Skip to content

feat: add gitflow automation and branch protection workflows#5

Merged
PKramek merged 3 commits intodevelopfrom
feat/branch-protection-workflows
Apr 7, 2026
Merged

feat: add gitflow automation and branch protection workflows#5
PKramek merged 3 commits intodevelopfrom
feat/branch-protection-workflows

Conversation

@PKramek
Copy link
Copy Markdown
Owner

@PKramek PKramek commented Apr 7, 2026
edited
Loading

Summary

  • advance-main: workflow_dispatch-triggered workflow that fast-forwards main to develop's HEAD on explicit request. Uses force=false to guard against non-fast-forward updates and verifies SHA parity after advance. Identical commit SHAs on both branches are preserved.
  • source-branch-check: blocks any PR to main unless the source branch is develop or hotfix/*
  • CODEOWNERS: auto-assigns @PKramek as reviewer on all PRs
  • dependabot: weekly github-actions dependency updates grouped into a single PR targeting develop
  • CONTRIBUTING.md: new file covering development setup, branching model, pre-commit hooks, and full maintainer runbook (advance-main, release, hotfix, GHCR visibility)
  • README.md: contributing section trimmed to a 3-line pointer to CONTRIBUTING.md

What was done outside this PR (GitHub API)

  • protect-main ruleset: merge method changed to rebase, RepositoryRole admin bypass actor added (required for the advance-main automation)
  • protect-develop ruleset: re-enabled after syncing develop to main HEAD
  • protect-release-tags ruleset created: protects v* tags from deletion and force-push
  • develop synced to main HEAD
  • Stale branches cleaned up
  • Merge commits disabled at repo level (squash + rebase only)

Gitflow from here

feat/* or fix/*  →  PR (squash) → develop  →  Actions: Advance main  →  git tag v*  →  publish to GHCR
hotfix/*                                    →  PR (rebase) → main     →  git tag v*  →  publish to GHCR

Test plan

  • CI passes on this PR
  • After squash merge to develop, manually trigger Actions → Advance main → Run workflow
  • Verify git log main and git log develop are identical after advance

PKramek added 3 commits April 7, 2026 18:10
@PKramek
feat: add gitflow automation and branch protection workflows
1553cca 
- advance-main: fast-forwards main to develop after CI passes (workflow_run
  trigger); preserves identical SHAs on both branches. Requires RepositoryRole
  admin bypass on the protect-main ruleset.
- source-branch-check: blocks PRs to main unless source is develop or hotfix/*
- CODEOWNERS: auto-assigns PKramek as reviewer on all PRs
- dependabot: weekly github-actions updates grouped into a single PR targeting develop
@PKramek
feat: use workflow_dispatch trigger for advance-main
cd4ec86 
Automated workflow_run would collapse develop and main into a single
effective branch, removing the intentional release-decision gate that
justifies the two-branch gitflow model. Manual dispatch preserves that
gate: main advances only when explicitly triggered, allowing multiple
PRs to accumulate on develop before promotion.

Also sets cancel-in-progress=false: manual triggers should never cancel
each other mid-flight.
@PKramek
docs: add CONTRIBUTING.md and trim README contributing section
52f4ffd 
Moves development setup, branching model, pre-commit hooks, and
maintainer workflows (advance-main, release, hotfix) into a dedicated
CONTRIBUTING.md so GitHub surfaces it as a banner when opening PRs.

README contributing section is replaced with a 3-line pointer.
@PKramek PKramek self-assigned this Apr 7, 2026
@PKramek PKramek merged commit 992e42d into develop Apr 7, 2026
31 checks passed
@PKramek PKramek deleted the feat/branch-protection-workflows branch April 7, 2026 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@PKramek PKramek

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PKramek