GitRiver
Navigation
Branch Protection
Branch protection rules, CODEOWNERS, merge queue, signed commits
Branch protection prevents accidental or unauthorized changes to important branches (main, release, production). This section covers how to configure rules, CODEOWNERS, and the merge queue.
Why
Without branch protection, any developer can:
- Push directly to
main, bypassing review - Force push and overwrite history
- Delete a branch
Protection rules solve these problems: push only via pull requests, mandatory review, CI checks.
Creating a Rule
- Open the repository -> “Settings” (gear icon) -> “Branch Protection”
- Click “New Rule”
- Specify the branch pattern - which branches the rule applies to:
main- exact matchrelease/*- all branches likerelease/1.0,release/2.0*- all branches
Available Restrictions
| Setting | What It Does |
|---|---|
| Disallow push | Changes only via pull requests |
| Disallow force push | Cannot overwrite history |
| Disallow deletion | The branch cannot be deleted |
| Required CI checks | Pull request cannot be merged if CI has not passed |
| Required reviews | A specified number of approvals is needed |
| Block on rejected reviews | If someone requested changes - merging is not allowed |
| Require branch to be up to date | The branch must be updated to the target before merging |
| Require signed commits | All commits must be GPG-signed |
Allowlist
For each rule, you can specify users or teams that are allowed to push directly or force push despite the restrictions. This is useful for CI bots or release managers.
CODEOWNERS
CODEOWNERS automatically assigns reviewers for pull requests based on which files were changed.
Setup
Create a CODEOWNERS file in the repository root (or in .gitriver/):
# Go files - review by backend team
*.go @backend-team
# Frontend - review by a specific user
src/frontend/** @alice
# Dockerfile and CI - review by DevOps
Dockerfile @devops-team
.gitriver/** @devops-team
# Everything else - maintainer
* @bobHow It Works
- A developer opens a pull request
- GitRiver determines which files were changed
- Finds the responsible parties via CODEOWNERS
- Automatically assigns them as reviewers
If “Required reviews” is enabled in the branch protection rule - merging is not possible without approval from CODEOWNERS.
Merge Queue
The Problem
Two pull requests are approved and CI-checked. But if the first one is merged - the main branch changes, and the second one may conflict or break CI. You have to re-run CI for each PR manually.
The Solution
The merge queue automates this process:
- The developer clicks “Add to Queue” (instead of “Merge”)
- GitRiver creates a temporary branch where it merges the PR with the current
main - Runs CI on this branch
- If CI passes - merges into
main - The next PR in the queue goes through the same process
Configuration
- Make sure the branch has a protection rule with required CI checks
- The merge queue appears automatically - the “Add to Queue” button in the pull request
- View the queue: the “Merge Queue” tab in the repository
Tags
Tags are used for marking versions and triggering CI.
Creating
- Via git:
git tag v1.0 && git push --tags - Via the interface: the “Tags” tab in the repository -> “Create Tag”
Usage in CI
on:
push:
tags: ['v*']When tag v1.0 is pushed - the workflow will run.
Linking to Releases
A tag can be linked to a release: “Tags” -> select the tag -> “Create Release”. Add a description and binary files.