jaw6
commented
8 years ago We don't typically cover protected branches in GitHub for Everyone -- it's a slightly advanced topic. But I'll due my best to answer your question!
Protected branches (now available both on Enterprise and GitHub.com) has two modes or "stages". At stage 1, the branch cannot be deleted or force-pushed. This protects the history of the selected branch from editing or altering history -- it's primarily useful for folks who need to ensure that there exists an accurate, canonical history of every change made in the project (or, in at least one branch).
At stage 2, in addition to the above, you can also require pull requests must have a "pass" in our Status API. Primarily, this is useful for continuous integration -- a background process watches new pull requests and verifies whether the project builds and/or passes automated tests and signals this back to the pull request.
So, we don't (yet) have an off-the-shelf component that does exactly what you're looking for, but it's possible to set this up with a little bit of lightweight scripting. You'd need a background process that can receive webhooks from GitHub (maybe something on Heroku, Microsoft Azure or Google App Engine) and look for a "sign off" (the specifics might be: a comment in the pull request maybe? from someone on a specific team? or maybe a commit that's been signed with PGP?) and post back to the pull request via the Status API.
mpbangert
GitHub enterprise has the protected branch feature. How can we make it so that one of the people in a group need to “sign off” on a commit before it can be merged?