This document describes the recommended branch protection rules for the EchoKit repository.
main BranchmainTest/validate β (file structure + syntax checks)CodeRabbit β (code review bot)Note: Test/smoke is currently skipped in CI (see Issue #4), so itβs not a required check.
git push --force on mainCopy-paste this into GitHubβs branch protection UI:
Branch name pattern: main
βοΈ Require a pull request before merging
βοΈ Require approvals: 1
βοΈ Dismiss stale pull request approvals when new commits are pushed
β Require review from Code Owners
βοΈ Require approval of the most recent reviewable push
β Require conversation resolution before merging (recommended)
βοΈ Require status checks to pass before merging
βοΈ Require branches to be up to date before merging
Status checks that are required:
- Test/validate
- CodeRabbit
β Require signed commits (optional)
βοΈ Require linear history (optional - prevents merge commits)
βοΈ Do not allow bypassing the above settings (recommended)
βοΈ Restrict who can push to matching branches (optional)
Add: github-actions[bot] (for auto-release)
Rules applied to administrators:
βοΈ Include administrators (recommended)
The auto-release.yml workflow needs permission to push tags to main. Configure:
# In .github/workflows/auto-release.yml
permissions:
contents: write # Allows creating tags
If your repository uses GitHubβs new Rulesets feature:
mainProtect main branchmainTest/validate, CodeRabbit)Current Recommendation: Start with Flexible, move to Strict as team grows.
After configuring, verify by:
Last updated: 2026-05-11
Update when: Branch protection requirements change
Note: These are recommendations based on EchoKitβs current workflow. Adjust based on your teamβs needs.