A while back, when
Github started adding
branch protection rules, I wanted to make sure that not just
anyone could try to make
remote origin on my public repositories. So I made sure at the very least to lock my
main branch (or
master with older repositories). That way it was
“read only” for everyone
except myself. Later, I even added this
private repositories in case if I temporarily made them
public for whatever reason.
But I never remember getting any messages referring to these
branch protection rules until
Friday, March 24, 2023, when
Github had accidentally published
SSH key on a
public repository. And I thought,
“What is going on? Why am I receiving this message, and what does it mean? Because I have admin access to all my repos. I should be able to do whatever I want!”. And
“Why am I not getting this message when I was pushing to another repository around the same time?” I had not set up
branch protection on that branch because it was a
Now I am adding at the very least this one
branch protection rule, whether the
repository is private or not!
I got back the following in
Terminal after running the
git push origin main command to
local repo commits to
remote origin for a repository in which I turned on
“locked branch: read only” for my
git push origin main Enumerating objects: 21, done. Counting objects: 100% (21/21), done. Delta compression using up to 10 threads Compressing objects: 100% (14/14), done. Writing objects: 100% (14/14), 2.71 KiB | 925.00 KiB/s, done. Total 14 (delta 10), reused 0 (delta 0), pack-reused 0 remote: Resolving deltas: 100% (10/10), completed with 7 local objects. remote: Bypassed rule violations for refs/heads/main: remote: remote: - Cannot change this locked branch remote: To github.com:interglobalmedia/inter-jobs-api.git 177ab81..48ba239 main -> main
I got the
“Bypassed rule violations for refs/heads/main” and
“remote: - Cannot change this locked branch” because I had selected
“Lock branch Branch is read-only. Users cannot push to the branch.” within the repository
Settings for Branches under
Branch Protection Rules. I suppose
Git was updated to include those reminders to us as to which
protection(s) we have turned on in our remote repositories, thereby letting us know that it knows, and
Github knows and recognizes that those
protections are indeed in place and working.
So why weren't
protections working for
Friday, March 24, 2023? Or whenever their
transgression actually took place?
There are many other
protections one can turn on. I will be talking about a specific one that could have related to what happened on
March 24, 2023 in another post.
Happy Git pushing to Github remote!
Client can bypass branch protection with pushed commits #16146: desktop/desktop (Github desktop)