PR Branch Policy
This project enforces pull request branch flow through GitHub Actions workflow:
.github/workflows/pr-branch-policy.yml.
Protected Base Branch Rules
stage -> mainis allowed.hotfix/* -> mainis allowed.dev -> stageis allowed.release/* -> stageis allowed.
Non-Protected Base Branches
Any source branch can target non-protected base branches, for example:
stagedevworkingfeature/*fix/*
Override
Add PR label policy-override to bypass enforcement.
Draft PR Behavior
Draft PRs are marked as warning and are not blocked until marked ready for review.
Enforcement Actions
When policy fails:
- A comment is posted on PR with reason.
- PR author is assigned.
- PR is closed automatically.
- Workflow fails.
Protected Branch Fallback (Without Admin Rulesets)
When hard GitHub branch protection/rulesets are not available, workflow applies post-event rollback controls for:
mainstage
Direct Push Auto-Revert
On push to protected branches:
- If commit is from merged PR (same base branch), push is allowed.
- If actor is
github-actions[bot], push is allowed. - Otherwise push is treated as unauthorized.
- Workflow reverts commit range (
before..after) and pushes revert commit. - Workflow fails after revert so violation remains visible.
Branch Delete Auto-Restore
- Allowed pushes update backup ref:
refs/tags/backup/<branch>/latest. - If protected branch is deleted, workflow recreates branch from backup ref.
- Workflow fails after restore so deletion event is visible.
Limitations
- This is rollback after event, not pre-event hard block.
- Restore works only when backup ref already exists.
- Auto-revert may require manual intervention if git revert conflict occurs.