When using the "mergeable" apply requirement, it's generally understood that this could include security restrictions (approval by code owners, etc). Most likely an org would have a default branch (master) with branch protection applied.
However, if you open up a PR against a different branch (any other branch without branch protection configured), atlantis will happily apply changes to any of your environments with "mergeable" set.
I think ideally we'd also like to be able to define a "required branch" that the PR is opened against as part of the apply requirements.
ghostsquad
commented
4 years ago
From @mwarkentin:
When using the "mergeable" apply requirement, it's generally understood that this could include security restrictions (approval by code owners, etc). Most likely an org would have a default branch (master) with branch protection applied.
However, if you open up a PR against a different branch (any other branch without branch protection configured), atlantis will happily apply changes to any of your environments with "mergeable" set.
I think ideally we'd also like to be able to define a "required branch" that the PR is opened against as part of the apply requirements.