stack twitter tryhackme rss linkedin cross

Wilco van Esch

Skip to main content

Search results

    Manage merge rights in GitLab

    To prevent all users from being able to push a deployment to a production or acceptance environment, GitLab uses the concept of protected branches.

    Protected branches

    Example of protected branches

    This example means:

    • Everyone with at least Developer permissions can create and/or approve a merge request to the release branch.
    • Only those with at least Maintainer permissions can create and/or approve a merge request to the master branch.

    For more information on roles, see Manage access to GitLab projects.

    Set permissions for an existing protected branch

    1. In GitLab, go to the repo you want to set branch permissions for
    2. Go to Settings -> Repository
    3. Expand the Protected Branches section
    4. Now you can:
      1. Select a different role tier for who is allowed to merge to a certain branch
      2. Select a different role tier for who is allowed to push to a certain branch
      3. Select whether the branch should be protected at all
      4. Select whether a code owner should approve any MR (note that if you were to use this, the code owners have to be configured separately)

    Changing an existing branch to a protected branch

    1. In GitLab, go to the repo you want to create a protected branch for
    2. Go to Settings -> Repository
    3. Expand the Protected Branches section
    4. From the Branch field, select a branch
    5. From the Allowed to merge field, select a Role or Group or User (note: a Group or User could have lower permissions than you’d like) who should be able to merge a merge request into a branch. You’d want this to be as restrictive or more restrictive compared to the Allowed to push field
    6. From the Allowed to push field, select a Role or Group or User (note: a Group or User could have lower permissions than you’d like) who should be able to try to push a merge request to a branch
    7. Disable the Require approval from code owners checkbox (unless you know what you’re doing)
    8. Hit Protect