Protected branches system

[DblK]

One missing feature from gogs is a way to protect branches like Github does. After the completion of the API implementation, we could easily add application like Drone to check the PR.

The UI need to be changed to add options to protect branches like this:

I suggest to add some columns in table (don't know how many yet) to store those options. The "Merge" button from a PR should be activated is the conditions are not matched.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/38914868-protected-branches-system?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github).

[tboerger]

Please don't prefix the issue with [Feature], that should be done via labels. This is an important feature for an lgtm.co integration, so a big :+1: for that.

[lunny]

I think this need a proposal to describe it.

[bkcsoft]

@lunny Agreed. I've looked into this issue before, and it requires a rewrite of how GitHooks are currently Exposed.

Reference: https://github.com/gogits/gogs/issues/776#issuecomment-238779355

[strk]

@DblK "proposal" proposed process is here https://github.com/go-gitea/proposals/pull/1

[thibaultmeyer]

+1 without protected branches system, Gitea will be not ready for a corporate environment where is not acceptable to ask at each developers to use the "fork and pull request" flow.

[lunny]

Before we can start protected branch, we have to finish the dependent features first:

• [ ] code review, this is based comment on code, but add a flag to disable merge button until the comment author close it.
• [ ] status check system, this is based webhook. and it's a specific webhook. We could define it like github.
• [ ] rebase the PR.

Implement every one feature will not result many commits, so we can do it step by step. Welcome to improve it.

[Ritbit]

+1 desperately in need for this.

[bkcsoft]

@lunny no need for all that, just a simple branch X can't be pushed to would suffice to start with :slightly_smiling_face:

As for status check, that would be fairly simple to implement really (if one does as GitHub API does)

[lunny]

339 is the first part merged for this issue, so let's move it to v1.2.

[ghost]

Only thing stopping us moving to gitea now. We have a company 1k dev strong. Please, I urge the community to focus on this.

[ptman]

@exp10r3r Do you have any golang devs that could help?

[lunny]

@exp10r3r We have #339 merged a simple protected branch system. Of course we need more features.

[ghost]

@ptman Unfortunately, no. More than 50% from NodeJS, 10% php and the rest html/css.

@lunny I know, and I have been following development since you guys forked and personally using it since last 15 days. The issue arose from the fact that I had given the rest of my team write access to the repo and marked master branch as protected. I only want them to be able to push to the feature branch, after which a PR is made and only the person with push rights to master can merge this PR. Imagine my surprise when a dev was merging his own PRs. Obviously it was an oversight on my end, I should have tested this first hand. I'm glad though that force pushes are not allowed, that would have been a nightmare.

Anyways, a good branch protection scheme will go a long way in increasing gitea's value proposition.

[ghost]

Even implementing this would go along a long way.

[svarlamov]

Now that we have protected branches and whitelisting, what would it take to add status checks similar to: https://help.github.com/articles/enabling-required-status-checks/

[lunny]

@svarlamov yes, we need only 1 PR to show the status check on PR UI since all data have been ready.

[lunny]

I think this issue has been resolved.