configuration creates a branch protection rule for the main branch.

Before using the sample, replace the following:

• BRANCH_RULE_ID : the ID of the branch protection rule.
• PROJECT_ID : the project ID.
• LOCATION : the location of the repository.
• REPOSITORY_ID : the ID of the repository.
• BRANCH_NAME_PATTERN : the branch name or regex pattern, such as main .

  resource 
  
 "google_secure_source_manager_branch_rule" 
  
 "default" 
  
 { 
  
 branch_rule_id 
  
 = 
  
 " BRANCH_RULE_ID 
" 
  
 project 
  
 = 
  
 " PROJECT_ID 
" 
  
 location 
  
 = 
  
 " LOCATION 
" 
  
 repository_id 
  
 = 
  
 " REPOSITORY_ID 
" 
  
 include_pattern 
  
 = 
  
 " BRANCH_NAME_PATTERN 
" 
  
 minimum_approvals_count 
  
 = 
  
 2 
  
 minimum_reviews_count 
  
 = 
  
 2 
  
 require_comments_resolved 
  
 = 
  
 true 
  
 require_linear_history 
  
 = 
  
 true 
  
 require_pull_request 
  
 = 
  
 true 
  
 disabled 
  
 = 
  
 false 
  
 allow_stale_reviews 
  
 = 
  
 false 
 }