Menu
We have branch policies set up in VSTS to prevent pull requests being merged into master unless a build passes and work items are linked. However, I can't work out how to prevent developers pushing directly to master. Setting the "Contribute" permission to Deny does not allow pull requests to be merged.
All developers should be allowed to merge PRs into master but none should be permitted to push directly to master. Is this possible?
665
Sign in to the Azure DevOps portal, and navigate to the Repos page. Once there, choose Branches and click on the ellipsis icon on the right side of the branch that you want to protect. From the dropdown menu, click on Branch policies.
On Bypass policies when completing pull requests change the option to Allow. The second option for setting bypass security is at the repo level. From your Project settings under Repos select Repositories and then fine the Branches node under the project you want to set the policy for.
To find it go to Settings > Branches > Branch Protection Rules and click 'Add Rule'. Then, enter the name of the branch you want to protect and click the checkbox to require pull request reviews before merging. By default, this only stops people who are not moderators.
Branch policies already do exactly what you're saying. When a branch policy is in place, PRs are required.
Make sure your developers don't have the "Exempt From Policy Enforcement" permission.
200
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
