Branch-protection rules on main
Last verified against GitHub UI as of 2026-04-28.
What this configures
Section titled “What this configures”Branch protection on main is what prevents any change from landing without going through the regulated review flow. Several toggles work together: required PRs, required code-owner approval, dismiss-stale-on-new-commits, required status checks, and a narrowly-scoped bypass list for the auto-stamp App.
This page lists every toggle the BioFlow Pro repo runs main with.
Where the rules live
Section titled “Where the rules live”Settings → Branches → Branch protection rules → main (classic) or Settings → Rules → Rulesets → <ruleset> (newer).
Required toggles
Section titled “Required toggles”| Toggle | Setting | Why |
|---|---|---|
| Require a pull request before merging | ON | All changes must go through PR review |
| Require approvals | ≥ 1 | Standard PR review |
| Dismiss stale pull request approvals when new commits are pushed | ON | If the developer pushes new content after approval, the approval no longer applies — protects against last-minute swaps. This is the rule that makes the auto-stamp REVIEWED_HASH content-binding meaningful at the GitHub level too. |
| Require review from Code Owners | ON | Enforces .github/CODEOWNERS — without this, the file is informational only |
| Require status checks to pass before merging | ON | The PR pipeline jobs must be green before merge |
| Required status checks | All four pr_branch_tests.yml jobs (Dart Tests, Build & Package Installer, System Tests + RTM, Smoke + Benchmarks) | The full regulated CI must succeed |
| Require branches to be up to date before merging | ON | Forces rebase/merge of latest main before merge — prevents stale-base merges |
| Require conversation resolution before merging | ON (recommended) | Pending review comments must be resolved |
| Lock branch | OFF | We need to be able to merge here |
| Do not allow bypassing the above settings | OFF (toggled via bypass list, see below) | We need a narrow bypass for the auto-stamp App |
Bypass list
Section titled “Bypass list”| Actor | Permission |
|---|---|
bioflow-autostamp (App) | Bypass required pull requests (allows direct push to main) |
Only the auto-stamp App is on the bypass list. Generic github-actions[bot] is not — that would grant every workflow in this repo the same bypass, which we explicitly chose against. See the auto-stamp tooling page for the design rationale.
Force-push and deletion
Section titled “Force-push and deletion”| Setting | Value |
|---|---|
| Allow force pushes | OFF |
| Allow deletions | OFF |
Both must remain OFF on main. Force-pushing to main would discard regulated history; deleting main is self-evidently catastrophic.
Why these toggles all matter together
Section titled “Why these toggles all matter together”The regulated property TRACE ALM provides — “every change to a regulated artefact has been approved by a qualified reviewer at this exact content” — depends on all of these working:
- Required PR + required approval: every change goes through review
- Dismiss-stale: approvals can’t outlive the content they approved
- Require code-owner review: the approver is the qualified reviewer, not just anyone with write access
- Required status checks: the post-processor’s
--fail-on-suspectgate has to pass — that’s how unauthorised drift is detected pre-merge - No force-push, no delete: the audit trail is immutable
If any of those toggles is off, the regulated chain has a gap. Periodic verification that all toggles match this page is part of the regulated maintenance procedure.
Verification
Section titled “Verification”To confirm the current settings against this playbook:
gh api repos/Corona-Project-Life/Bioflow-Pro/rules/branches/main \ --jq '.[] | {type, parameters}'Or via the UI: open the branch-protection rule for main and walk through each toggle on this page.
If any drift is detected, fix it via the same admin who set it up originally and update this playbook in the same PR (the playbook self-owns via CODEOWNERS — no playbook drift either).